Skip to content
/ RwxMeme Public
forked from SamuelTulach/RwxMeme

State of the art DLL injector that took 20 minutes to make

License

MIT license
2 stars 37 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

peiga/RwxMeme

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
RwxMeme
RwxMeme
 
 
assets
assets
 
 
dlls
dlls
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 

Repository files navigation


RwxMeme
Injector abusing RWX regions

About

This injector abuses the fact that some signed (read whitelisted by anticheat) DLLs have RWX (read, write, execute) sections. Since those sections are writable, running simple integrity checks towards them does not make sense, so we can simply map our own DLL into those sections.

In order for this to work on protected processes, another meme is used (EPROCESS->PreviousMode overwritten with vulnerable driver).

Usage

Compile or download the project. Pass the process name, window title and DLL path as process arguments (run without them to get more details). Don't forget that the signed DLL will be visible in the process.

About

State of the art DLL injector that took 20 minutes to make

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 98.2%
  • C 1.2%
  • CMake 0.6%