WowInjector Save

PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)

Project README

wowInjector

Inject payload to WOW64(Windows 32 on Windows 64) process via exploit 32-bit thread snapshot. This trick makes us possible to do malicious attacks and bypass Antivirus agents at the same time, e.g. Injection, Hollowing, Dropper, etc.

It's a proof-of-concept of the talk of HITB 2021. There are more details about reversing the whole WOW64 layer by Microsoft and abuse, see Rebuild The Heaven's Gate: from 32 bit Hell back to Heaven Wonderland.

Demo

Open Source Agenda is not affiliated with "WowInjector" Project. README Source: aaaddress1/wowInjector

Stars

158

Open Issues

Last Commit

2 years ago

Repository

aaaddress1/wowInjector

License

GPL-3.0

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/wowinjector"><img src="https://www.opensourceagenda.com/projects/wowinjector/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022