-
-
[转帖]GInjer
-
发表于:
2020-10-29 12:44
1492
-
GInjer
A signed kernel driver is used to receive a process creation callbacks
A normal or reflective injection is supported
Injection of selected DLLs into almost every newly created processes
Injection of a DLL before and after static import initialization
Injection of an x64 DLL during WOW64 initialization
Ability to inject before a process initialization
No APC injection or remote thread creation is used
No VirtualAllocEx\NtAllocateVirtualMemory or VirtualProtectEx\NtProtectVirtualMemory is used
No any of target Process` threads handle is opened
No PROCESS_VM_READ or PROCESS_VM_WRITE rights are required for the target process` handle
https://github.com/Vicshann/GInjer
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
