RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
-
Updated
Jul 1, 2015 - C++
RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
C++ application that uses memory and code hooks to detect packers
Simple protector to show how to run a payload without dropping it using RunPE Technique
Mystery Legacy Repo is for advanced penetration tools
A VBA implementation of the RunPE technique or how to bypass application whitelisting.
Golang version of https://github.com/hasherezade/libpeconv
Software Protector
An implementation of the Process Hollowing technique.
execute a PE in the address space of another PE aka process hollowing
Demos of various injection techniques found in malware
Implementation of process hollowing on x32 .
Cronos Crypter is an simple example of crypter created for educational purposes.
Delphi Process Hollowing, Updated.
Carbon Crypter / Packer
ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports payload-side
ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
Add a description, image, and links to the runpe topic page so that developers can more easily learn about it.
To associate your repository with the runpe topic, visit your repo's landing page and select "manage topics."