Skip to content

BenjaminSoelberg/ReflectivePELoader

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ReflectivePELoader

POC Reflective PE loader for DLL injection.
Base on code found on https://www.youtube.com/watch?v=X393OZqSPUk with some modifications to make it work.

Other Reflective PE Loaders:
https://github.com/stephenfewer/ReflectiveDLLInjection
https://github.com/DarthTon/Blackbone Swiss army knife
https://github.com/dismantl/ImprovedReflectiveDLLInjection this one is very very cool
https://github.com/Professor-plum/Reflective-Driver-Loader very cool as well
https://github.com/countercept/doublepulsar-usermode-injector
https://github.com/azerton/dll_inject_test
https://github.com/ru-faraon/pupy
https://github.com/floomby/injector
https://github.com/amishsecurity/paythepony
https://github.com/BorjaMerino/Pazuzu
https://github.com/Frenda/libScanHook/blob/master/libScanHook/PeLoader.cpp
https://github.com/apriorit/ReflectiveDLLInjection
https://github.com/uItra/Injectora
https://github.com/fancycode/MemoryModule
https://github.com/mq1n/SonicInjector

Various tools:
https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher
https://github.com/CylanceVulnResearch/upx/tree/reflective_dll
https://github.com/papadp/reflective-injection-detection
https://github.com/xorrior/WebCam_Dll
https://github.com/psmitty7373/eif
https://github.com/azerton/dll_inject_test
https://github.com/hirnschallsebastian/Breach
https://wikileaks.org/ciav7p1/cms/page_14588718.html
https://github.com/jaredhaight/ReflectCmd
https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra
https://github.com/Jyang772/XOR_Crypter/tree/master/Stub
https://github.com/thereals0beit/RemoteFunctions

Documentation, blog posts and videos:
https://www.endgame.com/blog/technical-blog/hunting-memory
https://en.wikipedia.org/wiki/Portable_Executable
https://upload.wikimedia.org/wikipedia/commons/1/1b/Portable_Executable_32_bit_Structure_in_SVG_fixed.svg
http://stackoverflow.com/questions/18362368/loading-dlls-at-runtime-in-c-sharp
https://www.countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/
https://www.countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
https://zerosum0x0.blogspot.dk/2017/04/doublepulsar-initial-smb-backdoor-ring.html
https://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat
http://blog.harmonysecurity.com/2008/10/new-paper-reflective-dll-injection.html
http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
https://disman.tl/2015/01/30/an-improved-reflective-dll-injection-technique.html
https://disman.tl/2015/03/16/cross-architecture-reflective-dll-inection.html
https://www.youtube.com/watch?v=9U6dtRtSuFo&index=11&list=PLcTmaBQIhUkgvwz3k-JGHUcDlS41fim0x
https://www.youtube.com/watch?v=9L9I1T5QDg

Interesting Microsoft documentation:
https://blogs.msdn.microsoft.com/ntdebugging/2009/01/09/challenges-of-debugging-optimized-x64-code/
https://msdn.microsoft.com/en-us/library/4khtbfyf
https://msdn.microsoft.com/en-us/library/69ze775t.aspx