RUNPE64 / Process Hollowing in rust

[chipster]

Hey, I am trying to write process hollowing / runpe64 techniques in rust but i can't make it work. I lost lot of time and i have other thing to do more important. Could an expert in Winapi, malware developper debug my code please ? Would be greatly appreciated.

Code based on :

antnium/pkg/inject/techniques.go at master · dobin/antnium

A C2 framework for initial access in Go. Contribute to dobin/antnium development by creating an account on GitHub.

github.com

RunPE for x64

RunPE for x64. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

RunPE/RunPE.cpp at master · Zer0Mem0ry/RunPE

Code that allows running another windows PE in the same address space as the host process. - Zer0Mem0ry/RunPE

github.com

go-runpe/runpe.go at master · abdullah2993/go-runpe

execute a PE in the address space of another PE aka process hollowing - abdullah2993/go-runpe

github.com

 

[Barmaleus]

Think this -> https://github.com/thoxy67/rspe will be helpful for u.

 

[chipster]

Thanks i may be missing PE base relocation

 

[chipster]

A lot of project writes directly and execute without base relocation. Help would be greatly appreciated to understand where I'm wrong ?