POC Reflective PE loader for DLL injection.
Base on code found on https://www.youtube.com/watch?v=X393OZqSPUk with some modifications to make it work.
Other Reflective PE Loaders:
https://github.com/stephenfewer/ReflectiveDLLInjection
https://github.com/DarthTon/Blackbone Swiss army knife
https://github.com/dismantl/ImprovedReflectiveDLLInjection this one is very very cool
https://github.com/Professor-plum/Reflective-Driver-Loader very cool as well
https://github.com/countercept/doublepulsar-usermode-injector
https://github.com/azerton/dll_inject_test
https://github.com/ru-faraon/pupy
https://github.com/floomby/injector
https://github.com/amishsecurity/paythepony
https://github.com/BorjaMerino/Pazuzu
https://github.com/Frenda/libScanHook/blob/master/libScanHook/PeLoader.cpp
https://github.com/apriorit/ReflectiveDLLInjection
https://github.com/uItra/Injectora
https://github.com/fancycode/MemoryModule
https://github.com/mq1n/SonicInjector
Various tools:
https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher
https://github.com/CylanceVulnResearch/upx/tree/reflective_dll
https://github.com/papadp/reflective-injection-detection
https://github.com/xorrior/WebCam_Dll
https://github.com/psmitty7373/eif
https://github.com/azerton/dll_inject_test
https://github.com/hirnschallsebastian/Breach
https://wikileaks.org/ciav7p1/cms/page_14588718.html
https://github.com/jaredhaight/ReflectCmd
https://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x-x-API-Hooking-Libra
https://github.com/Jyang772/XOR_Crypter/tree/master/Stub
https://github.com/thereals0beit/RemoteFunctions
Documentation, blog posts and videos:
https://www.endgame.com/blog/technical-blog/hunting-memory
https://en.wikipedia.org/wiki/Portable_Executable
https://upload.wikimedia.org/wikipedia/commons/1/1b/Portable_Executable_32_bit_Structure_in_SVG_fixed.svg
http://stackoverflow.com/questions/18362368/loading-dlls-at-runtime-in-c-sharp
https://www.countercept.com/our-thinking/doublepulsar-usermode-analysis-generic-reflective-dll-loader/
https://www.countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
https://zerosum0x0.blogspot.dk/2017/04/doublepulsar-initial-smb-backdoor-ring.html
https://www.codeproject.com/Articles/20084/A-More-Complete-DLL-Injection-Solution-Using-Creat
http://blog.harmonysecurity.com/2008/10/new-paper-reflective-dll-injection.html
http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
https://disman.tl/2015/01/30/an-improved-reflective-dll-injection-technique.html
https://disman.tl/2015/03/16/cross-architecture-reflective-dll-inection.html
https://www.youtube.com/watch?v=9U6dtRtSuFo&index=11&list=PLcTmaBQIhUkgvwz3k-JGHUcDlS41fim0x
https://www.youtube.com/watch?v=9L9I1T5QDg
Interesting Microsoft documentation:
https://blogs.msdn.microsoft.com/ntdebugging/2009/01/09/challenges-of-debugging-optimized-x64-code/
https://msdn.microsoft.com/en-us/library/4khtbfyf
https://msdn.microsoft.com/en-us/library/69ze775t.aspx