Etw-Syscall/Etw Syscall/libpeconv-master/run_pe/README.md

Demo: RunPE

This is a demo project using libpeconv.
RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process.

The given implementation works for PE 32bit as well as 64bit.

Supported injections:

If the loader was built as 32 bit:

32 bit payload -> 32 bit target

If the loader was built as 64 bit:

64 bit payload -> 64 bit target
32 bit payload -> 32 bit target

How to use the app:

Supply 2 commandline arguments:

[payload_path] [target_path]

Payload is the PE to be executed impersonating the Target.