Code Injection - Weaponize GhostWriting Injection
Code injection series part 5
2 September 2020 18:24 0 messages
Prerequisites: This document requires some knowledge about Windows system programming. Also, it is mandatory to be familiar with concepts presented in Code injection series part 1.
License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
I Introduction
Ghost writing is a technique which consists into injecting and running code in a remote process by manipulating the register states of one of its thread.
This technique allows us to apply code injection without opening the process or calling any of the classic functions involve into remote memory allocation or memory writing.
I haven’t found an implementation satisfying for 64bit code and generally the few existing implementation for 32bit only describe limited shellcode injection so I decided to implement my own version and write something about it.
If you wish to read more about this, the document can be downloaded in a PDF format
Also in this section
1 December 2019 – Code Injection - Disable Dynamic Code Mitigation (ACG)
1 December 2019 – Code Injection - Exploit WNF callback
5 September 2019 – Code Injection - Bypass start address protection
1 September 2019 – Code Injection - Process PE Injection Basics