This program can injects DLL into running processes using thread hijacking. No remote thread is created, only existing thread is used for injection.
The injector injects shellcode into the target process, and then a running thread in the target process is hijacked to execute the injected code. The injected code calls the LoadLibrary function to load the DLL.
Usage: ZwInjector [PID] [DLL name]
Flow of injection
-
Parse the DLL name and the target process ID from command line.
-
Allocate buffer for the shellcode and DLL name.
-
Copy the shellcode to the buffer.
-
Copy the DLL name to the end of shellcode.
-
Open the target process handle.
-
Allocate memory in the target process.
-
Find a running thread to hijack.
-
Get the context of the target thread.
-
Write the eip register to the shellcode.
-
Write the address of LoadLibrary to the shellcode.
-
Write the shellcode and DLL name to the target process.
-
Hijack a running thread in the target process to execute the shellcode.
-
The hijacked thread executes the shellcode. The shellcode calls the LoadLibrary function to load the DLL.
-
The shellcode returns, and the thread continue to execute its own code.
Please Support My Ass on YouTube : https://www.youtube.com/channel/UC1Hu0kEfFYR1075s6WPr91w
Kesimpulannya ialah program ini dapat menginject Running Processes Menggunakan Thread Hijaccking, dan menggunakan Injector yang akan menginject shellcode ke Running Processes.
My Portofolio : astrobox.epizy.com