admin/Etw-Syscall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a1b66995e4f791ea222d2c444f964368126126d7
Etw-Syscall/Etw Syscall/libpeconv-master/run_pe
History
琴心 a1b66995e4 添加项目文件。
2022-04-26 15:31:46 +08:00
..
CMakeLists.txt
添加项目文件。
2022-04-26 15:31:46 +08:00
main.cpp
添加项目文件。
2022-04-26 15:31:46 +08:00
README.md
添加项目文件。
2022-04-26 15:31:46 +08:00
run_pe.cpp
添加项目文件。
2022-04-26 15:31:46 +08:00
run_pe.h
添加项目文件。
2022-04-26 15:31:46 +08:00

README.md

Demo: RunPE

This is a demo project using libpeconv.
RunPE (aka Process Hollowing) is a well known technique allowing to injecting a new PE into a remote processes, imprersonating this process.

The given implementation works for PE 32bit as well as 64bit.

Supported injections:

If the loader was built as 32 bit:

32 bit payload -> 32 bit target

If the loader was built as 64 bit:

64 bit payload -> 64 bit target
32 bit payload -> 32 bit target

How to use the app:

Supply 2 commandline arguments:

[payload_path] [target_path]

Payload is the PE to be executed impersonating the Target.

Reference in New Issue View Git Blame Copy Permalink