Awesome
ReflectivePELoader
POC Reflective PE loader for DLL injection.<br> Base on code found on https://www.youtube.com/watch?v=X393OZqSPUk with some modifications to make it work.<br>
Other Reflective PE Loaders:<br> https://github.com/stephenfewer/ReflectiveDLLInjection<br> https://github.com/DarthTon/Blackbone Swiss army knife<br> https://github.com/dismantl/ImprovedReflectiveDLLInjection this one is very very cool<br> https://github.com/Professor-plum/Reflective-Driver-Loader very cool as well<br> https://github.com/countercept/doublepulsar-usermode-injector<br> https://github.com/azerton/dll_inject_test<br> https://github.com/ru-faraon/pupy<br> https://github.com/floomby/injector<br> https://github.com/amishsecurity/paythepony<br> https://github.com/BorjaMerino/Pazuzu<br> https://github.com/Frenda/libScanHook/blob/master/libScanHook/PeLoader.cpp<br> https://github.com/apriorit/ReflectiveDLLInjection<br> https://github.com/uItra/Injectora<br> https://github.com/fancycode/MemoryModule<br> https://github.com/mq1n/SonicInjector<br>
Various tools:<br> https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher<br> https://github.com/CylanceVulnResearch/upx/tree/reflective_dll<br> https://github.com/papadp/reflective-injection-detection<br> https://github.com/xorrior/WebCam_Dll<br> https://github.com/psmitty7373/eif<br> https://github.com/azerton/dll_inject_test<br> https://github.com/hirnschallsebastian/Breach<br> https://wikileaks.org/ciav7p1/cms/page_14588718.html<br> https://github.com/jaredhaight/ReflectCmd<br> https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra<br> https://github.com/Jyang772/XOR_Crypter/tree/master/Stub<br> https://github.com/thereals0beit/RemoteFunctions<br>
Documentation, blog posts and videos:<br> https://www.endgame.com/blog/technical-blog/hunting-memory<br> https://en.wikipedia.org/wiki/Portable_Executable<br> https://upload.wikimedia.org/wikipedia/commons/1/1b/Portable_Executable_32_bit_Structure_in_SVG_fixed.svg<br> http://stackoverflow.com/questions/18362368/loading-dlls-at-runtime-in-c-sharp<br> https://www.countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/<br> https://www.countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/<br> https://zerosum0x0.blogspot.dk/2017/04/doublepulsar-initial-smb-backdoor-ring.html<br> https://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat<br> http://blog.harmonysecurity.com/2008/10/new-paper-reflective-dll-injection.html<br> http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html<br> https://disman.tl/2015/01/30/an-improved-reflective-dll-injection-technique.html<br> https://disman.tl/2015/03/16/cross-architecture-reflective-dll-inection.html<br> https://www.youtube.com/watch?v=9U6dtRtSuFo&index=11&list=PLcTmaBQIhUkgvwz3k-JGHUcDlS41fim0x<br> https://www.youtube.com/watch?v=9L9I1T5QDg<br>
Interesting Microsoft documentation:<br> https://blogs.msdn.microsoft.com/ntdebugging/2009/01/09/challenges-of-debugging-optimized-x64-code/<br> https://msdn.microsoft.com/en-us/library/4khtbfyf<br> https://msdn.microsoft.com/en-us/library/69ze775t.aspx<br>