Monday, June 5, 2017

Inject Custom Code Into PE File: InfectPE

10:50 AM Leave a Reply
Inject Custom Code Into PE File: InfectPE

nject Custom Code Into PE File

Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files.





Why you need InjectPE?

You can test your security products.
Use in a phishing campaign.
Learn how PE injection works.
…and so on.
In the project, there is hardcoded x-code of MessageBoxA, you can change it.






Dependencies:

vc_redist.x86 – Microsoft Visual C++ Redistributable



Usage

.\InfectPE.exe .\input.exe .\out.exe code
X-code is injected into code section, this method is more stealthy, but sometimes there is no enough space in the code section.

.\InfectPE.exe .\input.exe .\out.exe largest
X-code is injected into a section with the largest number of zeros, using this method you can inject bigger x-code. This method modifies characteristics of the section and is a bit more suspicious.

.\InfectPE.exe .\input.exe .\out.exe resize
Expand the size of code section and inject x-code. This technique, like “code” one, is less suspicious, also you can inject much bigger x-code.

In the patched file, ASLR and NX are disabled, for the more technical information you can analyze VS project.

Please, don’t use with packed or malformed executables.

Download