Link: TBD.
- 1. Introduction
- 2. Memory allocation
- 2.1 VirtualAlloc
- 2.2 Reusing allocated memory
- 2.3 NtMapViewOfSection
- 3. Memory writing
- 3.1 WriteProcessMemory
- 3.2 Shared memory
- 3.3 Atom Bombing
- 3.4 NtMapViewOfSection
- 3.5 memset & memmove
- 4. Execution
- 4.1 Classic DLL Injection - Simple
- 4.1 Classic DLL Injection - Stable
- 4.2 CreateRemoteThread Shellcode Injection
- 4.3 APC Injection
- 4.3 Thread Execution Hijacking
- 4.3 Windows Hooking
- 4.4 Ghost Writing
- 4.5 SetWindowLong
- 4.6 unmap & overwrite
- 4.7 PROPagate
- 4.8 Kernel Callback Table
- 4.9 Ctrl-Inject
- 4.10 Service Control
- 4.11 USERDATA
- 4.12 ALPC callback
- 4.13 WNF callback
- 4.14 Stack Bombing
- 4.15 DnsQuery_A callback
- 4.16 CLIPBRDWNDCLASS
- 4.17 COM Hijacking
- 4.18 PE Injection
- 4.19 Process Hollowing
- 4.20 Transacted Hollowing
- 4.21 DnsQuery_A callback
- 4.22 Extra Window Memory Injection
- 4.23 Process Injection using Shims
- 4.24 IAT Hooking
- 4.25 Process Ghosting
- 4.26 Process Doppelganging
- 4.27 Process Herpaderping
- 4.28 Process Overwriting