You are here : Home » Learning security » Operating Systems » Windows » Code injection series » Code Injection - Weaponize GhostWriting Injection

Code Injection - Weaponize GhostWriting Injection

Code injection series part 5

D 2 September 2020     H 18:24     A Emeric Nasi     C 0 messages


agrandir


Prerequisites: This document requires some knowledge about Windows system programming. Also, it is mandatory to be familiar with concepts presented in Code injection series part 1.
License : Copyright Emeric Nasi (@EmericNasi), some rights reserved
This work is licensed under a Creative Commons Attribution 4.0 International License.
Creative Commons License

I Introduction

Ghost writing is a technique which consists into injecting and running code in a remote process by manipulating the register states of one of its thread.
This technique allows us to apply code injection without opening the process or calling any of the classic functions involve into remote memory allocation or memory writing.

I haven’t found an implementation satisfying for 64bit code and generally the few existing implementation for 32bit only describe limited shellcode injection so I decided to implement my own version and write something about it.

If you wish to read more about this, the document can be downloaded in a PDF format

PDF - 380.8 kb
Any message or comments?
pre-moderation

This forum is moderated before publication: your contribution will only appear after being validated by an administrator.

Who are you?
Your post