├── README.md
└── gw_ng.c


/README.md:
--------------------------------------------------------------------------------
 1 | # GhostWriting
 2 | 
 3 | A paradox: Writing to another process without openning it nor actually writing to it
 4 | 
 5 | The concept
 6 | Lots of today’s malicious software (virii, trojans, rootkits, etc.) use remote execution techniques in order to avoid AV software, hide themselves, go resident in more suitable processes and so on.
 7 | 
 8 | Remote execution means a process can somehow inject executable code into another process and trigger the execution of said executable code into the context of that process. Injected code can be both, a DLL that gets loaded into the target process or a bunch of code+data bytes directly written into the memory space of the target process.
 9 | 
10 | What we present here is a new way of accomplishing this task of remote code execution or, in more general terms, remote byte injection.
11 | 
12 | The basic idea of this method is forgetting about this process-centric idea of remote code execution. This is the challenge: writing and running remote code without actually opening the target process. We will not open any process nor will we write to it. Is this a paradox ? No, it is not. It is true that we are not going to use any OpenProcess, DebugActiveProcess, NtOpenProcess or similar functions. We will not even use any WriteProcessMemory, NtWriteVirtualMemory or alike.
13 | 


--------------------------------------------------------------------------------
/gw_ng.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/c0de90e7/GhostWriting/f89d99ed7c2af4fe9ade93f80539fed24d69fe16/gw_ng.c


--------------------------------------------------------------------------------