Categorygithub.com/osonkr/malware-developmentprocess-injection
package
0.0.0-20211222205424-71b7da0d45e0
Repository: https://github.com/osonkr/malware-development.git
Documentation: pkg.go.dev
Overview
Dependencies
5
Dependents
2

# Packages

No description provided by the author

# README

Process Injection

Process injection is a method of executing arbitrary code in the address space of a separate live process. -- MITRE

Do not inject a golang binary into a golang process, the runtime will panic

Process Injection

This most basic form of process injection involves win32 APIS:

  • OpenProcess to get a process handle.
  • VirtualAllocEx to allocate memory in the process.
  • WriteProcessMemory to write the arbitrary code the new allocated memory region.
  • CreateRemoteThread to create a new thread at the base address of the memory region.

If injecting a DLL then you will need to call an additional API: LoadLibrary in the thread to load in the DLL.

Both methods have been implemented: Inject and InjectDLL

Process Hollowing