This GitHub repository hosts the Process Hollowing Crypter project, a tool developed in C, focused on the implementation of the process hollowing technique. The project is in active development, representing an exploration into cybersecurity, software engineering, low-level programming, and malware analysis.
Process hollowing is a stealth technique used by malware authors to inject malicious code into legitimate processes running on a system. This method allows the malware to execute under the guise of a trusted application, thereby evading detection from security software.
The goal of this project is to create a crypter using the process hollowing technique. This crypter will be capable of injecting a payload into a legitimate Windows process, allowing the payload to run undetected.
- TBD
- Create a Suspended Process: The crypter starts by creating a legitimate process, such as notepad.exe, in a suspended state.
- Unmap the Primary Module: It then unmaps the memory of the primary module of the suspended process.
- Load and Inject the Payload: The crypter loads the payload from a specified file and injects it into the memory space vacated by the unmapped primary module.
- Resume Execution: Finally, the crypter modifies the entry point of the suspended process to point to the injected payload and resumes the process.
- Windows environment for development and testing.
- GCC for compiling the C code.
- Basic understanding of Windows API and C programming.
To compile the project, you will need GCC installed on your system. Use the following command to compile the code:
gcc crypter.c -o crypter.exe -lpsapi