{"id":19242031,"url":"https://github.com/alphaseclab/injection-stuff","last_synced_at":"2026-02-07T13:30:53.467Z","repository":{"id":44892567,"uuid":"266767392","full_name":"alphaSeclab/injection-stuff","owner":"alphaSeclab","description":"PE Injection、DLL Injection、Process Injection、Thread Injection、Code Injection、Shellcode Injection、ELF Injection、Dylib Injection, including 400+Tools and 350+posts","archived":false,"fork":false,"pushed_at":"2020-05-25T12:01:06.000Z","size":77,"stargazers_count":537,"open_issues_count":0,"forks_count":146,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-07-28T19:36:17.137Z","etag":null,"topics":["code-injection","dll-injection","dylib-injection","elf-injection","pe-injection","process-injection","shellcode-injection","thread-injection"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphaSeclab.png","metadata":{"files":{"readme":"Readme.md","changelog":"history/Injection_20200525195635.json","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-05-25T11:58:01.000Z","updated_at":"2025-07-24T12:15:35.000Z","dependencies_parsed_at":"2022-08-19T19:31:23.104Z","dependency_job_id":null,"html_url":"https://github.com/alphaSeclab/injection-stuff","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alphaSeclab/injection-stuff","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Finjection-stuff","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Finjection-stuff/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Finjection-stuff/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Finjection-stuff/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphaSeclab","download_url":"https://codeload.github.com/alphaSeclab/injection-stuff/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphaSeclab%2Finjection-stuff/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29195034,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-07T12:38:28.597Z","status":"ssl_error","status_checked_at":"2026-02-07T12:38:23.888Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-injection","dll-injection","dylib-injection","elf-injection","pe-injection","process-injection","shellcode-injection","thread-injection"],"created_at":"2024-11-09T17:13:15.397Z","updated_at":"2026-02-07T13:30:53.447Z","avatar_url":"https://github.com/alphaSeclab.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)\n\n\n\n\n# Injection\n\n\n- PE注入、DLL注入、进程注入、线程注入、代码注入、Shellcode注入、ELF注入、Dylib注入，当前包括400+工具和350+文章，根据功能进行了粗糙的分类\n- [English Version](https://github.com/alphaSeclab/injection-stuff/blob/master/Readme_en.md)\n\n\n# 目录\n- [PE注入](#81a3947baa3f99adaf73a8f9766e48fa) -\u003e  [(9)工具](#2642c767c5d89e80c90310fb74e6edb3) [(6)文章](#f7498d4f9350180b46ad63bedae4ea1b)\n- [DLL注入](#4df0a2fb37f3cafbdaef103e982a1b0a)\n    - [(1) 集合](#4ba9c31b7264396cd7666e6b4a29b3dd)\n    - [(70) 工具](#f7a55b191aab1cb7a57fe44d94b54e1c)\n    - [(92) 文章](#f69bdae6414fe41f7b2ff0a5ae646e0e)\n- [进程注入](#97ceb80739f1d2efce08baaf98dce0fc) -\u003e  [(48)工具](#5ed3d284b106ffdc141f447f59326b00) [(92)文章](#78df9ff3771ac1e9d9dff3eba0055d25)\n- [线程注入](#3b2252d379d384475de4654bd5d0b368) -\u003e  [(1)工具](#9ff33dd10584407a654590a7cf18c6f0) [(9)文章](#a7433a31e0f33f936d15d6ad61437bc6)\n- [代码注入](#02a1807b6a7131af27e3ed1002e7335a) -\u003e  [(47)工具](#303ed79296c5af9c74cfd49dd31a399e) [(143)文章](#5e603e03f62d50e6fa8310e15470f233)\n- [Shellcode注入](#a5458e6ee001b754816237b9a2108569) -\u003e  [(13)工具](#28e1b534eae8d37d8fc1d212f0db0263) [(26)文章](#c6942bb5275f5b62a41238c6042b2b81)\n- [ELF注入](#3584002eaa30b92479c1e1c2fc6ce4ef) -\u003e  [(7)工具](#b423b830472372349203f88cf64c6814) [(8)文章](#0a853f9e3f9ccb0663007d3a508ce02b)\n- [Dylib注入](#108c798de24e7ce6fde0cafe99eec5b3) -\u003e  [(5)工具](#12df48702564d73c275c72133546d73e) [(1)文章](#0af1332c6476d1a8f98046542e925282)\n- [Android](#06fc9c584b797f97731e3c49886dcc08) -\u003e  [(21)工具](#4c02a0ba65fa4f582ec590ce1e070822) [(10)文章](#9ff27f3143a5c619b554185069ecffb0)\n- [其他](#4ffa5c3eb1f3b85e4c38f6863f5b76b2) -\u003e  [(190)工具](#fd5f8ada2d4f47c63c3635427873c79c) [(2)文章](#7004b87c5ab514b352dd7cc91acdd17b)\n\n\n# \u003ca id=\"81a3947baa3f99adaf73a8f9766e48fa\"\u003e\u003c/a\u003ePE注入\n\n\n***\n\n\n## \u003ca id=\"2642c767c5d89e80c90310fb74e6edb3\"\u003e\u003c/a\u003e工具\n\n\n- [**535**星][20d] [C] [jondonym/peinjector](https://github.com/jondonym/peinjector) peinjector - MITM PE file infector\n- [**407**星][5m] [Assembly] [hasherezade/pe_to_shellcode](https://github.com/hasherezade/pe_to_shellcode) 将PE文件转换为Shellcode\n- [**230**星][3y] [C++] [secrary/infectpe](https://github.com/secrary/infectpe) Inject custom code into PE file [This project is not maintained anymore]\n- [**220**星][2y] [C++] [bromiumlabs/packerattacker](https://github.com/bromiumlabs/packerattacker) C++ application that uses memory and code hooks to detect packers\n- [**196**星][30d] [Py] [antonin-deniau/cave_miner](https://github.com/antonin-deniau/cave_miner) Search for code cave in all binaries\n- [**126**星][3y] [C++] [gpoulios/ropinjector](https://github.com/gpoulios/ropinjector) 将ROP编码的shellcode打补丁到PE文件中\n- [**119**星][16d] [C] [hasherezade/chimera_pe](https://github.com/hasherezade/chimera_pe) ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side\n- [**119**星][16d] [C] [hasherezade/chimera_pe](https://github.com/hasherezade/chimera_pe) 一种PE注入器类型-可替代:RunPE、ReflectiveLoader等)-用于手动加载EXE的模板，加载时导入有效负载端\n- [**18**星][2y] [Py] [ohjeongwook/srdi](https://github.com/ohjeongwook/srdi) \n\n\n***\n\n\n## \u003ca id=\"f7498d4f9350180b46ad63bedae4ea1b\"\u003e\u003c/a\u003e文章\n\n\n- 2019.01 [fuzzysecurity] [Powershell PE Injection: This is not the Calc you are looking for!](http://fuzzysecurity.com/tutorials/20.html)\n- 2018.09 [andreafortuna] [Some thoughts about PE Injection](https://www.andreafortuna.org/dfir/some-thoughts-about-pe-injection/)\n- 2015.09 [n0where] [MITM PE file infector: PEInjector](https://n0where.net/mitm-pe-file-infector-peinjector)\n- 2014.04 [sevagas] [PE injection explained](https://blog.sevagas.com/?PE-injection-explained)\n- 2011.10 [pediy] [[原创]感染PE增加导入项实现注入](https://bbs.pediy.com/thread-141950.htm)\n- 2011.04 [codereversing] [Writing a File Infector/Encrypter: PE File Modification/Section Injection (2/4)](http://www.codereversing.com/blog/archives/92)\n\n\n# \u003ca id=\"4df0a2fb37f3cafbdaef103e982a1b0a\"\u003e\u003c/a\u003eDLL注入\n\n\n***\n\n\n## \u003ca id=\"4ba9c31b7264396cd7666e6b4a29b3dd\"\u003e\u003c/a\u003e集合\n\n\n- [**85**星][3y] [C++] [benjaminsoelberg/reflectivepeloader](https://github.com/benjaminsoelberg/reflectivepeloader) Reflective PE loader for DLL injection\n\n\n***\n\n\n## \u003ca id=\"f7a55b191aab1cb7a57fe44d94b54e1c\"\u003e\u003c/a\u003e工具\n\n\n- [**1121**星][7y] [C] [stephenfewer/reflectivedllinjection](https://github.com/stephenfewer/reflectivedllinjection) 反射DLL注入：一种库注入技术，其中使用反射编程的概念来执行库从内存到主机进程的加载\n- [**1093**星][11d] [C] [fdiskyou/injectallthethings](https://github.com/fdiskyou/injectallthethings) 实现了多个DLL注入技术的单Visual Studio项目\n- [**747**星][10m] [C++] [darthton/xenos](https://github.com/darthton/xenos) Windows DLL 注入器\n- [**635**星][7m] [PS] [monoxgas/srdi](https://github.com/monoxgas/srdi) Shellcode实现的反射DLL注入。将DLL转换为位置无关的Shellcode\n- [**489**星][4m] [C#] [akaion/bleak](https://github.com/akaion/bleak) Windows原生DLL注入库，支持多种注入方法\n- [**385**星][14d] [C++] [opensecurityresearch/dllinjector](https://github.com/opensecurityresearch/dllinjector) 实现各种方法的dll注入工具\n- [**382**星][13d] [C] [wbenny/injdrv](https://github.com/wbenny/injdrv) 使用APC将DLL注入用户模式进程的Windows驱动程序\n- [**277**星][2y] [C++] [gellin/teamviewer_permissions_hook_v1](https://github.com/gellin/teamviewer_permissions_hook_v1) 可注入的c++ dll，它使用裸内联连接和直接内存修改来更改您的TeamViewer权限\n- [**268**星][3y] [C++] [professor-plum/reflective-driver-loader](https://github.com/professor-plum/reflective-driver-loader) 反射内核驱动注入，一种基于反射DLL注入的注入技术，绕过Windows驱动强制签名\n- [**227**星][10d] [C++] [wunkolo/uwpdumper](https://github.com/wunkolo/uwpdumper) DLL和注入器，用于在运行时转储UWP应用程序，以绕过加密的文件系统保护\n- [**197**星][2y] [C] [sud01oo/processinjection](https://github.com/sud01oo/ProcessInjection) 一些进程注入方法的实现及分析\n- [**190**星][10d] [C++] [hzphreak/vminjector](https://github.com/hzphreak/VMInjector) 使用直接内存操作来绕过在VMware Workstation / Player上运行的主要操作系统的OS登录身份验证屏幕\n- [**185**星][19d] [C++] [jonatan1024/clrinject](https://github.com/jonatan1024/clrinject) 将 C＃EXE 或 DLL 程序集注入任意CLR 运行时或者其他进程的 AppDomain\n- [**178**星][1m] [Py] [infodox/python-dll-injection](https://github.com/infodox/python-dll-injection) Python工具包，用于将DLL文件注入到Windows上运行的进程中\n- [**177**星][11m] [C++] [strivexjun/driverinjectdll](https://github.com/strivexjun/driverinjectdll) 使用驱动全局注入dll，可以隐藏dll模块\n- [**146**星][4y] [C] [dismantl/improvedreflectivedllinjection](https://github.com/dismantl/improvedreflectivedllinjection) 原反射DLL注入技巧的升级版：使用bootstrap shell代码(x86或x64)，从反射加载器调用DLL的任何导出\n- [**113**星][2m] [C] [rsmusllp/syringe](https://github.com/rsmusllp/syringe) 一个通用的DLL和代码注入工具\n- [**110**星][7y] [C++] [abhisek/pe-loader-sample](https://github.com/abhisek/pe-loader-sample) 基于反射DLL注入技术的内存PE加载器\n- [**87**星][2m] [C] [countercept/doublepulsar-usermode-injector](https://github.com/countercept/doublepulsar-usermode-injector) 使用 DOUBLEPULSAR payload 用户模式的 Shellcode 向其他进程注入任意 DLL\n- [**86**星][3y] [C] [zerosum0x0/threadcontinue](https://github.com/zerosum0x0/threadcontinue) 使用SetThreadContext()和NtContinue()的反射DLL注入\n- [**82**星][6m] [C++] [nefarius/injector](https://github.com/nefarius/injector) Command line utility to inject and eject DLLs\n- [**73**星][4m] [C] [danielkrupinski/memject](https://github.com/danielkrupinski/memject) Simple Dll injector loading from memory. Supports PE header and entry point erasure. Written in C99.\n- [**62**星][15d] [Py] [psychomario/pyinject](https://github.com/psychomario/pyinject) 一个python模块，帮助将shellcode/ dll注入到windows进程中\n- [**61**星][3y] [C] [arvanaghi/windows-dll-injector](https://github.com/arvanaghi/windows-dll-injector) 一个基本的Windows DLL注入器在C使用CreateRemoteThread和LoadLibrary\n- [**59**星][3y] [C++] [azerg/remote_dll_injector](https://github.com/azerg/remote_dll_injector) Stealth DLL injector\n- [**56**星][1y] [C] [rapid7/reflectivedllinjection](https://github.com/rapid7/reflectivedllinjection) 一种库注入技术，其中使用反射编程的概念将库从内存加载到主机进程中。\n- [**53**星][5m] [C] [adrianyy/keinject](https://github.com/adrianyy/keinject) Kernel LdrLoadDll injector\n- [**52**星][5m] [C] [nccgroup/ncloader](https://github.com/nccgroup/ncloader) A session-0 capable dll injection utility\n- [**52**星][3y] [C++] [zer0mem0ry/standardinjection](https://github.com/zer0mem0ry/standardinjection) A simple Dll Injection demonstration\n- [**51**星][19d] [C++] [papadp/reflective-injection-detection](https://github.com/papadp/reflective-injection-detection) a program to detect reflective dll injection on a live machine\n- [**50**星][1y] [C] [realoriginal/reflective-rewrite](https://github.com/realoriginal/reflective-rewrite) Attempt to rewrite StephenFewers Reflective DLL Injection to make it a little more stealthy. Some code taken from Meterpreter \u0026 sRDI. Currently a work in progress.\n- [**49**星][3y] [C++] [zodiacon/dllinjectionwiththreadcontext](https://github.com/zodiacon/dllinjectionwiththreadcontext) This is a sample that shows how to leverage SetThreadContext for DLL injection\n- [**42**星][3y] [C++] [zer0mem0ry/manualmap](https://github.com/zer0mem0ry/manualmap) A Simple demonstration of manual dll injector\n- [**38**星][26d] [C++] [rolfrolles/wbdeshook](https://github.com/rolfrolles/wbdeshook) DLL-injection based solution to Brecht Wyseur's wbDES challenge (based on SysK's Phrack article)\n- [**38**星][2m] [Assembly] [danielkrupinski/inflame](https://github.com/danielkrupinski/inflame) User-mode Windows DLL injector written in Assembly language (FASM syntax) with WinAPI.\n- [**37**星][4m] [C++] [nanoric/pkn](https://github.com/nanoric/pkn) pkn game hacking项目核心：进程管理、内存管理和DLL注入\n- [**36**星][7m] [C++] [blole/injectory](https://github.com/blole/injectory) command-line interface dll injector\n- [**33**星][3m] [C++] [notscimmy/libinject](https://github.com/notscimmy/libinject) Currently supports injecting signed/unsigned DLLs in 64-bit processes\n- [**31**星][4m] [Py] [fullshade/poppopret-nullbyte-dll-bypass](https://github.com/fullshade/poppopret-nullbyte-dll-bypass) 绕过一个空字节在一个popp - popp - retn地址为利用本地SEH溢出通过DLL注入的方法\n- [**30**星][6m] [C++] [psmitty7373/eif](https://github.com/psmitty7373/eif) Evil Reflective DLL Injection Finder\n- [**29**星][4m] [C++] [m-r-j-o-h-n/swh-injector](https://github.com/m-r-j-o-h-n/swh-injector) An Injector that can inject dll into game process protected by anti cheat using SetWindowsHookEx.\n- [**29**星][4y] [C++] [stormshield/beholder-win32](https://github.com/stormshield/beholder-win32) A sample on how to inject a DLL from a kernel driver\n- [**28**星][4m] [Py] [fullshade/py-memject](https://github.com/fullshade/py-memject) A Windows .DLL injector written in Python\n- [**27**星][6m] [HTML] [flyrabbit/winproject](https://github.com/flyrabbit/winproject) Hook, DLLInject, PE_Tool\n- [**27**星][4m] [C] [ice3man543/zeusinjector](https://github.com/ice3man543/zeusinjector) An Open Source Windows DLL Injector With All Known Techniques Available\n- [**27**星][5y] [C] [olsut/kinject-x64](https://github.com/olsut/kinject-x64) Kinject - kernel dll injector, currently available in x86 version, will be updated to x64 soon.\n- [**27**星][5m] [C] [sqdwr/loadimageinject](https://github.com/sqdwr/loadimageinject) LoadImage Routine Inject Dll\n- [**25**星][1y] [C#] [enkomio/managedinjector](https://github.com/enkomio/managedinjector) A C# DLL injection library\n- [**25**星][6y] [C] [whyallyn/paythepony](https://github.com/whyallyn/paythepony) 使用反射DLL注入库注入到远程进程，加密和要求文件的赎金，并造成我的小马疯狂的系统。\n- [**24**星][2m] [C#] [tmthrgd/dll-injector](https://github.com/tmthrgd/dll-injector) Inject and detour DLLs and program functions both managed and unmanaged in other programs, written (almost) purely in C#. [Not maintained].\n- [**21**星][3y] [C] [al-homedawy/injector](https://github.com/al-homedawy/injector) A Windows driver used to facilitate DLL injection\n- [**21**星][5y] [C] [nyx0/dll-inj3cti0n](https://github.com/nyx0/dll-inj3cti0n) Another dll injection tool.\n- [**21**星][29d] [C++] [coreyauger/slimhook](https://github.com/coreyauger/slimhook) Demonstration of dll injection. As well loading .net runtime and calling .net code. Example hijacking d3d9 dll and altering rendering of games.\n- [**17**星][12m] [C] [strobejb/injdll](https://github.com/strobejb/injdll) DLL Injection commandline utility\n- [**17**星][5m] [C#] [cameronaavik/ilject](https://github.com/cameronaavik/ilject) Provides a way which you can load a .NET dll/exe from disk, modify/inject IL, and then run the assembly all in memory without modifying the file.\n- [**15**星][2y] [C] [ntraiseharderror/phage](https://github.com/ntraiseharderror/phage) Reflective DLL Injection style process infector\n- [**15**星][3y] [C] [portcullislabs/wxpolicyenforcer](https://github.com/portcullislabs/wxpolicyenforcer) Injectable Windows DLL which enforces a W^X memory policy on a process\n- [**14**星][4m] [C#] [ulysseswu/vinjex](https://github.com/ulysseswu/vinjex) A simple DLL injection lib using Easyhook, inspired by VInj.\n- [**13**星][1y] [C++] [matrix86/wincodeinjection](https://github.com/matrix86/wincodeinjection) Dll Injection and Code injection sample\n- [**13**星][4y] [C++] [spl0i7/dllinject](https://github.com/spl0i7/dllinject) Mineweeper bot by DLL Injection\n- [**12**星][4m] [C++] [sherazibrahim/dll-injector](https://github.com/sherazibrahim/dll-injector) 一个dll注入器\n- [**11**星][9m] [C#] [ihack4falafel/dll-injection](https://github.com/ihack4falafel/dll-injection) C# program that takes process id and path to DLL payload to perform DLL injection method.\n- [**9**星][18d] [C++] [pfussell/pivotal](https://github.com/pfussell/pivotal) A MITM proxy server for reflective DLL injection through WinINet\n- [**9**星][9m] [C] [userexistserror/injectdll](https://github.com/userexistserror/injectdll) Inject a Dll from memory\n- [**9**星][1y] [Assembly] [dentrax/dll-injection-with-assembly](https://github.com/dentrax/dll-injection-with-assembly) DLL Injection to Exe with Assembly using OllyDbg\n- [**7**星][1y] [C] [haidragon/newinjectdrv](https://github.com/haidragon/newinjectdrv) APC注入DLL内核层\n- [**6**星][2y] [thesph1nx/covenant](https://github.com/thesph1nx/covenant) Metepreter clone - DLL Injection Backdoor\n- [**5**星][5y] [C++] [ciantic/remotethreader](https://github.com/ciantic/remotethreader) Helps you to inject your dll in another process\n- [**5**星][4m] [C++] [reclassnet/reclass.net-memorypipeplugin](https://github.com/reclassnet/reclass.net-memorypipeplugin) A ReClass.NET plugin which allows direct memory access via dll injection.\n- [**1**星][1y] [PS] [getrektboy724/maldll](https://github.com/getrektboy724/maldll) A bunch of malicius dll to inject to a process\n\n\n***\n\n\n## \u003ca id=\"f69bdae6414fe41f7b2ff0a5ae646e0e\"\u003e\u003c/a\u003e文章\n\n\n- 2020.02 [0x00sec] [DLL injections (safety)](https://0x00sec.org/t/dll-injections-safety/19496)\n- 2019.08 [tyranidslair] [Windows Code Injection: Bypassing CIG Through KnownDlls](https://www.tiraniddo.dev/2019/08/windows-code-injection-bypassing-cig.html)\n- 2019.08 [tyranidslair] [Windows Code Injection: Bypassing CIG Through KnownDlls](https://tyranidslair.blogspot.com/2019/08/windows-code-injection-bypassing-cig.html)\n- 2019.03 [code610] [DLL Injection - part 2](https://code610.blogspot.com/2019/03/dll-injection-part-2.html)\n- 2018.10 [pediy] [[原创]代替创建用户线程使用ShellCode注入DLL的小技巧](https://bbs.pediy.com/thread-247515.htm)\n- 2018.10 [4hou] [如何利用DLL注入绕过Win10勒索软件保护](http://www.4hou.com/technology/13923.html)\n- 2018.10 [0x00sec] [Reflective Dll Injection - Any Way to check If a process is already injected?](https://0x00sec.org/t/reflective-dll-injection-any-way-to-check-if-a-process-is-already-injected/8980/)\n- 2018.09 [pediy] [[原创]win10_arm64 驱动注入dll 到 arm32程序](https://bbs.pediy.com/thread-247032.htm)\n- 2018.09 [code610] [DLL Injection - part 1](https://code610.blogspot.com/2018/09/dll-injection-part-1.html)\n- 2018.08 [freebuf] [sRDI：一款通过Shellcode实现反射型DLL注入的强大工具](http://www.freebuf.com/sectool/181426.html)\n- 2018.08 [vkremez] [Let's Learn: Dissecting Panda Banker \u0026 Modules: Webinject, Grabber \u0026 Keylogger DLL Modules](https://www.vkremez.com/2018/08/lets-learn-dissecting-panda-banker.html)\n- 2018.07 [4hou] [注入系列——DLL注入](http://www.4hou.com/technology/12703.html)\n- 2018.06 [0x00sec] [Reflective DLL Injection - AV detects at runtime](https://0x00sec.org/t/reflective-dll-injection-av-detects-at-runtime/7307/)\n- 2018.06 [qq] [【游戏漏洞】注入DLL显示游戏窗口](http://gslab.qq.com/article-508-1.html)\n- 2018.06 [pediy] [[原创]远程注入之dll模块深度隐藏](https://bbs.pediy.com/thread-228710.htm)\n- 2018.02 [pediy] [[求助]内存dll的远程线程注入，如何使用MemoryModule开源库？](https://bbs.pediy.com/thread-224489.htm)\n- 2017.12 [secist] [Mavinject | Dll Injected](http://www.secist.com/archives/5912.html)\n- 2017.12 [secvul] [SSM终结dll注入](https://secvul.com/topics/951.html)\n- 2017.10 [nsfocus] [【干货分享】Sandbox技术之DLL注入](http://blog.nsfocus.net/sandbox-technology-dll-injection/)\n- 2017.10 [freebuf] [DLL注入新姿势：反射式DLL注入研究](http://www.freebuf.com/articles/system/151161.html)\n- 2017.10 [pediy] [[原创]通过Wannacry分析内核shellcode注入dll技术](https://bbs.pediy.com/thread-221756.htm)\n- 2017.09 [360] [利用DLL延迟加载实现远程代码注入](https://www.anquanke.com/post/id/86919/)\n- 2017.09 [360] [Dll注入新姿势：SetThreadContext注入](https://www.anquanke.com/post/id/86786/)\n- 2017.08 [silentbreaksecurity] [sRDI – Shellcode Reflective DLL Injection](https://silentbreaksecurity.com/srdi-shellcode-reflective-dll-injection/)\n- 2017.08 [360] [DLL注入那些事](https://www.anquanke.com/post/id/86671/)\n- 2017.08 [freebuf] [系统安全攻防战：DLL注入技术详解](http://www.freebuf.com/articles/system/143640.html)\n- 2017.08 [pediy] [[翻译]多种DLL注入技术原理介绍](https://bbs.pediy.com/thread-220405.htm)\n- 2017.07 [0x00sec] [Reflective DLL Injection](https://0x00sec.org/t/reflective-dll-injection/3080/)\n- 2017.07 [zerosum0x0] [利用 SetThreadContext() 和 NtContinue() 实现反射 DLL 加载](https://zerosum0x0.blogspot.com/2017/07/threadcontinue-reflective-injection.html)\n- 2017.07 [zerosum0x0] [Proposed Windows 10 EAF/EMET \"Bypass\" for Reflective DLL Injection](https://zerosum0x0.blogspot.com/2017/06/proposed-eafemet-bypass-for-reflective.html)\n- 2017.05 [360] [NSA武器库：DOUBLEPULSAR的内核DLL注入技术](https://www.anquanke.com/post/id/86137/)\n- 2017.05 [lallouslab] [7 DLL injection techniques in Microsoft Windows](http://lallouslab.net/2017/05/15/7-dll-injection-techniques-in-the-microsoft-windows/)\n- 2017.05 [3or] [mimilib DHCP Server Callout DLL injection](https://blog.3or.de/mimilib-dhcp-server-callout-dll-injection.html)\n- 2017.05 [3or] [Hunting DNS Server Level Plugin dll injection](https://blog.3or.de/hunting-dns-server-level-plugin-dll-injection.html)\n- 2017.04 [arvanaghi] [DLL Injection Using LoadLibrary in C](https://arvanaghi.com/blog/dll-injection-using-loadlibrary-in-C/)\n- 2017.04 [4hou] [通过APC实现Dll注入——绕过Sysmon监控](http://www.4hou.com/technology/4393.html)\n- 2017.04 [bogner] [CVE-2017-3511: Code Injection through DLL Sideloading in 64bit Oracle Java](https://bogner.sh/2017/04/cve-2017-3511-code-injection-through-dll-sideloading-in-64bit-oracle-java/)\n- 2017.04 [countercept] [Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique](https://countercept.com/blog/analyzing-the-doublepulsar-kernel-dll-injection-technique/)\n- 2017.04 [countercept] [NSA武器库：DOUBLEPULSAR的内核DLL注入技术](https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/)\n- 2017.04 [3gstudent] [通过APC实现Dll注入——绕过Sysmon监控](https://3gstudent.github.io/3gstudent.github.io/%E9%80%9A%E8%BF%87APC%E5%AE%9E%E7%8E%B0Dll%E6%B3%A8%E5%85%A5-%E7%BB%95%E8%BF%87Sysmon%E7%9B%91%E6%8E%A7/)\n- 2017.04 [pentestlab] [DLL Injection](https://pentestlab.blog/2017/04/04/dll-injection/)\n- 2017.03 [pediy] [[原创]不用导出任何函数的DLL劫持注入,完美!](https://bbs.pediy.com/thread-216348.htm)\n- 2016.06 [lowleveldesign] [!injectdll – a remote thread approach](https://lowleveldesign.org/2016/06/27/injectdll-a-remote-thread-approach/)\n- 2016.06 [lowleveldesign] [!injectdll – a WinDbg extension for DLL injection](https://lowleveldesign.org/2016/06/22/injectdll-a-windbg-extension-for-dll-injection/)\n- 2016.04 [ketansingh] [Hacking games with DLL Injection](https://ketansingh.net/hacking-games-with-dll-injection/)\n- 2016.02 [freebuf] [通过 DLL 注入和代码修改绕过 XIGNCODE3 的反作弊保护](http://www.freebuf.com/articles/terminal/96741.html)\n- 2016.01 [freebuf] [DLL注入的几种姿势（二）：CreateRemoteThread And More](http://www.freebuf.com/articles/system/94693.html)\n- 2016.01 [freebuf] [DLL注入的几种姿势（一）：Windows Hooks](http://www.freebuf.com/articles/system/93413.html)\n- 2015.11 [modexp] [DLL/PIC Injection on Windows from Wow64 process](https://modexp.wordpress.com/2015/11/19/dllpic-injection-on-windows-from-wow64-process/)\n- 2015.09 [pediy] [[原创]c++ 载入内存中dll ,以及内存注入 (已开源)](https://bbs.pediy.com/thread-203894.htm)\n- 2015.08 [rapid7] [Using Reflective DLL Injection to exploit IE Elevation Policies](https://blog.rapid7.com/2015/08/28/using-reflective-dll-injection-to-exploit-ie-elevation-policies/)\n- 2015.07 [pediy] [[原创]今天写了个apc注入dll代码，可以当工具使用](https://bbs.pediy.com/thread-202078.htm)\n- 2015.05 [codereversing] [Debugging Injected DLLs](http://www.codereversing.com/blog/archives/219)\n- 2015.05 [WarrantyVoider] [DAI dll injection test - successfull](https://www.youtube.com/watch?v=hYU_W1gRtZE)\n- 2015.04 [securestate] [DLL Injection Part 2: CreateRemoteThread and More](https://warroom.securestate.com/dll-injection-part-2-createremotethread-and-more/)\n- 2015.03 [securestate] [DLL Injection Part 1: SetWindowsHookEx](https://warroom.rsmus.com/dll-injection-part-1-setwindowshookex/)\n- 2015.03 [securestate] [DLL Injection Part 0: Understanding DLL Usage](https://warroom.rsmus.com/dll-injection-part-0-understanding-dll-usage/)\n- 2014.10 [codingvision] [C# Inject a Dll into a Process (w/ CreateRemoteThread)](http://codingvision.net/miscellaneous/c-inject-a-dll-into-a-process-w-createremotethread)\n- 2014.04 [pediy] [[分享]重读老文章：DLL注入的又一个梗](https://bbs.pediy.com/thread-186778.htm)\n- 2014.04 [pediy] [[分享]老文章系列：APC注入DLL的梗](https://bbs.pediy.com/thread-186631.htm)\n- 2014.03 [trustwave] [Old School Code Injection in an ATM .dll](https://www.trustwave.com/Resources/SpiderLabs-Blog/Old-School-Code-Injection-in-an-ATM--dll/)\n- 2014.01 [osandamalith] [Ophcrack Path Subversion Arbitrary DLL Injection Code Execution](https://osandamalith.com/2014/01/18/ophcrack-path-subversion-arbitrary-dll-injection-code-execution/)\n- 2013.12 [pediy] [[原创]DLL自卸载无模块注入源码(一)](https://bbs.pediy.com/thread-182069.htm)\n- 2013.09 [debasish] [Inline API Hooking using DLL Injection](http://www.debasish.in/2013/09/inline-api-hooking-using-dll-injection.html)\n- 2013.09 [freebuf] [对国内各种安全卫士产品的一种通用虐杀、DLL注入、本地代码执行的方法](http://www.freebuf.com/vuls/12597.html)\n- 2013.08 [pediy] [[原创]重温远程注入-------无dll](https://bbs.pediy.com/thread-176702.htm)\n- 2013.06 [msreverseengineering] [What is DLL Injection and How is it used for Reverse Engineering?](http://www.msreverseengineering.com/blog/2014/6/23/what-is-dll-injection-and-how-is-it-used-for-reverse-engineering)\n- 2013.05 [pediy] [[原创]关于dll注入方法](https://bbs.pediy.com/thread-171190.htm)\n- 2013.03 [pediy] [[原创]DLL注入之远线程方式](https://bbs.pediy.com/thread-167175.htm)\n- 2013.02 [pediy] [[原创]易语言静态编译的DLL注入到其他语言写的EXE中后的完美卸载](https://bbs.pediy.com/thread-162742.htm)\n- 2012.10 [octopuslabs] [DLL Injection – A Splash Bitmap](http://octopuslabs.io/legend/blog/archives/1785)\n- 2012.09 [debasish] [KeyLogging through DLL Injection[The Simplest Way]](http://www.debasish.in/2012/09/keylogging-through-dll-injectionthe.html)\n- 2012.09 [volatility] [MoVP 2.1 Atoms (The New Mutex), Classes and DLL Injection](https://volatility-labs.blogspot.com/2012/09/movp-21-atoms-new-mutex-classes-and-dll.html)\n- 2012.06 [freebuf] [[更新]一款非常不错的dll注入器 – RemoteDLL V2](http://www.freebuf.com/sectool/3970.html)\n- 2012.05 [brindi] [DLL and Code Injection in Python](http://brindi.si/g/blog/dll-and-code-injection-in-python.html)\n- 2011.11 [pediy] [[原创]滴水逆向学习收获1-双进程无dll注入（1楼，17楼，21楼，27楼，30楼，33楼）[已更新至33楼]](https://bbs.pediy.com/thread-142554.htm)\n- 2011.06 [pediy] [[原创]利用钩子函数来注入DLL的一个具体应用：点击桌面不同图标，播放相应音符](https://bbs.pediy.com/thread-136144.htm)\n- 2011.01 [pediy] [[原创]进程管理dll注入综合小工具[附源码]](https://bbs.pediy.com/thread-127924.htm)\n- 2010.12 [pediy] [[原创]Ring3下劫持CreateProcess注入dll](https://bbs.pediy.com/thread-126226.htm)\n- 2010.01 [pediy] [[原创]dll注入辅助工具[带源码]](https://bbs.pediy.com/thread-104642.htm)\n- 2009.08 [pediy] [[原创]最简单的DLL注入](https://bbs.pediy.com/thread-94799.htm)\n- 2009.07 [pediy] [[原创]注入DLL之ANSI版--改自Jeffrey的《windows核心编程》](https://bbs.pediy.com/thread-92631.htm)\n- 2009.04 [pediy] [不需要依赖dllmain触发的CE注入代码](https://bbs.pediy.com/thread-85899.htm)\n- 2008.12 [pediy] [[原创][代程]远程线程详解(一):无DLL远程线程注入](https://bbs.pediy.com/thread-78032.htm)\n- 2008.11 [sans] [Finding stealth injected DLLs](https://isc.sans.edu/forums/diary/Finding+stealth+injected+DLLs/5356/)\n- 2008.11 [pediy] [[原创]N种内核注入DLL的思路及实现](https://bbs.pediy.com/thread-75887.htm)\n- 2008.10 [pediy] [[原创]IAT HOOK 代码注入非DLL](https://bbs.pediy.com/thread-74569.htm)\n- 2008.03 [pediy] [[献丑]Win32汇编实现DLL的远程注入及卸载](https://bbs.pediy.com/thread-60763.htm)\n- 2007.12 [pediy] [[原创]QueueUserApc实现DLL注入](https://bbs.pediy.com/thread-56071.htm)\n- 2006.11 [pediy] [再谈Dll注入NetTransport 2.25.337[原创]](https://bbs.pediy.com/thread-35556.htm)\n- 2006.10 [pediy] [[原创]Dll注入NetTransport 2.25.337](https://bbs.pediy.com/thread-34096.htm)\n- 2005.08 [pediy] [ApiHook，InjectDll 单元及其应用 [Delphi代码]](https://bbs.pediy.com/thread-16088.htm)\n\n\n# \u003ca id=\"97ceb80739f1d2efce08baaf98dce0fc\"\u003e\u003c/a\u003e进程注入\n\n\n***\n\n\n## \u003ca id=\"5ed3d284b106ffdc141f447f59326b00\"\u003e\u003c/a\u003e工具\n\n\n- [**2389**星][10d] [Py] [lmacken/pyrasite](https://github.com/lmacken/pyrasite) 向运行中的 Python进程注入代码\n- [**1568**星][17d] [Py] [google/pyringe](https://github.com/google/pyringe) Python调试器，可附加Python进程并向其中注入代码\n- [**1486**星][3m] [C] [rikkaapps/riru](https://github.com/rikkaapps/riru) 通过替换libmemtrack注入合子进程\n- [**899**星][1y] [C++] [secrary/injectproc](https://github.com/secrary/injectproc) 多种DLL注入、进程替换、Hook注入、APC注入的实现\n- [**655**星][4y] [C] [rentzsch/mach_inject](https://github.com/rentzsch/mach_inject) Mac OS X的进程间代码注入\n- [**589**星][14d] [C] [gaffe23/linux-inject](https://github.com/gaffe23/linux-inject) Tool for injecting a shared object into a Linux process\n- [**536**星][13d] [C] [odzhan/injection](https://github.com/odzhan/injection) Windows process injection methods\n- [**435**星][11d] [Py] [davidbuchanan314/dlinject](https://github.com/davidbuchanan314/dlinject) Inject a shared library (i.e. arbitrary code) into a live linux process, without ptrace\n- [**413**星][4y] [C#] [zenlulz/memorysharp](https://github.com/zenlulz/memorysharp) Windows程序内存编辑库，C#编写，可向远程进程注入输入和代码，或读取远程进程内存\n- [**381**星][14d] [C++] [evilsocket/arminject](https://github.com/evilsocket/arminject) An application to dynamically inject a shared object into a running process on ARM architectures.\n- [**376**星][12d] [C++] [theevilbit/injection](https://github.com/theevilbit/injection) various process injection technique\n- [**363**星][4m] [C++] [safebreach-labs/pinjectra](https://github.com/safebreach-labs/pinjectra) 一个实现进程注入技术的类C/ c++类操作系统库(主要关注Windows 10 64位)\n- [**362**星][4m] [C#] [rasta-mouse/tikitorch](https://github.com/rasta-mouse/tikitorch) Process Injection\n- [**294**星][26d] [C] [quarkslab/quarkspwdump](https://github.com/quarkslab/quarkspwdump) Dump various types of Windows credentials without injecting in any process.\n- [**267**星][2y] [C++] [chadski/sharpneedle](https://github.com/chadski/sharpneedle) Inject C# code into a running process\n- [**246**星][16d] [C] [suvllian/process-inject](https://github.com/suvllian/process-inject) 在Windows环境下的进程注入方法：远程线程注入、创建进程挂起注入、反射注入、APCInject、SetWindowHookEX注入\n- [**204**星][4y] [C] [dismantl/linux-injector](https://github.com/dismantl/linux-injector) Utility for injecting executable code into a running process on x86/x64 Linux\n- [**163**星][1m] [C] [dhavalkapil/libdheap](https://github.com/dhavalkapil/libdheap) 可以透明地注入到不同进程的共享(动态)库，以检测glibc堆中的内存损坏\n- [**157**星][9m] [C] [hasherezade/process_doppelganging](https://github.com/hasherezade/process_doppelganging) 进程注入技术 Process Doppelganging 的实现代码\n- [**154**星][1m] [C] [ixty/mandibule](https://github.com/ixty/mandibule) 向远程进程注入ELF文件\n- [**144**星][4m] [PS] [empireproject/psinject](https://github.com/empireproject/psinject) Inject PowerShell into any process\n- [**142**星][4m] [C#] [3xpl01tc0d3r/processinjection](https://github.com/3xpl01tc0d3r/processinjection) This program is designed to demonstrate various process injection techniques\n- [**142**星][4m] [C] [antoniococo/mapping-injection](https://github.com/antoniococo/mapping-injection) Just another Windows Process Injection\n- [**126**星][8d] [C++] [ez8-co/yapi](https://github.com/ez8-co/yapi) fusion injector that reduce differences between x64, wow64 and x86 processes\n- [**111**星][5m] [C++] [arno0x/tcprelayinjecter](https://github.com/arno0x/tcprelayinjecter) Tool for injecting a \"TCP Relay\" managed assembly into unmanaged processes\n- [**110**星][16d] [Shell] [aoncyberlabs/cexigua](https://github.com/AonCyberLabs/Cexigua) Linux based inter-process code injection without ptrace(2)\n- [**85**星][1m] [C] [elfmaster/saruman](https://github.com/elfmaster/saruman) ELF anti-forensics exec, for injecting full dynamic executables into process image (With thread injection)\n- [**76**星][5y] [C++] [malwaretech/zombifyprocess](https://github.com/malwaretech/zombifyprocess) Inject code into a legitimate process\n- [**62**星][8m] [C] [kubo/injector](https://github.com/kubo/injector) Library for injecting a shared library into a Linux or Windows process\n- [**59**星][4y] [C] [infosecguerrilla/reflectivesoinjection](https://github.com/infosecguerrilla/reflectivesoinjection) 一种库注入技术，其中使用反射编程的概念将库从内存加载到主机进程中\n- [**53**星][1m] [Py] [xiphosresearch/steelcon-python-injection](https://github.com/xiphosresearch/steelcon-python-injection) Python Process Injection PoC Code from my SteelCon talk in 2014\n- [**52**星][6y] [C++] [georgenicolaou/heaveninjector](https://github.com/georgenicolaou/heaveninjector) Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process\n- [**47**星][7m] [PS] [3gstudent/code-execution-and-process-injection](https://github.com/3gstudent/code-execution-and-process-injection) Powershell to CodeExecution and ProcessInjection\n- [**46**星][5y] [C++] [tandasat/remotewritemonitor](https://github.com/tandasat/remotewritemonitor) A tool to help malware analysts tell that the sample is injecting code into other process.\n- [**37**星][4m] [C] [egguncle/ptraceinject](https://github.com/egguncle/ptraceinject) 进程注入\n- [**31**星][25d] [ObjC] [cwbudde/cordova-plugin-wkwebview-inject-cookie](https://github.com/cwbudde/cordova-plugin-wkwebview-inject-cookie) Injects a cookie in order to start the sync processs with wkWebView\n- [**30**星][2y] [C++] [ntraiseharderror/unrunpe](https://github.com/ntraiseharderror/unrunpe) PoC for detecting and dumping process hollowing code injection\n- [**30**星][4m] [C#] [mr-un1k0d3r/remoteprocessinjection](https://github.com/mr-un1k0d3r/remoteprocessinjection) C# remote process injection utility for Cobalt Strike\n- [**16**星][2y] [C++] [xfgryujk/injectexe](https://github.com/xfgryujk/injectexe) Inject the whole exe into another process\n- [**16**星][1m] [C] [narhen/procjack](https://github.com/narhen/procjack) PoC of injecting code into a running Linux process\n- [**14**星][24d] [C++] [eternityx/zinjector](https://github.com/eternityx/zinjector) zInjector is a simple tool for injecting dynamic link libraries into arbitrary processes\n- [**10**星][2m] [JS] [lmangani/node_ssl_logger](https://github.com/lmangani/node_ssl_logger) Decrypt and log process SSL traffic via Frida Injection\n- [**10**星][1y] [C++] [shaxzy/vibranceinjector](https://github.com/shaxzy/vibranceinjector) Mono process injector\n- [**8**星][5y] [C++] [hkhk366/memory_codes_injection](https://github.com/hkhk366/memory_codes_injection) 将代码注入到另一个进程中，以监视和操作其他进程。这通常被用作杀毒软件\n- [**6**星][2m] [ObjC] [couleeapps/mach_inject_32](https://github.com/couleeapps/mach_inject_32) Inject libraries into 32 processes on macOS Mojave\n- [**6**星][3m] [Jupyter Notebook] [jsecurity101/detecting-process-injection-techniques](https://github.com/jsecurity101/detecting-process-injection-techniques) This is a repository that is meant to hold detections for various process injection techniques.\n- [**1**星][2y] [C++] [malwaresec/processinjection](https://github.com/malwaresec/processinjection) Repo for process injection source files\n- [**None**星][C] [realoriginal/ppdump-public](https://github.com/realoriginal/ppdump-public) 使用Zemana AntiMalware引擎打开一个特权句柄到一个PP/PPL进程并注入MiniDumpWriteDump()\n\n\n***\n\n\n## \u003ca id=\"78df9ff3771ac1e9d9dff3eba0055d25\"\u003e\u003c/a\u003e文章\n\n\n- 2020.04 [infosecinstitute] [MITRE ATT\u0026CK spotlight: Process injection](https://resources.infosecinstitute.com/mitre-attck-spotlight-process-injection/)\n- 2020.03 [jsecurity101] [Engineering Process Injection Detections -](https://posts.specterops.io/engineering-process-injection-detections-part-1-research-951e96ad3c85)\n- 2020.02 [vkremez] [Let's Learn: Inside Parallax RAT Malware: Process Hollowing Injection \u0026 Process Doppelgänging API Mix: Part I](https://www.vkremez.com/2020/02/lets-learn-inside-parallax-rat-malware.html)\n- 2020.01 [BlackHat] [Process Injection Techniques - Gotta Catch Them All](https://www.youtube.com/watch?v=xewv122qxnk)\n- 2020.01 [hakin9] [Mapping-Injection: Just another Windows Process Injection](https://hakin9.org/mapping-injection-just-another-windows-process-injection/)\n- 2019.12 [HackersOnBoard] [DEF CON 27 - Itzik Kotler - Process Injection Techniques Gotta Catch Them All](https://www.youtube.com/watch?v=KSDR06TO_9o)\n- 2019.11 [freebuf] [ATT\u0026CK中的进程注入三部曲](https://www.freebuf.com/articles/web/218232.html)\n- 2019.11 [4hou] [实现Windows进程注入的7种新方法](https://www.4hou.com/system/17735.html)\n- 2019.10 [Cooper] [Fileless Malware Infection And Linux Process Injection In Linux OS - Hendrik Adrian](https://www.youtube.com/watch?v=RvBj8C5okp0)\n- 2019.09 [freebuf] [在遇到shellcode注入进程时所使用的调试技](https://www.freebuf.com/articles/system/212248.html)\n- 2019.09 [aliyun] [细说Cobalt Strike进程注入](https://xz.aliyun.com/t/6205)\n- 2019.09 [aliyun] [进程注入概述（一）](https://xz.aliyun.com/t/6210)\n- 2019.09 [sevagas] [Process PE Injection Basics](https://blog.sevagas.com/?Process-PE-Injection-Basics)\n- 2019.08 [4hou] [远程进程shellcode注入调试技巧](https://www.4hou.com/system/19852.html)\n- 2019.08 [cobaltstrike] [Cobalt Strike’s Process Injection: The Details](https://blog.cobaltstrike.com/2019/08/21/cobalt-strikes-process-injection-the-details/)\n- 2019.07 [fortinet] [A Deep Dive Into IcedID Malware: Part I - Unpacking, Hooking and Process Injection](https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-one.html)\n- 2019.05 [4hou] [借助ProcessHollowing和代码注入感染合法进程：信息窃取恶意软件FormBook分析](https://www.4hou.com/technology/17823.html)\n- 2019.04 [OALabs] [Reverse Engineering Quick Tip - Unpacking Process Injection With a Single Breakpoint](https://www.youtube.com/watch?v=Min6DWTHDBw)\n- 2018.12 [4hou] [如何借助COM对Windows受保护进程进行代码注入（第二部分）](http://www.4hou.com/system/14904.html)\n- 2018.11 [googleprojectzero] [利用COM向Windows受保护进程注入代码, Part2](https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html)\n- 2018.11 [andreafortuna] [Process Injection and Persistence using Application Shimming](https://www.andreafortuna.org/dfir/malware-analysis/process-injection-and-persistence-using-application-shimming/)\n- 2018.11 [4hou] [如何借助COM对Windows受保护进程进行代码注入](http://www.4hou.com/system/14133.html)\n- 2018.10 [freebuf] [十种进程注入技术介绍：常见注入技术及趋势调查](https://www.freebuf.com/articles/system/187239.html)\n- 2018.10 [360] [如何将.NET程序注入到非托管进程](https://www.anquanke.com/post/id/162914/)\n- 2018.10 [aliyun] [使用COM将代码注入到受Windows保护的进程中](https://xz.aliyun.com/t/3070)\n- 2018.10 [aliyun] [【老文】如何将.Net程序集注入非托管进程](https://xz.aliyun.com/t/3050)\n- 2018.10 [googleprojectzero] [Injecting Code into Windows Protected Processes using COM - Part 1](https://googleprojectzero.blogspot.com/2018/10/injecting-code-into-windows-protected.html)\n- 2018.10 [4hou] [如何针对Windows中ConsoleWindowClass对象实现进程注入](http://www.4hou.com/technology/13634.html)\n- 2018.09 [aliyun] [windows 进程注入之控制台窗口类](https://xz.aliyun.com/t/2762)\n- 2018.08 [4hou] [Windows进程注入：额外的窗口字节](http://www.4hou.com/system/13308.html)\n- 2018.08 [aliyun] [Windows进程注入技术之额外的Window字节篇](https://xz.aliyun.com/t/2656)\n- 2018.08 [aliyun] [Windows进程注入技术之PROPagate篇](https://xz.aliyun.com/t/2639)\n- 2018.07 [malcomvetter] [.NET Process Injection](https://medium.com/p/1a1af00359bc)\n- 2018.07 [4hou] [攻击者如何向正在运行的Linux进程注入恶意代码](http://www.4hou.com/technology/12736.html)\n- 2018.07 [4hou] [Windows进程注入：如何将有效负载部署到目标进程的内存空间中执行](http://www.4hou.com/technology/12672.html)\n- 2018.07 [360] [Windows进程注入payload分析](https://www.anquanke.com/post/id/151840/)\n- 2018.05 [freebuf] [利用“进程注入”实现无文件复活 WebShell](http://www.freebuf.com/articles/web/172753.html)\n- 2018.05 [4hou] [CTRL-INJECT进程注入技术详解](http://www.4hou.com/technology/11636.html)\n- 2018.05 [360] [针对新型进程注入技术Ctrl-Inject的原理分析](https://www.anquanke.com/post/id/129769/)\n- 2018.04 [360] [深入分析Get-InjectedThread进程注入检测工具的原理并尝试绕过](https://www.anquanke.com/post/id/104339/)\n- 2018.04 [360] [深入分析恶意软件Formbook：混淆和进程注入（下）](https://www.anquanke.com/post/id/103429/)\n- 2018.04 [360] [深入分析恶意软件Formbook：混淆和进程注入（上）](https://www.anquanke.com/post/id/103403/)\n- 2018.03 [aliyun] [利用GDB实现进程注入](https://xz.aliyun.com/t/2164)\n- 2018.02 [endgame] [Stopping Olympic Destroyer: New Process Injection Insights](https://www.endgame.com/blog/technical-blog/stopping-olympic-destroyer-new-process-injection-insights)\n- 2018.01 [4hou] [恶意软件Ursnif的隐蔽进程注入技术分析](http://www.4hou.com/info/news/9902.html)\n- 2018.01 [vkremez] [Let's Learn: Dissect Panda Banking Malware's \"libinject\" Process Injection Module](https://www.vkremez.com/2018/01/lets-learn-dissect-panda-banking.html)\n- 2017.12 [4hou] [Ursnif恶意软件变种技术新升级，利用TLS回调技术进程注入](http://www.4hou.com/system/8988.html)\n- 2017.11 [fireeye] [Ursnif 变种使用 TLS 回调技巧实现进程注入](https://www.fireeye.com/blog/threat-research/2017/11/ursnif-variant-malicious-tls-callback-technique.html)\n- 2017.11 [freebuf] [使用恶意软件将隐藏代码注入已知进程的渗透研究](http://www.freebuf.com/articles/system/153795.html)\n- 2017.11 [OALabs] [Unpacking Process Injection Malware With IDA PRO (Part 2)](https://www.youtube.com/watch?v=kdNQhfgoQoU)\n- 2017.11 [OALabs] [Unpacking Process Injection Malware With IDA PRO (Part 1)](https://www.youtube.com/watch?v=ScBB-Hi7NxQ)\n- 2017.10 [securityintelligence] [Diving Into Zberp’s Unconventional Process Injection Technique](https://securityintelligence.com/diving-into-zberps-unconventional-process-injection-technique/)\n- 2017.09 [4hou] [无需Ptrace就能实现Linux进程间代码注入](http://www.4hou.com/technology/7614.html)\n- 2017.09 [gdssecurity] [Linux 进程内代码注入（无需Ptrace）](https://blog.gdssecurity.com/labs/2017/9/5/linux-based-inter-process-code-injection-without-ptrace2.html)\n- 2017.08 [pediy] [[翻译]十种注入技巧:具有通用性的进程注入技巧研究](https://bbs.pediy.com/thread-220500.htm)\n- 2017.07 [4hou] [十种流行进程注入技术详细分析](http://www.4hou.com/technology/6735.html)\n- 2017.07 [360] [10种常见的进程注入技术的总结](https://www.anquanke.com/post/id/86463/)\n- 2017.07 [endgame] [10种进程注入技术：普通和流行的进程注入技术调查](https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process)\n- 2017.07 [vulnerablelife] [Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques](https://vulnerablelife.wordpress.com/2017/07/18/ten-process-injection-techniques-a-technical-survey-of-common-and-trending-process-injection-techniques/)\n- 2017.07 [microsoft] [Detecting stealthier cross-process injection techniques with Windows Defender ATP: Process hollowing and atom bombing](https://cloudblogs.microsoft.com/microsoftsecure/2017/07/12/detecting-stealthier-cross-process-injection-techniques-with-windows-defender-atp-process-hollowing-and-atom-bombing/)\n- 2017.07 [struppigel] [Process Injection Info Graphic](https://struppigel.blogspot.com/2017/07/process-injection-info-graphic.html)\n- 2017.07 [freebuf] [pyrasite – 向python进程注入代码工具](http://www.freebuf.com/sectool/139120.html)\n- 2017.05 [MalwareAnalysisForHedgehogs] [Malware Analysis - Code Injection via CreateRemoteThread \u0026 WriteProcessMemory](https://www.youtube.com/watch?v=W_rAxPm4TTU)\n- 2017.04 [4hou] [在Linux下使用ptrace向sshd进程注入任意代码](http://www.4hou.com/technology/4446.html)\n- 2017.03 [360] [DoubleAgent：代码注入和持久化技术--允许在任何Windows版本上控制任何进程](https://www.anquanke.com/post/id/85775/)\n- 2017.03 [] [DoubleAgent技术：任意进程下代码注入与权限维持](http://0day5.com/archives/4364/)\n- 2017.03 [microsoft] [Uncovering cross-process injection with Windows Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2017/03/08/uncovering-cross-process-injection-with-windows-defender-atp/)\n- 2017.02 [4hou] [32位程序对64位进程的远程注入实现](http://www.4hou.com/technology/3426.html)\n- 2016.02 [360] [linux-inject：注入代码到运行的Linux进程中](https://www.anquanke.com/post/id/83423/)\n- 2015.08 [pediy] [[原创]win7 32位进程注入64位进程](https://bbs.pediy.com/thread-203762.htm)\n- 2015.08 [christophertruncer] [Injecting Shellcode into a Remote Process with Python](https://www.christophertruncer.com/injecting-shellcode-into-a-remote-process-with-python/)\n- 2015.08 [pediy] [[原创]纯C++编写Win32/X64通用Shellcode注入csrss进程.](https://bbs.pediy.com/thread-203140.htm)\n- 2015.08 [securestate] [Injecting Python Code Into Native Processes](https://warroom.securestate.com/injecting-python-code-into-native-processes/)\n- 2015.08 [securestate] [Injecting Python Code Into Native Processes](https://warroom.rsmus.com/injecting-python-code-into-native-processes/)\n- 2015.05 [redcanary] [What Red Canary Detects: Spotlight on Process Injection](https://redcanary.com/blog/what-red-canary-detects-process-injection/)\n- 2015.04 [pediy] [[原创]一个Win7X64内核注入32位进程的例子](https://bbs.pediy.com/thread-200027.htm)\n- 2014.07 [pediy] [[原创]C++进程注入（通过远程线程注入进程）](https://bbs.pediy.com/thread-190291.htm)\n- 2014.06 [lastline] [Dissecting Payload Injection Using LLama Process Snapshots](https://www.lastline.com/labsblog/dissecting-payload-injection-using-llama-process-snapshots/)\n- 2014.05 [talosintelligence] [Betabot Process Injection](https://blog.talosintelligence.com/2014/05/betabot-process-injection.html)\n- 2014.03 [pediy] [[原创]注入安卓进程,并hook java世界的方法](https://bbs.pediy.com/thread-186054.htm)\n- 2013.05 [lhj0711010212] [使用injectso技术注入mtrace，对进程进行内存检测](https://blog.csdn.net/lhj0711010212/article/details/8999413)\n- 2013.04 [pediy] [[原创]另类注入 傀儡进程测试](https://bbs.pediy.com/thread-170530.htm)\n- 2013.03 [pediy] [[原创]\u003c\u003c游戏外挂攻防艺术\u003e\u003e注入2.3节依赖可信进程注入](https://bbs.pediy.com/thread-163701.htm)\n- 2013.01 [pediy] [[原创]多种注入进程](https://bbs.pediy.com/thread-161250.htm)\n- 2012.04 [dreamofareverseengineer] [Identifying malicious injected code in Legit Process through dynamic analysis:](http://dreamofareverseengineer.blogspot.com/2012/04/identifying-malicious-injected-code-in.html)\n- 2011.07 [firebitsbr] [Syringe utility provides ability to inject shellcode into processes](https://firebitsbr.wordpress.com/2011/07/08/syringe-utility-provides-ability-to-inject-shellcode-into-processes/)\n- 2010.10 [pediy] [[原创]劫持正在运行进程的EIP注入代码的方法](https://bbs.pediy.com/thread-122890.htm)\n- 2010.08 [pediy] [[原创]创建远程线程，将代码注入到其它进程中执行](https://bbs.pediy.com/thread-119091.htm)\n- 2010.08 [console] [Bypassing AntiVirus With Process Injection](http://console-cowboys.blogspot.com/2010/08/bypassing-antivirus-with-process.html)\n- 2007.12 [pediy] [[原创]进程注入——一个同时支持Win98, WinMe, Win2000, WinXp 的方法(源代码加详细注释)](https://bbs.pediy.com/thread-56751.htm)\n- 2007.04 [pediy] [[原创]三线程..进程保护@远线程直接代码注入 for Delphi](https://bbs.pediy.com/thread-42594.htm)\n- 2004.06 [pediy] [用进程注入来实现一个壳](https://bbs.pediy.com/thread-1564.htm)\n\n\n# \u003ca id=\"3b2252d379d384475de4654bd5d0b368\"\u003e\u003c/a\u003e线程注入\n\n\n***\n\n\n## \u003ca id=\"9ff33dd10584407a654590a7cf18c6f0\"\u003e\u003c/a\u003e工具\n\n\n- [**49**星][2y] [C] [vallejocc/poc-inject-data-wm_copydata](https://github.com/vallejocc/poc-inject-data-wm_copydata) A tiny PoC to inject and execute code into explorer.exe with WM_SETTEXT+WM_COPYDATA+SetThreadContext\n\n\n***\n\n\n## \u003ca id=\"a7433a31e0f33f936d15d6ad61437bc6\"\u003e\u003c/a\u003e文章\n\n\n- 2020.03 [trustedsec] [Avoiding Get-InjectedThread for Internal Thread Creation](https://www.trustedsec.com/blog/avoiding-get-injectedthread-for-internal-thread-creation/)\n- 2018.12 [pediy] [[原创]远程线程注入计算器](https://bbs.pediy.com/thread-248676.htm)\n- 2018.04 [xpnsec] [PowerShell脚本Get-InjectedThread可枚举进程, 并判定进程是否被注入. 文章解释脚本监测原理, 以及绕过此种监测的方式](https://blog.xpnsec.com/undersanding-and-evading-get-injectedthread/)\n- 2018.03 [pediy] [[原创]驱动注入用户线程之跨session通知csrss之真正解决](https://bbs.pediy.com/thread-225047.htm)\n- 2017.10 [pediy] [[原创]ReflectiveLoader（远程线程的注入 PE的修正）](https://bbs.pediy.com/thread-222187.htm)\n- 2017.05 [4hou] [免杀新姿势：利用线程将恶意代码注入到内存中](http://www.4hou.com/technology/4819.html)\n- 2014.06 [dreamofareverseengineer] [Monitoring Thread Injection](http://dreamofareverseengineer.blogspot.com/2014/06/monitoring-thread-injection.html)\n- 2009.10 [pediy] [[原创]老生常谈-远程线程注入](https://bbs.pediy.com/thread-98944.htm)\n- 2006.02 [pediy] [[原创]ShellCode的另外一种玩法(远程线程注入ShellCode)](https://bbs.pediy.com/thread-21123.htm)\n\n\n# \u003ca id=\"02a1807b6a7131af27e3ed1002e7335a\"\u003e\u003c/a\u003e代码注入\n\n\n***\n\n\n## \u003ca id=\"303ed79296c5af9c74cfd49dd31a399e\"\u003e\u003c/a\u003e工具\n\n\n- [**6260**星][10d] [ObjC] [johnno1962/injectionforxcode](https://github.com/johnno1962/injectionforxcode) Runtime Code Injection for Objective-C \u0026 Swift\n- [**2386**星][2y] [Py] [danmcinerney/lans.py](https://github.com/danmcinerney/lans.py) 注入代码并监视wifi用户\n- [**1685**星][11d] [Py] [epinna/tplmap](https://github.com/epinna/tplmap) 代码注入和服务器端模板注入（Server-Side Template Injection）漏洞利用，若干沙箱逃逸技巧。\n- [**1470**星][4m] [Swift] [johnno1962/injectioniii](https://github.com/johnno1962/injectioniii) 在(大部分)Swift4中重写Xcode的注入\n- [**1112**星][14d] [ObjC] [dyci/dyci-main](https://github.com/dyci/dyci-main) Dynamic Code Injection Tool for Objective-C\n- [**983**星][3y] [C] [cybellum/doubleagent](https://github.com/cybellum/doubleagent) Zero-Day Code Injection and Persistence Technique\n- [**614**星][16d] [C++] [breakingmalwareresearch/atom-bombing](https://github.com/breakingmalwareresearch/atom-bombing) Brand New Code Injection for Windows\n- [**265**星][5y] [C++] [breakingmalware/powerloaderex](https://github.com/breakingmalware/powerloaderex) Advanced Code Injection Technique for x32 / x64\n- [**249**星][8y] [rentzsch/mach_star](https://github.com/rentzsch/mach_star) code injection and function overriding for Mac OS X\n- [**228**星][12d] [C++] [marcosd4h/memhunter](https://github.com/marcosd4h/memhunter) Live hunting of code injection techniques\n- [**214**星][17d] [C] [peperunas/injectopi](https://github.com/peperunas/injectopi) 一堆Windows 代码注入教程\n- [**186**星][7m] [ObjC] [nakiostudio/twitterx](https://github.com/nakiostudio/twitterx) Keeping Twitter for macOS alive with code injection\n- [**170**星][2y] [Py] [undeadsec/debinject](https://github.com/undeadsec/debinject) Inject malicious code into *.debs\n- [**116**星][22d] [C#] [p0cl4bs/hanzoinjection](https://github.com/p0cl4bs/hanzoinjection) injecting arbitrary codes in memory to bypass common antivirus solutions\n- [**91**星][2m] [Py] [hackatnow/cromos](https://github.com/hackatnow/cromos) 一个工具，下载合法的扩展Chrome网络商店和注入代码的应用程序的背景\n- [**90**星][4y] [Java] [zerothoughts/spring-jndi](https://github.com/zerothoughts/spring-jndi) Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4\n- [**66**星][2y] [Java] [sola-da/synode](https://github.com/sola-da/synode) Automatically Preventing Code Injection Attacks on Node.js\n- [**65**星][3y] [Py] [sethsec/pycodeinjection](https://github.com/sethsec/pycodeinjection) Automated Python Code Injection Tool\n- [**65**星][3m] [Py] [tbarabosch/quincy](https://github.com/tbarabosch/quincy) 在内存转储中检测基于主机的代码注入攻击\n- [**49**星][2m] [C#] [guibacellar/dnci](https://github.com/guibacellar/dnci) DNCI - Dot Net Code Injector\n- [**48**星][3y] [C++] [tonyzesto/pubgprivxcode85](https://github.com/tonyzesto/pubgprivxcode85) 简单chams wallhack为玩家未知的战场使用D3D11DrawIndexed钩子功能列表\n- [**47**星][1y] [C] [yifanlu/3ds_injector](https://github.com/yifanlu/3ds_injector) Open source implementation of loader module with code injection support\n- [**46**星][7m] [C] [rodionovd/task_vaccine](https://github.com/rodionovd/task_vaccine) Yet another code injection library for OS X\n- [**37**星][2m] [C] [sduverger/ld-shatner](https://github.com/sduverger/ld-shatner) ld-linux code injector\n- [**34**星][2y] [C++] [ntraiseharderror/dreadnought](https://github.com/ntraiseharderror/dreadnought) PoC for detecting and dumping code injection (built and extended on UnRunPE)\n- [**27**星][4y] [Java] [zerothoughts/jndipoc](https://github.com/zerothoughts/jndipoc) Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls\n- [**27**星][6m] [Java] [dinject/dinject](https://github.com/dinject/dinject) Dependency injection via APT (source code generation) ala \"Server side Dagger DI\"\n- [**25**星][7m] [Py] [batteryshark/miasma](https://github.com/batteryshark/miasma) Cross-Platform Binary OTF Patcher, Code Injector, Hacking Utility\n- [**25**星][3y] [C++] [hatriot/delayloadinject](https://github.com/hatriot/delayloadinject) Code injection via delay load libraries\n- [**20**星][2y] [c] [odzhan/propagate](https://github.com/odzhan/propagate) PROPagate code injection technique example\n- [**19**星][3y] [Swift] [depoon/injectiblelocationspoofing](https://github.com/depoon/injectiblelocationspoofing) Location Spoofing codes for iOS Apps via Code Injection\n- [**18**星][6y] [ObjC] [mhenr18/injector](https://github.com/mhenr18/injector) Code injection + payload communications for OSX (incl. sandboxed apps)\n- [**17**星][2m] [C++] [sunsided/native-dotnet-code-injection](https://github.com/sunsided/native-dotnet-code-injection) Injection of managed code into non-managed Windows applications\n- [**14**星][2m] [C#] [gerich-home/lua-inject](https://github.com/gerich-home/lua-inject) Inject any C# code into programs with lua\n- [**13**星][3y] [C] [tbarabosch/1001-injects](https://github.com/tbarabosch/1001-injects) Tiny research project to understand code injections on Linux based systems\n- [**13**星][3m] [C++] [revsic/codeinjection](https://github.com/revsic/codeinjection) Code Injection technique written in cpp language\n- [**11**星][2y] [C] [gdbinit/calcspace](https://github.com/gdbinit/calcspace) Small util to calculate available free space in mach-o binaries for code injection\n- [**11**星][7y] [C#] [yifanlu/vitainjector](https://github.com/yifanlu/vitainjector) Inject userland ARM code through PSM\n- [**9**星][19d] [Py] [bao7uo/waf-cookie-fetcher](https://github.com/bao7uo/waf-cookie-fetcher) 一个用Python编写的Burp套件扩展，它使用一个无头浏览器来获取注入晶圆的cookie的值，这些cookie是通过客户端JavaScript代码在浏览器中计算出来的，并将它们添加到Burp的cookie jar中\n- [**9**星][6m] [Py] [mpgn/cve-2018-16341](https://github.com/mpgn/cve-2018-16341) CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection\n- [**7**星][2y] [PHP] [jpapayan/aspis](https://github.com/jpapayan/aspis) A PHP code transformer to provide protection against injection attacks\n- [**6**星][2y] [Py] [andreafortuna/pycodeinjector](https://github.com/andreafortuna/pycodeinjector) Python code injection library\n- [**4**星][1y] [Java] [righettod/injection-cheat-sheets](https://github.com/righettod/injection-cheat-sheets) Provide some tips to handle Injection into application code (OWASP TOP 10 - A1).\n- [**2**星][2y] [Standard ML] [11digits/php-clean-malware](https://github.com/11digits/php-clean-malware) Simple PHP code to assist in cleaning of injected malware PHP code\n- [**2**星][9m] [C++] [thepwnrip/code-injection](https://github.com/thepwnrip/code-injection) A collection of methods of Code Injection on Windows\n- [**1**星][1y] [C++] [smore007/remote-iat-hook](https://github.com/smore007/remote-iat-hook) Remote IAT hook example. Useful for code injection\n- [**None**星][Py] [thelinuxchoice/eviloffice](https://github.com/thelinuxchoice/eviloffice) Inject Macro and DDE code into Excel and Word documents (reverse shell)\n\n\n***\n\n\n## \u003ca id=\"5e603e03f62d50e6fa8310e15470f233\"\u003e\u003c/a\u003e文章\n\n\n- 2020.05 [hexacorn] [New Code Injection/Execution – Marsh…mellow](http://www.hexacorn.com/blog/2020/05/14/new-code-injection-execution-marsh-mellow/)\n- 2020.04 [hexacorn] [Code Injection everyone forgets about](http://www.hexacorn.com/blog/2020/04/09/code-injection-everyone-forgets-about/)\n- 2020.03 [WHIDInjector] [Remotely Injecting Keystrokes through an Industrial Barcode](https://www.youtube.com/watch?v=wJ1PFpHxA9Y)\n- 2020.01 [hakin9] [Memhunter - Live Hunting Of Code Injection Techniques](https://hakin9.org/memhunter-live-hunting-of-code-injection-techniques/)\n- 2020.01 [WarrantyVoider] [RE with WV - Episode #7 Binary Editing and Code Injection](https://www.youtube.com/watch?v=sRACOY3eRsU)\n- 2019.12 [HackersOnBoard] [DEF CON 27 - Alon Weinberg - Please Inject Me a x64 Code Injection](https://www.youtube.com/watch?v=CMq4NQ2snNs)\n- 2019.12 [sevagas] [Code Injection - Exploit WNF callback](https://blog.sevagas.com/?Code-Injection-Exploit-WNF-callback)\n- 2019.12 [sevagas] [Code Injection - Disable Dynamic Code Mitigation (ACG)](https://blog.sevagas.com/?Code-Injection-Disable-Dynamic-Code-Mitigation-ACG)\n- 2019.11 [ojasookert] [Macy’s, Magecart, Black Friday, and JavaScript Code Injection](https://medium.com/p/3c54ac741b0f)\n- 2019.10 [talosintelligence] [YouPHPTube Encoder base64Url multiple command injections](https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917)\n- 2019.09 [netsparker] [What is Code Injection and How to Avoid It](https://www.netsparker.com/blog/web-security/code-injection/)\n- 2019.09 [aliyun] [初探代码注入](https://xz.aliyun.com/t/6253)\n- 2019.08 [bugbountywriteup] [When i found php code injection](https://medium.com/p/87e8e30afe59)\n- 2019.07 [bromium] [Dridex’s Bag of Tricks: An Analysis of its Masquerading and Code Injection Techniques](https://www.bromium.com/dridex-threat-analysis-july-2019-variant/)\n- 2019.07 [aliyun] [Discuz!ML V3.X 代码注入分析](https://xz.aliyun.com/t/5638)\n- 2019.06 [pewpewthespells] [Blocking Code Injection on iOS and OS X](https://pewpewthespells.com/blog/blocking_code_injection_on_ios_and_os_x.pdf)\n- 2019.05 [hexacorn] [‘Plata o plomo’ code injections/execution tricks](http://www.hexacorn.com/blog/2019/05/26/plata-o-plomo-code-injections-execution-tricks/)\n- 2019.05 [HackerSploit] [Bug Bounty Hunting - PHP Code Injection](https://www.youtube.com/watch?v=GE2HyC7Gwrs)\n- 2019.04 [hexacorn] [SHLoadInProc – The Non-Working Code Injection trick from the past](http://www.hexacorn.com/blog/2019/04/30/shloadinproc-the-non-working-code-injection-trick-from-the-past/)\n- 2019.04 [hexacorn] [Listplanting – yet another code injection trick](http://www.hexacorn.com/blog/2019/04/25/listplanting-yet-another-code-injection-trick/)\n- 2019.04 [hexacorn] [3 new code injection tricks](http://www.hexacorn.com/blog/2019/04/24/3-new-code-injection-tricks/)\n- 2019.04 [hexacorn] [Treepoline – new code injection technique](http://www.hexacorn.com/blog/2019/04/24/treepoline-new-code-injection-technique/)\n- 2019.04 [hexacorn] [WordWarper – new code injection trick](http://www.hexacorn.com/blog/2019/04/23/wordwarper-new-code-injection-trick/)\n- 2019.04 [JosephDelgadillo] [Learn System Hacking E6: PHP Code Injection](https://www.youtube.com/watch?v=paVE2Rx8mZI)\n- 2019.03 [freebuf] [Java代码审计之SpEL表达式注入](https://www.freebuf.com/vuls/197008.html)\n- 2019.03 [aditya12anand] [How to write secure code against injection attacks?](https://medium.com/p/aad4fff058da)\n- 2019.03 [andreafortuna] [A simple Windows code Injection example written in C#](https://www.andreafortuna.org/programming/a-simple-windows-code-injection-example-written-in-c/)\n- 2018.12 [360] [Linux Userland内存代码注入实践](https://www.anquanke.com/post/id/168204/)\n- 2018.12 [aliyun] [HubL中的EL注入导致远程代码执行](https://xz.aliyun.com/t/3605)\n- 2018.11 [aliyun] [[红日安全]代码审计Day17 - Raw MD5 Hash引发的注入](https://xz.aliyun.com/t/3375)\n- 2018.11 [freebuf] [clrinject：向CLR Runtimes和AppDomain中注入代码的工具](https://www.freebuf.com/sectool/187541.html)\n- 2018.10 [MSbluehat] [BlueHat v18 || Memory resident implants - code injection is alive and well](https://www.slideshare.net/MSbluehat/bluehat-v18-memory-resident-implants-code-injection-is-alive-and-well)\n- 2018.09 [ironcastle] [More Excel DDE Code Injection, (Fri, Sep 28th)](https://www.ironcastle.net/more-excel-dde-code-injection-fri-sep-28th/)\n- 2018.09 [sans] [More Excel DDE Code Injection](https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/)\n- 2018.09 [bugbountywriteup] [Injecting tourism website running codeigniter](https://medium.com/p/e3c5370236c2)\n- 2018.08 [andreafortuna] [pycodeinjector: a simple python Code Injection library](https://www.andreafortuna.org/programming/pycodeinjector-a-simple-python-code-injection-library/)\n- 2018.08 [trustedsec] [Breaking Down the PROPagate Code Injection Attack](https://www.trustedsec.com/2018/08/breaking-down-the-propagate-code-injection-attack/)\n- 2018.08 [andreafortuna] [Code injection on Windows using Python: a simple example](https://www.andreafortuna.org/programming/code-injection-on-windows-using-python-a-simple-example/)\n- 2018.07 [4hou] [Firefox里的未知扩展正在将不需要的代码注入用户访问过的网站](http://www.4hou.com/vulnerable/12803.html)\n- 2018.07 [aliyun] [服务器端电子表格注入 - 从公式注入到远程代码执行](https://xz.aliyun.com/t/2476)\n- 2018.06 [bishopfox] [服务器端Spreadsheet注入: 利用公式注入实现RCE](https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/)\n- 2018.05 [freebuf] [黑客公布Signal通讯软件中的代码注入攻击](http://www.freebuf.com/news/171824.html)\n- 2018.04 [freebuf] [PentesterLab新手教程（一）：代码注入](http://www.freebuf.com/sectool/168653.html)\n- 2018.04 [4hou] [Early Bird代码注入可绕过杀毒软件检测](http://www.4hou.com/technology/11109.html)\n- 2018.04 [freebuf] [$_SERVER[SCRIPT_NAME]变量可值注入恶意代码](http://www.freebuf.com/articles/web/166263.html)\n- 2018.02 [360] [从概念到实际应用：详细讲解用户级API监控和代码注入检测方法](https://www.anquanke.com/post/id/98770/)\n- 2018.01 [aliyun] [某电商前台代码注入](https://xz.aliyun.com/t/1982)\n- 2018.01 [doyler] [Nodejs Code Injection (EverSec CTF – BSides Raleigh 2017)](https://www.doyler.net/security-not-included/nodejs-code-injection)\n- 2018.01 [4hou] [星巴克挖矿事件分析：黑客是如何黑掉WiFi并将挖矿代码注入到HTML页面的？](http://www.4hou.com/wireless/9773.html)\n- 2018.01 [4hou] [PoS端恶意软件LockPoS携新型代码注入技术强势回归](http://www.4hou.com/info/news/9774.html)\n- 2018.01 [oherrala] [Using static typing to protect against code injection attacks](https://medium.com/p/353002ca6f2b)\n- 2017.12 [4hou] [代码注入技术Process Doppelgänging利用介绍](http://www.4hou.com/technology/9379.html)\n- 2017.12 [4hou] [新型代码注入攻击（Process Doppelgänging）：可绕过大多数AV检测](http://www.4hou.com/system/9183.html)\n- 2017.11 [4hou] [Wi-Fi网络中，翻转照片，注入恶意代码到客户端](http://www.4hou.com/wireless/8559.html)\n- 2017.11 [freebuf] [PROPagate：一种新的代码注入技巧介绍](http://www.freebuf.com/news/153041.html)\n- 2017.11 [l0wb1tUC] [COD WWII Code Injection Fail](https://www.youtube.com/watch?v=ngeCZu4g4vw)\n- 2017.11 [hexacorn] [PROPagate – a new code injection trick – 64-bit and 32-bit](http://www.hexacorn.com/blog/2017/11/03/propagate-a-new-code-injection-trick-64-bit-and-32-bit/)\n- 2017.10 [4hou] [PROPagate——一种新的代码注入技巧](http://www.4hou.com/binary/8222.html)\n- 2017.10 [hexacorn] [新的代码注入技巧 PROPagate](http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/)\n- 2017.09 [decktonic] [How one hacker stole thousands of dollars worth of cryptocurrency with a classic code injection…](https://medium.com/p/a3aba5d2bff0)\n- 2017.09 [freebuf] [LANs.py：一款可以实现代码注入，无线渗透和WiFi用户监控的强大工具](http://www.freebuf.com/sectool/147605.html)\n- 2017.09 [arxiv] [[1709.05690] BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews](https://arxiv.org/abs/1709.05690)\n- 2017.08 [defencely] [Achieving Code Injection on Trendy – Sarahah.com](https://defencely.com/blog/achieving-code-injection-on-trendy-sarahah-com/)\n- 2017.07 [bogner] [Code Injection in Slack’s Windows Desktop Client leads to Privilege Escalation](https://bogner.sh/2017/07/code-injection-in-slacks-windows-desktop-client-leads-to-privilege-escalation/)\n- 2017.06 [trendmicro] [勒索软件 SOREBRECT 分析。采用了“无文件”、利用 PsExec 注入代码等技术](https://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-fileless-code-injecting-sorebrect-ransomware/)\n- 2017.04 [welivesecurity] [Fake Chrome extensions inject code into web pages](https://www.welivesecurity.com/2017/04/28/fake-chrome-extensions-inject-code-web-pages/)\n- 2017.04 [n0where] [Inject Custom Code Into PE File: InfectPE](https://n0where.net/inject-custom-code-into-pe-file-infectpe)\n- 2017.03 [mstajbakhsh] [Smali Code Injection: Playing with 2048!](https://mstajbakhsh.ir/smali-code-injection-playing-with-2048/)\n- 2017.03 [HackingMonks] [Remote Code Injection on DVWA medium](https://www.youtube.com/watch?v=eoZC5vsnTtw)\n- 2017.03 [360] [AtomBombing：Windows的全新代码注入技术](https://www.anquanke.com/post/id/85675/)\n- 2017.02 [360] [如何在.ipa文件上进行iOS代码注入](https://www.anquanke.com/post/id/85553/)\n- 2017.01 [securiteam] [SSD Advisory – Icewarp, AfterLogic and MailEnable Code Injection](https://blogs.securiteam.com/index.php/archives/2937)\n- 2017.01 [sentinelone] [What Is Code Injection?](https://www.sentinelone.com/blog/atombombing-code-injection-threat-hype/)\n- 2017.01 [csyssec] [二进制代码注入PIN](http://www.csyssec.org/20170104/pinintro/)\n- 2016.12 [mstajbakhsh] [Smali Code Injection](https://mstajbakhsh.ir/smali-code-injection/)\n- 2016.12 [tevora] [Gaining Code Execution with Injection on Java args](http://threat.tevora.com/quick-tip-gaining-code-execution-with-injection-on-java-args/)\n- 2016.11 [doyler] [Exploiting Python Code Injection in Web Applications](https://www.doyler.net/security-not-included/exploiting-python-code-injection)\n- 2016.11 [kennethpoon] [How to perform iOS Code Injection on .ipa files](https://medium.com/p/1ba91d9438db)\n- 2016.11 [thembits] [Loffice gets a makeover - Gives an insight into antis and detect code injection](http://thembits.blogspot.com/2016/11/loffice-gets-makeover-gives-insight.html)\n- 2016.11 [360] [利用Python代码实现Web应用的注入](https://www.anquanke.com/post/id/84891/)\n- 2016.11 [sethsec] [Exploiting Python Code Injection in Web Applications](https://sethsec.blogspot.com/2016/11/exploiting-python-code-injection-in-web.html)\n- 2016.10 [360] [AtomBombing：全新的Windows代码注入技术](https://www.anquanke.com/post/id/84818/)\n- 2016.10 [ensilo] [AtomBombing: A Code Injection that Bypasses Current Security Solutions](https://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions)\n- 2016.10 [venus] [代码审计就该这么来 - 2 Mlecms 注入](https://paper.seebug.org/78/)\n- 2016.10 [insinuator] [Linq Injection – From Attacking Filters to Code Execution](https://insinuator.net/2016/10/linq-injection-from-attacking-filters-to-code-execution/)\n- 2016.10 [polaris] [PHP Code Injection Analysis](http://polaris-lab.com/index.php/archives/254/)\n- 2016.10 [JackkTutorials] [How to perform Remote Code Injection attacks *REUPLOADED*](https://www.youtube.com/watch?v=AuNwk--lfxU)\n- 2016.09 [forcepoint] [Highly Evasive Code Injection Awaits User Interaction Before Delivering Malware](https://www.forcepoint.com/blog/security-labs/highly-evasive-code-injection-awaits-user-interaction-delivering-malware)\n- 2016.08 [artsploit] [[demo.paypal.com] Node.js code injection (RCE)](http://artsploit.blogspot.com/2016/08/pprce2.html)\n- 2016.07 [suchakra] [Unravelling Code Injection in Binaries](https://suchakra.wordpress.com/2016/07/03/unravelling-code-injection-in-binaries/)\n- 2016.03 [yifan] [3DS Code Injection through \"Loader\"](http://yifan.lu/2016/03/28/3ds-code-injection-through-loader/)\n- 2015.12 [hexacorn] [IME code injection (old)](http://www.hexacorn.com/blog/2015/12/17/ime-code-injection-old/)\n- 2015.08 [securiteam] [SSD Advisory – Symantec NetBackup OpsCenter Server Java Code Injection RCE](https://blogs.securiteam.com/index.php/archives/2557)\n- 2015.04 [sensecy] [MitM Attacks Pick Up Speed – A Russian Coder Launches a New Web Injection Coding Service](https://blog.sensecy.com/2015/04/21/mitm-attacks-pick-up-speed-a-russian-coder-launches-a-new-web-injection-coding-service/)\n- 2015.03 [pediy] [[原创]代码注入器源码献上](https://bbs.pediy.com/thread-198771.htm)\n- 2014.12 [] [逐浪CMS2个文件两个注入5处问题代码 另附其他注入绕过方式](http://0day5.com/archives/2627/)\n- 2014.11 [] [代码审计：大米CMS注入](http://www.91ri.org/11542.html)\n- 2014.10 [arxiv] [[1410.7756] Code Injection Attacks on HTML5-based Mobile Apps](https://arxiv.org/abs/1410.7756)\n- 2014.09 [tribalchicken] [Bash bug allows code injection attack](https://tribalchicken.io/bash-bug-allows-code-injection-attack/)\n- 2014.09 [digitaloperatives] [OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection: Local Use](https://www.digitaloperatives.com/2014/09/25/os-x-vmware-fusion-privilege-escalation-via-bash-environment-code-injection/)\n- 2014.09 [tribalchicken] [Bash bug allows code injection attack](https://tribalchicken.net/bash-bug-allows-code-injection-attack/)\n- 2014.08 [] [HTML5 App的代码注入攻击](http://www.91ri.org/10496.html)\n- 2014.03 [pediy] [[原创]对笔记本 Inject code 实验](https://bbs.pediy.com/thread-185635.htm)\n- 2014.01 [] [U-Mail注入之任意代码写入exp](http://0day5.com/archives/1210/)\n- 2013.12 [lowleveldesign] [Injecting code into .NET applications](https://lowleveldesign.org/2013/12/28/injecting-code-into-net-applications/)\n- 2013.11 [imperva] [Threat Advisory: A JBoss AS Exploit, Web Shell code Injection.](https://www.imperva.com/blog/2013/11/threat-advisory-a-jboss-as-exploit-web-shell-code-injection/)\n- 2013.08 [scotthelme] [Code Injection - TLS (SSL) is not all about privacy, it's about integrity too](https://scotthelme.co.uk/ssl-about-integrity-too/)\n- 2013.08 [sans] [BBCode tag \"[php]\" used to inject php code](https://isc.sans.edu/forums/diary/BBCode+tag+php+used+to+inject+php+code/16291/)\n- 2013.05 [hackingarticles] [Exploit Remote PC using Firefox 17.0.1 + Flash Privileged Code Injection](http://www.hackingarticles.in/exploit-remote-pc-using-firefox-17-0-1-flash-privileged-code-injection/)\n- 2013.04 [freebuf] [[php 代码审计]Espcms 暴力注入](http://www.freebuf.com/vuls/8185.html)\n- 2013.03 [pediy] [[原创]手机毒霸去广告功能分析三：java代码（dex）注入](https://bbs.pediy.com/thread-166480.htm)\n- 2012.12 [hackingarticles] [Bypassing Antivirus using Multi Pyinjector Shell Code Injection in SET Toolkit](http://www.hackingarticles.in/bypassing-antivirus-using-multi-pyinjector-shellcode-injection-in-set-toolkit/)\n- 2012.12 [freebuf] [向正在运行的Linux应用程序注入代码](http://www.freebuf.com/articles/system/6388.html)\n- 2012.11 [debasish] [Suicide via Remote Code Injection](http://www.debasish.in/2012/11/suicide-via-remote-code-injection.html)\n- 2012.10 [volatility] [Reverse Engineering Poison Ivy's Injected Code Fragments](https://volatility-labs.blogspot.com/2012/10/reverse-engineering-poison-ivys.html)\n- 2012.08 [cert] [More human than human – Flame’s code injection techniques](https://www.cert.pl/en/news/single/more-human-than-human-flames-code-injection-techniques/)\n- 2012.07 [welivesecurity] [Rovnix.D: the code injection story](https://www.welivesecurity.com/2012/07/27/rovnix-d-the-code-injection-story/)\n- 2012.06 [welivesecurity] [ZeroAccess: code injection chronicles](https://www.welivesecurity.com/2012/06/25/zeroaccess-code-injection-chronicles/)\n- 2012.06 [freebuf] [[方法分享]利用输入框进行恶意代码注入](http://www.freebuf.com/articles/4316.html)\n- 2012.06 [hackingarticles] [How to Attack on Remote PC using HTTP Code Injection Technique](http://www.hackingarticles.in/how-to-attack-on-remote-pc-using-http-code-injection-technique/)\n- 2012.04 [pediy] [[原创]今天突然想注入，写了点代码](https://bbs.pediy.com/thread-148886.htm)\n- 2012.02 [trustwave] [[Honeypot Alert] phpMyAdmin Code Injection Attacks for Botnet Recruitment](https://www.trustwave.com/Resources/SpiderLabs-Blog/-Honeypot-Alert--phpMyAdmin-Code-Injection-Attacks-for-Botnet-Recruitment/)\n- 2011.12 [pediy] [[原创]自己写的一个为可执行文件注入代码的API，使用超级方便](https://bbs.pediy.com/thread-143691.htm)\n- 2011.07 [pediy] [[原创]借腹怀胎的注入代码个人理解](https://bbs.pediy.com/thread-137090.htm)\n- 2011.06 [forcepoint] [Malware campaign uses direct injection of Java exploit code](https://www.forcepoint.com/blog/security-labs/malware-campaign-uses-direct-injection-java-exploit-code)\n- 2010.05 [pediy] [[翻译]注入你的代码到可执行文件](https://bbs.pediy.com/thread-113871.htm)\n- 2009.03 [pediy] [[原创]如何向WM程序注入代码[1]总纲](https://bbs.pediy.com/thread-84327.htm)\n- 2009.01 [arxiv] [[0901.3482] Code injection attacks on harvard-architecture devices](https://arxiv.org/abs/0901.3482)\n- 2008.11 [travisgoodspeed] [MicaZ Code Injection](http://travisgoodspeed.blogspot.com/2008/11/micaz-code-injection.html)\n- 2008.09 [secshoggoth] [SEO Code Injection](http://secshoggoth.blogspot.com/2008/09/seo-code-injection.html)\n- 2008.07 [reverse] [Mac OS X Code injection](https://reverse.put.as/2008/07/03/mac-os-x-code-injection/)\n- 2007.09 [travisgoodspeed] [Memory-Constrained Code Injection](http://travisgoodspeed.blogspot.com/2007/09/memory-constrained-code-injection.html)\n- 2007.02 [sans] [more code injection sites 8.js](https://isc.sans.edu/forums/diary/more+code+injection+sites+8js/2178/)\n- 2006.12 [pediy] [[翻译]注入 动态生成及混淆的恶意代码的检测](https://bbs.pediy.com/thread-35766.htm)\n- 2006.08 [pediy] [[翻译]向导入表中注入代码](https://bbs.pediy.com/thread-30166.htm)\n- 2006.04 [pediy] [翻译：向PE中注入代码（4.17修改）](https://bbs.pediy.com/thread-24183.htm)\n- 2005.07 [pediy] [Code Injection破解Armadillo V4.20单进程加壳程序――FTPRush Unicode V1.0.RC6.build.568](https://bbs.pediy.com/thread-15403.htm)\n- 2005.06 [pediy] [Hying's Armor v0.7x Code Injection](https://bbs.pediy.com/thread-14294.htm)\n- 2005.05 [pediy] [EnCryptPE v2 Code injection](https://bbs.pediy.com/thread-13896.htm)\n- 2005.05 [pediy] [ARM3.7x-4.1CopyMEMII Code injection](https://bbs.pediy.com/thread-13656.htm)\n- 2005.04 [pediy] [OBSIDIUM 1.25 Code Injection](https://bbs.pediy.com/thread-13283.htm)\n- 2005.04 [pediy] [Armadillo 3.7X-4.X Code Injection](https://bbs.pediy.com/thread-13280.htm)\n- 2004.09 [pediy] [[翻译]利用代码注入脱壳](https://bbs.pediy.com/thread-4541.htm)\n\n\n# \u003ca id=\"a5458e6ee001b754816237b9a2108569\"\u003e\u003c/a\u003eShellcode注入\n\n\n***\n\n\n## \u003ca id=\"28e1b534eae8d37d8fc1d212f0db0263\"\u003e\u003c/a\u003e工具\n\n\n- [**2209**星][4m] [Py] [trustedsec/unicorn](https://github.com/trustedsec/unicorn) 通过PowerShell降级攻击, 直接将Shellcode注入到内存\n- [**476**星][21d] [Py] [trustedsec/meterssh](https://github.com/trustedsec/meterssh) 将Shellcode注入内存，然后通过SSH隧道传输（端口任选，并伪装成普通SSH连接）\n- [**225**星][4m] [PS] [outflanknl/excel4-dcom](https://github.com/outflanknl/excel4-dcom) PowerShell和Cobalt Strike脚本，通过DCOM执行Excel4.0/XLM宏实现横向渗透（直接向Excel.exe注入Shellcode）\n- [**112**星][2m] [C++] [josh0xa/threadboat](https://github.com/josh0xA/ThreadBoat) 使用线程执行劫持将本机shellcode注入到标准的Win32应用程序中\n- [**77**星][4m] [C] [dimopouloselias/simpleshellcodeinjector](https://github.com/dimopouloselias/simpleshellcodeinjector) 接收十六进制的shellcode作为参数并执行它\n- [**66**星][2m] [Py] [sensepost/anapickle](https://github.com/sensepost/anapickle) 用Python的Pickle语言编写shellcode和操作Pickle注入shellcode的工具集。\n- [**43**星][1m] [Py] [borjamerino/tlsinjector](https://github.com/borjamerino/tlsinjector) Python script to inject and run shellcodes through TLS callbacks\n- [**27**星][2y] [Py] [taroballzchen/shecodject](https://github.com/TaroballzChen/shecodject) shecodject is a autoscript for shellcode injection by Python3 programing\n- [**19**星][5y] [C] [jorik041/cymothoa](https://github.com/jorik041/cymothoa) Cymothoa is a backdooring tool, that inject backdoor's shellcode directly into running applications. Stealth and lightweight...\n- [**16**星][9m] [PLpgSQL] [michaelburge/redshift-shellcode](https://github.com/michaelburge/redshift-shellcode) Example of injecting x64 shellcode into Amazon Redshift\n- [**10**星][1y] [C++] [egebalci/injector](https://github.com/egebalci/injector) Simple shellcode injector.\n- [**4**星][3y] [Shell] [thepisode/linux-shellcode-generator](https://github.com/thepisode/linux-shellcode-generator) Experiments on Linux Assembly shellcodes injection\n- [**None**星][Go] [pioneerhfy/goback](https://github.com/pioneerhfy/goback) GOback is a backdoor written in GO that use shellcode injection technique for achiving its task.\n\n\n***\n\n\n## \u003ca id=\"c6942bb5275f5b62a41238c6042b2b81\"\u003e\u003c/a\u003e文章\n\n\n- 2020.03 [hakin9] [Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.](https://hakin9.org/unicorn-is-a-simple-tool-for-using-a-powershell-downgrade-attack-and-inject-shellcode-straight-into-memory/)\n- 2019.12 [aliyun] [手工shellcode注入PE文件](https://xz.aliyun.com/t/6939)\n- 2019.11 [4hou] [代码注入技术之Shellcode注入](https://www.4hou.com/web/21784.html)\n- 2019.11 [ColinHardy] [Excel 4.0 Macros Analysis - Cobalt Strike Shellcode Injection](https://www.youtube.com/watch?v=XnN_UWfHlNM)\n- 2019.06 [360] [Arm平台Ptrace注入shellcode技术](https://www.anquanke.com/post/id/179985/)\n- 2018.09 [pediy] [[分享]绝对牛逼哄哄的shellcode内存注入,支持64,32,远程内存注入,支持VMP壳最大强度保护](https://bbs.pediy.com/thread-246934.htm)\n- 2018.05 [cobaltstrike] [PowerShell Shellcode Injection on Win 10 (v1803)](https://blog.cobaltstrike.com/2018/05/24/powershell-shellcode-injection-on-win-10-v1803/)\n- 2017.12 [pentesttoolz] [Shecodject – Autoscript for Shellcode Injection](https://pentesttoolz.com/2017/12/30/shecodject-autoscript-for-shellcode-injection/)\n- 2017.12 [MalwareAnalysisForHedgehogs] [Malware Analysis - ROKRAT Unpacking from Injected Shellcode](https://www.youtube.com/watch?v=uoBQE5s2ba4)\n- 2017.11 [freebuf] [Metasploit自动化Bypass Av脚本：Shecodject X Shellcode Injection](http://www.freebuf.com/sectool/154356.html)\n- 2017.01 [christophertruncer] [Shellcode Generation, Manipulation, and Injection in Python 3](https://www.christophertruncer.com/shellcode-manipulation-and-injection-in-python-3/)\n- 2015.12 [dhavalkapil] [Shellcode Injection](https://dhavalkapil.com/blogs/Shellcode-Injection/)\n- 2015.12 [n0where] [Dynamic Shellcode Injection: Shellter](https://n0where.net/dynamic-shellcode-injection-shellter)\n- 2015.10 [freebuf] [Kali Shellter 5.1：动态ShellCode注入工具 绕过安全软件](http://www.freebuf.com/sectool/81955.html)\n- 2015.07 [BsidesLisbon] [BSidesLisbon2015 - Shellter - A dynamic shellcode injector - Kyriakos Economou](https://www.youtube.com/watch?v=TunWNHYrWp8)\n- 2015.06 [freebuf] [动态Shellcode注入工具 – Shellter](http://www.freebuf.com/sectool/71230.html)\n- 2015.06 [shelliscoming] [TLS Injector: running shellcodes through TLS callbacks](http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html)\n- 2014.08 [toolswatch] [Shellter v1.7 A Dynamic ShellCode Injector – Released](http://www.toolswatch.org/2014/08/shellter-v1-7-a-dynamic-shellcode-injector-released/)\n- 2014.06 [toolswatch] [[New Tool] Shellter v1.0 A Dynamic ShellCode Injector – Released](http://www.toolswatch.org/2014/06/new-tool-shellter-v1-0-a-dynamic-shellcode-injector-released/)\n- 2013.06 [debasish] [Injecting Shellcode into a Portable Executable(PE) using Python](http://www.debasish.in/2013/06/injecting-shellcode-into-portable.html)\n- 2013.05 [trustedsec] [Native PowerShell x86 Shellcode Injection on 64-bit Platforms](https://www.trustedsec.com/2013/05/native-powershell-x86-shellcode-injection-on-64-bit-platforms/)\n- 2013.05 [pediy] [[原创]内核ShellCode注入的一种方法](https://bbs.pediy.com/thread-170959.htm)\n- 2012.10 [hackingarticles] [Cymothoa – Runtime shellcode injection Backdoors](http://www.hackingarticles.in/cymothoa-runtime-shellcode-injection-for-stealthy-backdoors/)\n- 2012.09 [hackingarticles] [PyInjector Shellcode Injection attack on Remote PC using Social Engineering Toolkit](http://www.hackingarticles.in/pyinjector-shellcode-injection-attack-on-remote-windows-pc-using-social-engineering-toolkit/)\n- 2012.08 [trustedsec] [New tool PyInjector Released – Python Shellcode Injection](https://www.trustedsec.com/2012/08/new-tool-pyinjector-released-python-shellcode-injection/)\n- 2007.01 [pediy] [《The Shellcoder's handbook》第十四章_故障注入](https://bbs.pediy.com/thread-38713.htm)\n\n\n# \u003ca id=\"3584002eaa30b92479c1e1c2fc6ce4ef\"\u003e\u003c/a\u003eELF注入\n\n\n***\n\n\n## \u003ca id=\"b423b830472372349203f88cf64c6814\"\u003e\u003c/a\u003e工具\n\n\n- [**269**星][10d] [Shell] [cytopia/pwncat](https://github.com/cytopia/pwncat) pwncat - netcat on steroids with Firewall, IDS/IPS evasion, bind and reverse shell, self-injecting shell and port forwarding magic - and its fully scriptable with Python (PSE)\n- [**106**星][14d] [C] [comsecuris/luaqemu](https://github.com/comsecuris/luaqemu) QEMU-based framework exposing several of QEMU-internal APIs to a LuaJIT core injected into QEMU itself. Among other things, this allows fast prototyping of target systems without any native code and minimal effort in Lua.\n- [**73**星][10d] [C] [zznop/drow](https://github.com/zznop/drow) Injects code into ELF executables post-build\n- [**45**星][1m] [C] [jmpews/evilelf](https://github.com/jmpews/evilelf) Malicious use of ELF such as .so inject, func hook and so on.\n- [**26**星][4m] [C++] [shaxzy/nixware-csgo](https://github.com/shaxzy/nixware-csgo) Source code of Nixware. Cheat doesn't inject for some reason, fix it uself or just paste from it\n- [**9**星][3m] [C] [mfaerevaag/elfinjector](https://github.com/mfaerevaag/elfinjector) Code injector for ELF binaries (incl. PIE)\n- [**1**星][2y] [JS] [mshoop/web-xss-attack](https://github.com/mshoop/web-xss-attack) Exploring website security through cross-site scripting attacks, maliciously injected JavaScript and self-propagating worms\n\n\n***\n\n\n## \u003ca id=\"0a853f9e3f9ccb0663007d3a508ce02b\"\u003e\u003c/a\u003e文章\n\n\n- 2020.02 [advancedpersistentjest] [Fault Injection on Linux: Practical KERNELFAULT-Style Attacks](https://advancedpersistentjest.com/2020/02/15/fault-injection-on-linux-practical-kernelfault-style-attacks/)\n- 2018.08 [0x00sec] [Issues with elf file injection tutorial by pico](https://0x00sec.org/t/issues-with-elf-file-injection-tutorial-by-pico/8029/)\n- 2017.12 [MSbluehat] [BlueHat v17 || KERNELFAULT: R00ting the Unexploitable using Hardware Fault Injection](https://www.slideshare.net/MSbluehat/kernelfault-r00ting-the-unexploitable-using-hardware-fault-injection)\n- 2016.05 [0x00sec] [ELFun File Injector](https://0x00sec.org/t/elfun-file-injector/410/)\n- 2016.04 [backtrace] [ELF shared library injection forensics](https://backtrace.io/blog/backtrace/elf-shared-library-injection-forensics/)\n- 2014.02 [malwarebytes] [How to Unpack a Self-Injecting Citadel Trojan](https://blog.malwarebytes.com/threat-analysis/2014/02/how-to-unpack-a-self-injecting-citadel-trojan/)\n- 2014.02 [evilsocket] [Termination and Injection Self Defense on Windows \u003e= Vista SP1](https://www.evilsocket.net/2014/02/05/termination-and-injection-self-defense-on-windows/)\n- 2010.03 [publicintelligence] [ELF/VLF Wave-injection and Magnetospheric Probing with HAARP](https://publicintelligence.net/elfvlf-wave-injection-and-magnetospheric-probing-with-haarp/)\n\n\n# \u003ca id=\"108c798de24e7ce6fde0cafe99eec5b3\"\u003e\u003c/a\u003eDylib注入\n\n\n***\n\n\n## \u003ca id=\"12df48702564d73c275c72133546d73e\"\u003e\u003c/a\u003e工具\n\n\n- [**2032**星][3y] [Swift] [urinx/iosapphook](https://github.com/urinx/iosapphook) 专注于非越狱环境下iOS应用逆向研究，从dylib注入，应用重签名到App Hook\n- [**752**星][5y] [ObjC] [kjcracks/yololib](https://github.com/kjcracks/yololib) dylib injector for mach-o binaries\n- [**506**星][13d] [Objective-C++] [bishopfox/bfinject](https://github.com/bishopfox/bfinject) Dylib injection for iOS 11.0 - 11.1.2 with LiberiOS and Electra jailbreaks\n- [**191**星][3m] [Swift] [codesourse/iinjection](https://github.com/codesourse/iinjection)  an app for OS X that can inject dylib and (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.\n- [**173**星][16d] [C] [scen/osxinj](https://github.com/scen/osxinj) osx dylib injection\n\n\n***\n\n\n## \u003ca id=\"0af1332c6476d1a8f98046542e925282\"\u003e\u003c/a\u003e文章\n\n\n- 2014.05 [pediy] [[原创]iOS下远程进程注入dylib源码](https://bbs.pediy.com/thread-187833.htm)\n\n\n# \u003ca id=\"06fc9c584b797f97731e3c49886dcc08\"\u003e\u003c/a\u003eAndroid\n\n\n***\n\n\n## \u003ca id=\"4c02a0ba65fa4f582ec590ce1e070822\"\u003e\u003c/a\u003e工具\n\n\n- [**1300**星][4m] [JS] [megatronking/httpcanary](https://github.com/megatronking/httpcanary) 一个强大的捕获和注入工具的Android平台\n- [**475**星][3y] [Smali] [sensepost/kwetza](https://github.com/sensepost/kwetza) Python 脚本，将 Meterpreter payload 注入 Andorid App\n- [**447**星][9m] [Java] [megatronking/netbare](https://github.com/megatronking/netbare) Net packets capture \u0026 injection library designed for Android\n- [**252**星][16d] [Py] [feicong/jni_helper](https://github.com/feicong/jni_helper) AndroidSO自动化分析工具（非虫）\n- [**148**星][4m] [Java] [zhouat/inject-hook](https://github.com/zhouat/inject-hook) for android\n- [**144**星][3y] [C] [xmikos/setools-android](https://github.com/xmikos/setools-android) Unofficial port of setools to Android with additional sepolicy-inject utility included\n- [**136**星][11d] [Lua] [lanoox/luject](https://github.com/lanoox/luject) A static injector of dynamic library for application (android, iphoneos, macOS, windows, linux)\n- [**122**星][5y] [irsl/adb-backup-apk-injection](https://github.com/irsl/adb-backup-apk-injection) Android ADB backup APK Injection POC\n- [**97**星][4y] [Shell] [jlrodriguezf/whatspwn](https://github.com/jlrodriguezf/whatspwn) Linux tool used to extract sensitive data, inject backdoor or drop remote shells on android devices.\n- [**76**星][4y] [Py] [moosd/needle](https://github.com/moosd/needle) Android framework injection made easy\n- [**56**星][4m] [C] [shunix/tinyinjector](https://github.com/shunix/tinyinjector) Shared Library Injector on Android\n- [**55**星][4m] [Java] [igio90/fridaandroidinjector](https://github.com/igio90/fridaandroidinjector) Inject frida agents on local processes through an Android app\n- [**52**星][2m] [Py] [alessandroz/pupy](https://github.com/alessandroz/pupy) Python编写的远控、后渗透工具，跨平台（Windows, Linux, OSX, Android）\n- [**52**星][14d] [TS] [whid-injector/whid-mobile-connector](https://github.com/whid-injector/whid-mobile-connector) Android Mobile App for Controlling WHID Injector remotely.\n- [**48**星][16d] [Py] [ikoz/jdwp-lib-injector](https://github.com/ikoz/jdwp-lib-injector) inject native shared libraries into debuggable Android applications\n- [**46**星][30d] [Shell] [jbreed/apkinjector](https://github.com/jbreed/apkinjector) Android APK Antivirus evasion for msfvenom generated payloads to inject into another APK file for phishing attacks.\n- [**40**星][8m] [Java] [ivianuu/contributer](https://github.com/ivianuu/contributer) Inject all types like views or a conductor controllers with @ContributesAndroidInjector\n- [**33**星][1y] [Groovy] [eastwoodyang/autoinject](https://github.com/eastwoodyang/autoinject) Android 通用的组件自动注册、自动初始化解决方案\n- [**30**星][6m] [Java] [cristianturetta/mad-spy](https://github.com/cristianturetta/mad-spy) 一个用于教育目的的恶意软件\n- [**24**星][5m] [Smali] [aress31/sci](https://github.com/aress31/sci) 用于在Android应用程序中自动化汇编代码注入(trojanting)过程的框架\n- [**13**星][11m] [JS] [cheverebe/android-malware](https://github.com/cheverebe/android-malware) Injected malicious code into legitimate andoid applications. Converted a keyboard app into a keylogger and an MP3 downloader into an image thief.\n\n\n***\n\n\n## \u003ca id=\"9ff27f3143a5c619b554185069ecffb0\"\u003e\u003c/a\u003e文章\n\n\n- 2018.01 [pediy] [[分享][原创]修改android app_process elf (实现rrrfff大神 \u003candroid全局注入\u003e第一步)](https://bbs.pediy.com/thread-224297.htm)\n- 2017.08 [360] [Dvmap：第一款使用代码注入的Android恶意软件](https://www.anquanke.com/post/id/86648/)\n- 2017.06 [4hou] [小心！Google Play 中出现首个使用代码注入Android恶意软件——Dvmap](http://www.4hou.com/vulnerable/5364.html)\n- 2017.06 [securelist] [卡巴斯基首次发现代码注入的 Android 恶意 App：运行时将恶意代码注入系统库 libdmv.so 或者 libandroid_runtime.so。此恶意 App 甚至支持64位 Android 系统](https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/)\n- 2015.05 [evilsocket] [Android Native API Hooking With Library Injection and ELF Introspection.](https://www.evilsocket.net/2015/05/04/android-native-api-hooking-with-library-injecto/)\n- 2015.05 [evilsocket] [Dynamically Inject a Shared Library Into a Running Process on Android/ARM](https://www.evilsocket.net/2015/05/01/dynamically-inject-a-shared-library-into-a-running-process-on-androidarm/)\n- 2011.10 [pediy] [[原创]发个Android平台上的注入代码](https://bbs.pediy.com/thread-141355.htm)\n- 2011.09 [winsunxu] [android注入代码之注入类方法](https://blog.csdn.net/winsunxu/article/details/6771905)\n- 2011.09 [winsunxu] [android注入代码，再议寄存器平衡](https://blog.csdn.net/winsunxu/article/details/6756857)\n- 2011.09 [winsunxu] [android 代码注入 崩溃 解决方法](https://blog.csdn.net/winsunxu/article/details/6742838)\n\n\n# \u003ca id=\"4ffa5c3eb1f3b85e4c38f6863f5b76b2\"\u003e\u003c/a\u003e其他\n\n\n***\n\n\n## \u003ca id=\"fd5f8ada2d4f47c63c3635427873c79c\"\u003e\u003c/a\u003e工具\n\n\n- [**1044**星][11d] [Go] [banzaicloud/bank-vaults](https://github.com/banzaicloud/bank-vaults) A Vault swiss-army knife: a K8s operator, Go client with automatic token renewal, automatic configuration, multiple unseal options and more. A CLI tool to init, unseal and configure Vault (auth methods, secret engines). Direct secret injection into Pods.\n- [**980**星][12d] [Perl] [infobyte/evilgrade](https://github.com/infobyte/evilgrade) 供应链攻击: 注入虚假的update\n- [**920**星][4m] [C++] [whid-injector/whid](https://github.com/whid-injector/whid) WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids.\n- [**877**星][7m] [C] [spacehuhn/wifi_ducky](https://github.com/spacehuhn/wifi_ducky) 使用ESP8266 + ATMEGA32U4，远程上传、保存和运行按键注入Payload\n- [**577**星][19d] [TS] [samdenty/injectify](https://github.com/samdenty/injectify) 对网站实行中间人攻击的框架\n- [**559**星][28d] [Py] [shellphish/fuzzer](https://github.com/shellphish/fuzzer) Americanfuzzy lop 的 Python 版本接口\n- [**555**星][11d] [C] [libnet/libnet](https://github.com/libnet/libnet) 创建和注入网络数据包\n- [**509**星][10d] [C] [nongiach/sudo_inject](https://github.com/nongiach/sudo_inject) [Linux] Two Privilege Escalation techniques abusing sudo token\n- [**501**星][7m] [C] [hasherezade/demos](https://github.com/hasherezade/demos) Demos of various injection techniques found in malware\n- [**463**星][12d] [Perl] [chinarulezzz/pixload](https://github.com/chinarulezzz/pixload) Image Payload Creating/Injecting tools\n- [**427**星][11d] [payloadbox/command-injection-payload-list](https://github.com/payloadbox/command-injection-payload-list) 一种攻击，其目标是通过易受攻击的应用程序在主机操作系统上执行任意命令\n- [**420**星][2y] [C++] [rootm0s/injectors](https://github.com/rootm0s/injectors) DLL/Shellcode injection techniques\n- [**380**星][15d] [veracode-research/solr-injection](https://github.com/veracode-research/solr-injection) Apache Solr注入研究\n- [**380**星][15d] [veracode-research/solr-injection](https://github.com/veracode-research/solr-injection) Apache Solr Injection Research\n- [**356**星][8d] [C++] [spacehuhntech/wifiduck](https://github.com/SpacehuhnTech/WiFiDuck) Wireless keystroke injection attack platform\n- [**320**星][2y] [C++] [exploitagency/esploitv2](https://github.com/exploitagency/esploitv2) 为Atmega 32u4/ESP8266通过串口配对设计的WiFi按键注射工具(Cactus WHID固件)。还提供了串行、HTTP和PASV FTP过滤方法，以及名为ESPortal的集成凭据收割机钓鱼工具。\n- [**317**星][10d] [Py] [pmsosa/duckhunt](https://github.com/pmsosa/duckhunt) Prevent RubberDucky (or other keystroke injection) attacks\n- [**308**星][12d] [C] [pulkin/esp8266-injection-example](https://github.com/pulkin/esp8266-injection-example) Example project to demonstrate packet injection / sniffer capabilities of ESP8266 IC.\n- [**299**星][18d] [HTML] [dxa4481/cssinjection](https://github.com/dxa4481/cssinjection) Stealing CSRF tokens with CSS injection (without iFrames)\n- [**297**星][2y] [C] [can1357/theperfectinjector](https://github.com/can1357/theperfectinjector) Literally, the perfect injector.\n- [**284**星][4m] [C++] [fransbouma/injectablegenericcamerasystem](https://github.com/fransbouma/injectablegenericcamerasystem) This is a generic camera system to be used as the base for cameras for taking screenshots within games. The main purpose of the system is to hijack the in-game 3D camera by overwriting values in its camera structure with our own values so we can control where the camera is located, it's pitch/yaw/roll values, its FoV and the camera's look vector.\n- [**265**星][19d] [C] [astsam/rtl8812au](https://github.com/astsam/rtl8812au) RTL8812AU/21AU and RTL8814AU driver with monitor mode and frame injection\n- [**265**星][17d] [Java] [portswigger/collaborator-everywhere](https://github.com/portswigger/collaborator-everywhere) Burp Suite 扩展，通过注入非侵入性 headers 来增强代理流量，通过引起 Pingback 到 Burp Collaborator 来揭露后端系统\n- [**264**星][2y] [Py] [thetwitchy/xxer](https://github.com/thetwitchy/xxer) A blind XXE injection callback handler. Uses HTTP and FTP to extract information. Originally written in Ruby by ONsec-Lab.\n- [**255**星][14d] [Py] [nteseyes/pylane](https://github.com/nteseyes/pylane) An python vm injector with debug tools, based on gdb.\n- [**254**星][16d] [C] [klsecservices/invoke-vnc](https://github.com/klsecservices/Invoke-Vnc)  executes a VNC agent in-memory and initiates a reverse connection, or binds to a specified port. \n- [**242**星][11d] [JS] [sjitech/proxy-login-automator](https://github.com/sjitech/proxy-login-automator) A single node.js script to automatically inject user/password to http proxy server via a local forwarder\n- [**215**星][12d] [Py] [google/ukip](https://github.com/google/ukip) USB Keystroke Injection Protection\n- [**212**星][2y] [HTML] [xsscx/commodity-injection-signatures](https://github.com/xsscx/commodity-injection-signatures) Commodity Injection Signatures, Malicious Inputs, XSS, HTTP Header Injection, XXE, RCE, Javascript, XSLT\n- [**211**星][12d] [C++] [hiitiger/gelectron](https://github.com/hiitiger/gelectron) gameoverlay solution for Electron, Qt and CEF, just like discord game overlay and steam game overlay, inject any app to overlay in your game\n- [**197**星][5y] [Py] [offensivepython/pinject](https://github.com/OffensivePython/Pinject) Raw Packet Injection tool\n- [**170**星][3y] [HTML] [threatexpress/metatwin](https://github.com/threatexpress/metatwin) The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.\n- [**158**星][11d] [C] [aircrack-ng/rtl8188eus](https://github.com/aircrack-ng/rtl8188eus) RealTek RTL8188eus WiFi driver with monitor mode \u0026 frame injection support\n- [**157**星][7d] [icehacks/survivcheatinjector](https://github.com/icehacks/survivcheatinjector) An actual, updated, surviv.io cheat. Works great and we reply fast.\n- [**149**星][25d] [Shell] [depoon/iosdylibinjectiondemo](https://github.com/depoon/iosdylibinjectiondemo) Using this Repository to demo how to inject dynamic libraries into cracked ipa files for jailed iOS devices\n- [**144**星][2m] [Py] [shengqi158/pyvulhunter](https://github.com/shengqi158/pyvulhunter) python audit tool 审计 注入 inject\n- [**141**星][18d] [Ruby] [dry-rb/dry-auto_inject](https://github.com/dry-rb/dry-auto_inject) Container-agnostic constructor injection mixin\n- [**140**星][12d] [Go] [malfunkt/arpfox](https://github.com/malfunkt/arpfox) An arpspoof alternative (written in Go) that injects spoofed ARP packets into a LAN.\n- [**135**星][16d] [Py] [cr0hn/enteletaor](https://github.com/cr0hn/enteletaor) Message Queue \u0026 Broker Injection tool\n- [**134**星][3m] [C++] [michalmonday/supremeduck](https://github.com/michalmonday/supremeduck) USB keystroke injector controlled by smartphone.\n- [**131**星][5y] [Py] [ricterz/websocket-injection](https://github.com/ricterz/websocket-injection) WebSocket 中转注入工具\n- [**127**星][18d] [Py] [mandatoryprogrammer/xsshunter_client](https://github.com/mandatoryprogrammer/xsshunter_client","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphaseclab%2Finjection-stuff","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falphaseclab%2Finjection-stuff","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphaseclab%2Finjection-stuff/lists"}