Skip to content

ezhangle/process_chameleon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

.appveyor.yml

.appveyor.yml

 
 

CMakeLists.txt

CMakeLists.txt

 
 

README.md

README.md

 
 

main.cpp

main.cpp

 
 

ntddk.h

ntddk.h

 
 

ntdll_types.h

ntdll_types.h

 
 

ntdll_undoc.cpp

ntdll_undoc.cpp

 
 

ntdll_undoc.h

ntdll_undoc.h

 
 

peb_lookup.cpp

peb_lookup.cpp

 
 

peb_lookup.h

peb_lookup.h

 
 

util.cpp

util.cpp

 
 

util.h

util.h

 
 

Repository files navigation

Process Chameleon

Build status

This is my "lil_calc" PoC presented on the video:
Test with ProcessExplorer vs TaskManager
It is not FUD, but it can fool some tools and it can be used as a test case.
The process overwrites its own PEB to create an illusion, that it has been loaded from a different path.

About

A process overwriting its own PEB to make an illusion that it has been loaded from a different path.

www.youtube.com/watch?v=S3iCZ3BKkLk

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • C 92.5%
  • C++ 7.2%
  • CMake 0.3%