| skipped 2 lines |
| 3 | 3 | | proof of concept dll injector which injects without a process handle, and with a thread handle instead. |
| 4 | 4 | | with the power of Get/SetThreadContext, and some gadgets, you are able to call functions and write to another process |
| 5 | 5 | | |
| | 6 | + | with the thread context, you can set rax to the value to be written, and rdx to where to write to |
| | 7 | + | and rip to the address of this gadget |
| | 8 | + | ``` |
| | 9 | + | mov qword ptr [rdx], rax |
| | 10 | + | ret |
| | 11 | + | ``` |
| | 12 | + | and with the return address/rsp set to this gadget, which is basically a infinite loop |
| | 13 | + | ``` |
| | 14 | + | jmp 0 |
| | 15 | + | ``` |
| | 16 | + | now 8 bytes of data has been written to the other process |
| | 17 | + | |
| | 18 | + | so now you just spam this to write large ammounts of data, and use it to push data to the stack for triggering functions |
| | 19 | + | |
| 6 | 20 | | |
| 7 | 21 | | https://github.com/li4321/GhostInjector/assets/148918162/3081eb05-40fb-4c04-83c0-fd327c8cedd0 |
| 8 | 22 | | |
| skipped 17 lines |
