A collection of various PoCs of loading and running code
Originaly, I wanted to store only Sharp examples, but when I realised that It'll be useful to have C++ examples as well.
Runner - runs shellcode in local process
Injector - runs shellcode in remote process
- DLL Injectors
- Classic (?)
- Module Stomping
- Shellcode Injectors
- Classic
- Thread Hijacking (If there is only main thread, the target program will not respond)
- Native API quadro (Inter-Process Mapped View)
- APC (not any process calls APC, notepad for example)
- Early Bird
- IAT Hooking
- Shellcode Runners
- Classic
- Thread Hijacking (If Binary was built as Debug, it'll not work. But in other cases, it works perfectly)
- CreateThreadpoolWait
- APC
- Fibers
- Sharp Runners
- Reflection-Runner (Assembly.Load)
- Sharp-Runner (with Delegate)
- Dll Injectors
- Reflective DLL Injection
- Shellcode Reflective DLL Injection
- Shellcode Runners
- IAT Hooking
- Sharp Runners
- Roslyn
- Dll Injectors
- Classic
- Module Stomping (works weird: works even if process was closed (not terminated), but if its stager - it wont load additional part (because dll has fixed size in memory))
- Reflective DLL Injection (error)
- Shellcode Injectors
- Classic
- Remote Thread Hijacking
- APC
- Native API quadro
- SetWindowsHookEx
- Early Bird
- Shellcode Runners
- Classic
- APC
- Fibers
- CreateThreadpoolWait
- IAT Hooking
- Dll Injectors
- Shellcode Reflective DLL Injection
- Shellcode Runners
- Local Thread Hijacking (empty right now)
- Shellcode Injectors
- IAT Hooking