IDontCode
/
pclone
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Process Cloning
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
3 Tags
216 KiB
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '00ba3e75f3'
${ noResults }
Go to file
_xeroxz 00ba3e75f3
Update README.md 		4 years ago
img init commit 4 years ago
pclone swapping dirbase and peb in clone process E/KPROC 4 years ago
README.md Update README.md 4 years ago
pclone.sln init commit 4 years ago

README.md

pclone (Process Cloning)

pclone is small project designed to clone running processes. The cloning does not clone threads nor handles, it does however clone all virtual memory. It does this by swapping dirbase in the clones EPROCESS structure. It also swaps the PEB in the EPROCESS structure so the clone will list the same loaded modules as the cloned process.

Usage

To make a pclone_ctx you must create a vdm_ctx and you must have a process id you want to clone. Once you have both of those you can clone a process.

pclone_ctx clone_ctx(vdm, util::get_pid("notepad.exe"));

// clone_pid is the pid of the new clone process
// clone_handle is a PROCESS_ALL_ACCESS handle which you can
// use to call VirtualAllocEx, ReadProcessMemory, WriteProcessMemory... etc...
const auto [clone_pid, clone_handle] = clone_ctx.clone();