Skip to content
/ Process-Hollowing-POC Public

Proof of concept, example of process hollowing, generating reverse TCP shellcode. Conducted on Windows 10 64 Bit 22H2.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Trn44/Process-Hollowing-POC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
App.config
App.config
 
 
PrcessHollowingPOC FMP.csproj
PrcessHollowingPOC FMP.csproj
 
 
PrcessHollowingPOC FMP.sln
PrcessHollowingPOC FMP.sln
 
 
Program.cs
Program.cs
 
 
README.md
README.md
 
 

Repository files navigation

Proof of concept for Process Hollowing in Windows Operating Systems, performed on Windows 10 64 Bit 22H2. Hollowing the process "Notepad++.exe" and executing a reverse TCP shellcode.

Sources:

https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa

https://learn.microsoft.com/en-us/windows/win32/procthread/process-creation-flags

https://learn.microsoft.com/en-us/windows/win32/procthread/zwqueryinformationprocess

https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-readprocessmemory

https://learn.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory

https://www.geoffchappell.com/studies/windows/km/ntoskrnl/inc/api/pebteb/peb/index.htm

https://crypt0ace.github.io/posts/Shellcode-Injection-Techniques-Part-2/

https://0xrick.github.io/win-internals/pe3/

http://www.pinvoke.net/index.aspx

About

Proof of concept, example of process hollowing, generating reverse TCP shellcode. Conducted on Windows 10 64 Bit 22H2.

Topics

windows-10 process-hollowing windows-11 process-injection

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages