Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT

Manual mapping without creating any threads, with rw only access
https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT

Last synced: 4 days ago
JSON representation

Manual mapping without creating any threads, with rw only access

Host: GitHub
URL: https://github.com/mactec0/Kernelmode-manual-mapping-through-IAT
Owner: mactec0
Created: 2019-03-05T23:36:09.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-10-29T21:41:21.000Z (about 5 years ago)
Last Synced: 2024-06-11T02:03:54.375Z (5 months ago)
Language: C++
Homepage:
Size: 29.3 KB
Stars: 628
Watchers: 15
Forks: 126
Open Issues: 9
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        ## Manual mapping x64 without creating any threads

Instead of using CreateRemoteThread or typical thread hijacking methods(e.g. GetThreadContext), 

this mapper injects into code flow through import table. 

Address of function is overwritten with stub address, it is later restored after calling the stub.

It supports interacting with the process by handle or kernel driver.

Injecting with a driver allows you to execute code inside protected processes. 

#### Usage:

```cpp

mmap mapper(INJECTION_TYPE::KERNEL); // or INJECTION_TYPE::USERMODE

if (!mapper.attach_to_process("example_process.exe"))

	return 1;

if (!mapper.load_dll("example_dll.dll"))

	return 1;

if (!mapper.inject())

	return 1;

```

![](https://i.imgur.com/cKyFRrb.png)

#### Credits

- [teosek](https://github.com/teosek "teosek") //usermode_proc class, import walking

- Daquas //testing