ppid-spoofing

Advanced Windows PE Injector (x86/x64, C++17, MSVC 19+). Manual mapping of DLLs (Run export call) + full EXE injection into svchost.exe. Direct syscall stubs, PPID spoofing (explorer.exe), randomized base, PE headers/IAT/TLS/relocs handling, trampoline execution.

windows dll-injection syscall pe-injector manual-mapping process-injection ppid-spoofing exe-injection

Updated Mar 18, 2026
C++

victorTrofelli / Malicious-Service-With-Ntdll

Star

The project consists of a service that utilizes advanced techniques to inject a Payload into its own process, specifically the Windows RuntimeBroker.exe

c windows system service assembly x64 malware windows-service malware-research malware-development anti-debugging ntdll earlybird anti-debugger ppid-spoofing syswhisper ntdll-unhooking dllblockpolicy

Updated Jul 3, 2024
C

Elfus-elfy / Usermode-Rootkit

Star

🛡️ Explore a simple Windows usermode rootkit for educational purposes, showcasing privilege escalation, stealth features, and remote management capabilities.

windows rootkit malware syscalls aes-encryption memory-analysis offensive-security malware-development apc red-team system-security usermode rootkits malware-scanner process-injection ppid-spoofing edr-evasion usermode-rootkit

Updated Jan 2, 2026

Improve this page

Add a description, image, and links to the ppid-spoofing topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the ppid-spoofing topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ppid-spoofing

Here are 7 public repositories matching this topic...

0xlane / ppspoofing

28Zaaky / Usermode-Rootkit

28Zaaky / Shellcode-Ldr

Al1ex / SelectMyParent

vvswift / Windows-PE-Injector

victorTrofelli / Malicious-Service-With-Ntdll

Elfus-elfy / Usermode-Rootkit

Improve this page

Add this topic to your repo