Inject Custom Code Into PE File: InfectPE

2017-04-25T16:28:12
ID N0WHERE:171557
Type n0where
Reporter N0where
Modified 2017-04-25T16:28:12

Description

Inject Custom Code Into PE File


Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files.

Why you need InjectPE?

  • You can test your security products.
  • Use in a phishing campaign.
  • Learn how PE injection works.
  • …and so on.

In the project, there is hardcoded x-code of MessageBoxA, you can change it.

Dependencies:

vc_redist.x86 – Microsoft Visual C++ Redistributable

Usage

.\InfectPE.exe .\input.exe .\out.exe code

X-code is injected into code section, this method is more stealthy, but sometimes there is no enough space in the code section.

.\InfectPE.exe .\input.exe .\out.exe largest

X-code is injected into a section with the largest number of zeros, using this method you can inject bigger x-code. This method modifies characteristics of the section and is a bit more suspicious.

.\InfectPE.exe .\input.exe .\out.exe resize

Expand the size of code section and inject x-code. This technique, like “code” one, is less suspicious, also you can inject much bigger x-code.

In the patched file, ASLR and NX are disabled, for the more technical information you can analyze VS project.

Please, don’t use with packed or malformed executables.

Inject Custom Code Into PE File: InfectPE Download