{"id":13840313,"url":"https://github.com/secrary/InfectPE","last_synced_at":"2025-07-11T07:33:19.595Z","repository":{"id":138365995,"uuid":"89011554","full_name":"secrary/InfectPE","owner":"secrary","description":"InfectPE - Inject custom code into PE file [This project is not maintained anymore]","archived":false,"fork":false,"pushed_at":"2017-04-26T20:03:30.000Z","size":42,"stargazers_count":319,"open_issues_count":3,"forks_count":109,"subscribers_count":23,"default_branch":"master","last_synced_at":"2024-08-05T17:24:57.833Z","etag":null,"topics":["c-plus-plus","malware","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/secrary.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-04-21T18:15:33.000Z","updated_at":"2024-08-02T15:32:00.000Z","dependencies_parsed_at":null,"dependency_job_id":"ba970321-3f01-4560-9a9b-2763be93404d","html_url":"https://github.com/secrary/InfectPE","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrary%2FInfectPE","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrary%2FInfectPE/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrary%2FInfectPE/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/secrary%2FInfectPE/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/secrary","download_url":"https://codeload.github.com/secrary/InfectPE/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225705357,"owners_count":17511275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c-plus-plus","malware","reverse-engineering"],"created_at":"2024-08-04T17:00:45.592Z","updated_at":"2024-11-21T09:31:18.696Z","avatar_url":"https://github.com/secrary.png","language":"C++","funding_links":[],"categories":["C++","C++ (225)"],"sub_categories":[],"readme":"![InfectPE](https://cloud.githubusercontent.com/assets/16405698/25353873/cf8d1058-2941-11e7-806a-b8f41f4f906e.png)\n\nUsing this tool you can inject x-code/shellcode into PE file.\nInjectPE works only with 32-bit executable files.\n\n## Why you need InjectPE?\n* You can test your security products.\n* Use in a phishing campaign.\n* Learn how PE injection works.\n* ...and so on.\n\nIn the project, there is hardcoded x-code of MessageBoxA, you can change it.\n\n## Download\n[Windows x86 binary](https://github.com/secrary/InfectPE/releases) - Hardcoded MessageBoxA x-code, only for demos.\n## Dependencies: \n[vc_redist.x86](https://www.microsoft.com/en-us/download/details.aspx?id=53840) - Microsoft Visual C++ Redistributable\n\n## Usage\n```\n.\\InfectPE.exe .\\input.exe .\\out.exe code\n```\nX-code is injected into code section, this method is more stealthy, but sometimes there is no enough space in the code section.\n\n```\n.\\InfectPE.exe .\\input.exe .\\out.exe largest\n```\n\nX-code is injected into a section with the largest number of zeros, using this method you can inject bigger x-code. This method modifies characteristics of the section and is a bit more suspicious.\n\n```\n.\\InfectPE.exe .\\input.exe .\\out.exe resize\n```\nExpand the size of code section and inject x-code. This technique, like \"code\" one, is less suspicious, also you can inject much bigger x-code.\n\n```\n.\\InfectPE.exe .\\input.exe .\\out.exe new\n```\nCreate a new section and inject x-code into it, hardcoded name of the section is \".infect\"\n\nIn the patched file, ASLR and NX are disabled, for the more technical information you can analyze VS project.\n\nPlease, don't use with packed or malformed executables.\n\n## Demo\n[Vimeo](https://vimeo.com/214230957) - \"code\" and \"largest\" techniques.\n\n[Vimeo](https://vimeo.com/214506728) - \"resize\" technique.\n\n## TODO: \nAdd more techniques to inject x-code into PE file.\n\n## !!!\nI create this project for me to learn a little bit more about PE file format. \n\nThere are no advanced techniques. \n\nJust only for educational purposes.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecrary%2FInfectPE","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecrary%2FInfectPE","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecrary%2FInfectPE/lists"}