首页
社区
课程
招聘
[转帖]GInjer
发表于: 2020-10-29 12:44 1523

[转帖]GInjer

2020-10-29 12:44
1523

GInjer

A signed kernel driver is used to receive a process creation callbacks

A normal or reflective injection is supported

Injection of selected DLLs into almost every newly created processes

Injection of a DLL before and after static import initialization

Injection of an x64 DLL during WOW64 initialization

Ability to inject before a process initialization

No APC injection or remote thread creation is used

No VirtualAllocEx\NtAllocateVirtualMemory or VirtualProtectEx\NtProtectVirtualMemory is used

No any of target Process` threads handle is opened

No PROCESS_VM_READ or PROCESS_VM_WRITE rights are required for the target process` handle

https://github.com/Vicshann/GInjer



[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 1
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//