Rust-for-Malware-Development

Process Hollowing

Process Hollowing is a technique where a legitimate process is created in a suspended state, its memory is unmapped and replaced with malicious code.

⬇️ Download

Features

• Implementation of Process Hollowing technique
• Process creation in suspended state
• Memory manipulation using Windows API
• PE header manipulation
• Shellcode injection
• Process resumption

Requirements

• Rust toolchain
• Required dependencies:
  • winapi
  • ntapi

Installation

1. Clone the repository
2. Navigate to the project directory
3. Run cargo build

Usage

1. Build the project using Cargo:

   cargo build --release
   

2. Run the executable:

   ./target/release/process_hollowing.exe
   

Credits and Resources

@5mukx

References

• https://github.com/m0n0ph1/Process-Hollowing
• https://trustedsec.com/blog/the-nightmare-of-proc-hollows-exe

Author

@5mukx

This site is open source. Improve this page.