PELoader implement various shellcode injection techniques, and use libpeconv library to load encrypted PE files instead of injecting shellcode into remote thread.
Following techniques were implemented:
Module Stomping (LoadLibrary)
Module Stomping (NtMapViewOfSection)
Transacted Hollowing
Ghostly Hollowing
NtMapViewOfSection (RWX-RW-RX)
NtAllocateVirtualMemory (RW-RX)
Credits: most of my work was based on @hasherezade's PoC scripts.
[hide][Hidden Content]]