GitHunt
OF

Offensive-Panda/WPM-MAJIC-ENTRY-POINT-INJECTION

This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission and write the shellcode.

avbypassedr-bypassmalware-developmentoffensive-securitywriteprocessmemory

WPM-MAJIC-ENTRY-POINT-INJECTION

This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission and write the shellcode. Exploit also using direct syscalls to bypass user-mode hooking of AV/EDRs. This technique is avoiding the usage of VirtualAlloc, VirtualProtect APIs directly inside the code. The working of VirtualProtect will be covered by WPM magic.

Note

The Main Purpose of this program is to highlight the internal working of WriteProcessMemory() not to Bypass EDRs hook. That's why I used WriteProcessMemory() directly into code instead of direct calls.

WORKING FLOW

  1. Get PEB address and pointer to image base address
  2. Get process image base address
  3. Read target process image headers
  4. Get AddressOfEntryPoint (RX region)
  5. Write shellcode to image entry point and execute it (WPM MAGIC HERE)

USAGE

  1. Compile the code in Visual Studio and execute Simple :)
  2. If you guys face any error while compilation, please make sure MASM should be enabled in your solution file build customization.
EPINJ.mp4

ONLY FOR EDUCATIONAL PURPOSES

Languages

C++71.4%C24.6%Assembly4.0%

Contributors

OF
MIT License
Created July 18, 2024
Updated October 6, 2025
Offensive-Panda/WPM-MAJIC-ENTRY-POINT-INJECTION | GitHunt