-
-
[转帖]GInjer
-
发表于: 2020-10-29 12:44 1523
-
GInjer
A signed kernel driver is used to receive a process creation callbacks
A normal or reflective injection is supported
Injection of selected DLLs into almost every newly created processes
Injection of a DLL before and after static import initialization
Injection of an x64 DLL during WOW64 initialization
Ability to inject before a process initialization
No APC injection or remote thread creation is used
No VirtualAllocEx\NtAllocateVirtualMemory or VirtualProtectEx\NtProtectVirtualMemory is used
No any of target Process` threads handle is opened
No PROCESS_VM_READ or PROCESS_VM_WRITE rights are required for the target process` handle
https://github.com/Vicshann/GInjer
赞赏
他的文章
看原图
赞赏
雪币:
留言: