InjectProc – Process Injection Techniques

Process injection is a very popular method to hide malicious behavior of code and are heavily used by malware authors.

There are several techniques, which are commonly used: DLL injection, process replacement (a.k.a process hollowing), hook injection and APC injection.

Most of them use same Windows API functions: OpenProcess, VirtualAllocEx, WriteProcessMemory, for detailed information about those functions, use MSDN.

DLL injection:

• Open target process.
• Allocate space.
• Write code into the remote process.
• Execute the remote code.

Process replacement:

• Create target process and suspend it.
• Unmap from memory.
• Allocate space.
• Write headers and sections into the remote process.
• Resume remote thread.

 Download

git clone https://github.com/secrary/InjectProc.git

 Demo

https://www.youtube.com/watch?v=hLPDq9nSHMw

Source: Github