Skip to content

0xreizouko/PPID-Spoofing-process-hollowing-PoC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
cmake
cmake
 
 
libs/phnt
libs/phnt
 
 
resources
resources
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 
app.rc
app.rc
 
 
video.mp4
video.mp4
 
 

Repository files navigation

Purpose

A simple PoC for an injection technique that uses PPID Spoofing to spawn a child process under a browser, then it performs process hollowing using the encrypted payload from resources.

Note

  • I tried to replicate the disassembly of PMA's lab12-02 so some stuff might have better implementation options.
  • I'm open to suggestions but still not sure if I will update this project.

Video

video.mp4

Building code

configure the project

cmake -S . -B build

To build all projects.

cmake --build build

To build a specific project

cmake --build build --target <project_name>

By default the project will be built using Debug config, though it can be configured using --config parameter

cmake --build build --config Release --target <project_name>

You can always omit project_name to build all projects.

To run the project you will find the final exe at build/<project_name>/<config>/ (e.g: build/getVersion/Release).

References

Special Thanks

About

A PoC for process hallowing using the technique used in PMA Lab12-02

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

Generated from 0xreizouko/cpp-windows-template