| skipped 2 lines |
3 | 3 | | proof of concept dll injector which injects without a process handle, and with a thread handle instead. |
4 | 4 | | with the power of Get/SetThreadContext, and some gadgets, you are able to call functions and write to another process |
5 | 5 | | |
| 6 | + | with the thread context, you can set rax to the value to be written, and rdx to where to write to |
| 7 | + | and rip to the address of this gadget |
| 8 | + | ``` |
| 9 | + | mov qword ptr [rdx], rax |
| 10 | + | ret |
| 11 | + | ``` |
| 12 | + | and with the return address/rsp set to this gadget, which is basically a infinite loop |
| 13 | + | ``` |
| 14 | + | jmp 0 |
| 15 | + | ``` |
| 16 | + | now 8 bytes of data has been written to the other process |
| 17 | + | |
| 18 | + | so now you just spam this to write large ammounts of data, and use it to push data to the stack for triggering functions |
| 19 | + | |
6 | 20 | | |
7 | 21 | | https://github.com/li4321/GhostInjector/assets/148918162/3081eb05-40fb-4c04-83c0-fd327c8cedd0 |
8 | 22 | | |
| skipped 17 lines |