GInjer

A signed kernel driver is used to receive a process creation callbacks

A normal or reflective injection is supported

Injection of selected DLLs into almost every newly created processes

Injection of a DLL before and after static import initialization

Injection of an x64 DLL during WOW64 initialization

Ability to inject before a process initialization

No APC injection or remote thread creation is used

No VirtualAllocEx\NtAllocateVirtualMemory or VirtualProtectEx\NtProtectVirtualMemory is used

No any of target Process` threads handle is opened

No PROCESS_VM_READ or PROCESS_VM_WRITE rights are required for the target process` handle

3bbK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6h3K9h3y4K6K9r3q4F1L8W2)9J5c8V1N6u0L8X3A6W2M7R3`.`.

[培训]科锐逆向工程师培训第53期2025年7月8日开班！