https://github.com/evilbytecode/self-run-pe

Self PE Injector in C++, using NtApi.
https://github.com/evilbytecode/self-run-pe

Last synced: 15 days ago
JSON representation

Self PE Injector in C++, using NtApi.

Host: GitHub
URL: https://github.com/evilbytecode/self-run-pe
Owner: EvilBytecode
Created: 2024-10-24T19:28:11.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-10-24T19:39:44.000Z (6 months ago)
Last Synced: 2025-03-26T08:37:32.378Z (about 1 month ago)
Language: C++
Homepage:
Size: 7.81 KB
Stars: 7
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Self-Run-PE

Self-Run-PE is a Windows-based process injection tool that allocates memory in a remote process and writes a copy of the current process's image into that memory. It uses direct system calls to perform the injection and execute code in the target process. This project demonstrates how to utilize low-level Windows APIs such as `NtOpenProcess`, `NtAllocateVirtualMemory`, `NtWriteVirtualMemory`, and `NtCreateThreadEx` to achieve process injection.

## Features

- **Process Injection**: Injects code into a target process by writing the current process's image into the target's memory space.
- **Base Relocation Fixing**: Handles base relocations to ensure the injected PE works correctly when mapped at a different base address.
- **Thread Execution**: Creates a remote thread in the target process to execute the injected code.

## Usage:
.\inject.exe notepad.exe

- Made by Evilbytecode aka Ebyte

## PoC:
![image](https://github.com/user-attachments/assets/18415099-2b78-4a7c-9dd3-ff90cf0ed3f6)

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/evilbytecode/self-run-pe

Awesome Lists containing this project

README