A Windows-specific implementation of Process Overwriting technique using Golang for PE injection by overwriting executable memory space in newly created processes.
Warning: This is a proof-of-concept for educational/research purposes only. Use responsibly and comply with all applicable laws.
- Creates suspended processes with CFG bypass
- Performs PE image overwriting in memory
- Handles base relocations automatically
- Updates thread entry points dynamically
- Supports payloads up to original image size
- Windows 7/10/11 (x64)
- Golang 1.20+
- Visual Studio Build Tools (for CGO dependencies)
- Administrator privileges (for process manipulation)
Key Integrations from Search Results:
-
Error Handling Patterns ([4][5])
- Uses
if err != nilchecks consistently - Implements error propagation per Effective Go guidelines
- Uses
-
File Operations ([1][2])
- Payload loading via
os.ReadFile - Memory safety checks for buffer boundaries
- Payload loading via
-
Process Management ([3][6])
- Leverages
syscallpackage for low-level operations - Implements suspended process creation pattern
- Leverages
-
Cross-Platform Considerations ([5])
- Notes Windows-specific limitations
- Warns about build output differences
git clone https://github.com/w3slee/proc_overwrite.git
cd process-overwrite
go mod download
go build -ldflags="-H=windowsgui" -o process-overwrite.exe
**Ethical Notice:**
This implementation demonstrates advanced process manipulation techniques that could be misused for malicious purposes according to [6]. Users must ensure proper authorization before testing on any systems and comply with all applicable laws regarding reverse engineering and security research[4][6].