Update README.md

master v1.0
_xeroxz 4 years ago
parent 7f3e83537e
commit 370fe53195

@ -2,13 +2,13 @@
<img src="https://githacks.org/_xeroxz/pclone/-/raw/78ec8745ad117f42640063ef3bd10e5946f7ad6d/img/pclone-icon.png"/> <img src="https://githacks.org/_xeroxz/pclone/-/raw/78ec8745ad117f42640063ef3bd10e5946f7ad6d/img/pclone-icon.png"/>
</div> </div>
# pclone (Process Cloning) # pclone
pclone is small project designed to clone running processes. The cloning does not clone threads nor handles, it does however clone all virtual memory. pclone is small project designed to clone running processes. The cloning does not clone threads nor handles, it does however clone all virtual memory.
It does this by swapping dirbase in the clones EPROCESS structure. It also swaps the PEB in the EPROCESS structure so the clone will list the same loaded modules It does this by swapping dirbase in the clones EPROCESS structure. It also swaps the PEB in the EPROCESS structure so the clone will list the same loaded modules
as the cloned process. as the cloned process.
# Usage # usage
To make a `pclone_ctx` you must create a `vdm_ctx` and you must have a process id you want to clone. Once you have both of those you can clone a process. To make a `pclone_ctx` you must create a `vdm_ctx` and you must have a process id you want to clone. Once you have both of those you can clone a process.
@ -21,7 +21,7 @@ pclone_ctx clone_ctx(vdm, util::get_pid("notepad.exe"));
const auto [clone_pid, clone_handle] = clone_ctx.clone(); const auto [clone_pid, clone_handle] = clone_ctx.clone();
``` ```
# Example # example
As you can see here I clone notepad using a `RuntimeBroker.exe` as a dummy process to use as the clone. The loaded modules list the ones in notepad.exe and all the virtual memory is the same As you can see here I clone notepad using a `RuntimeBroker.exe` as a dummy process to use as the clone. The loaded modules list the ones in notepad.exe and all the virtual memory is the same
as it is in notepad.exe as it is in notepad.exe

Loading…
Cancel
Save