Need help with phantom-dll-hollower-poc?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

forrest-orr
210 Stars 51 Forks GNU General Public License v3.0 13 Commits 0 Opened issues

Description

Phantom DLL hollowing PoC

Services available

!
?

Need anything else?

Contributors list

# 539,120
C++
1 commit

Phantom DLL hollowing

DLL hollowing is a technique which can be used to provide stealth for malware in memory, either within the local process or a remote one (in combination with process injection/hollowing). This PoC code is associated with the blog post at https://www.forrest-orr.net/post/malicious-memory-artifacts-part-i-dll-hollowing

This solution contains two projects. The first is a PoC which can execute DLL hollowing using either the classic or phantom (TxF) method. It takes a user-supplied shellcode and only targets the address space of the local process. The second project is a memory scanner, which can enumerate the regional attributes of a user-provided PID, or all accessible processes. It can also collect statistics on the most common permissions for different types of memory.

Compilation

Visual Studio Community 2019 Release|x86 Release|x64

Usage

Usage

PhantomDllHollower.exe (shellcode file path) "txf" (optional, phantom hollow using TxF)

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.