Forum Thread: PE File Infection, Now with 100% More Python and Threading

Dontrustme recently wrote a tutorial on infecting PE files. Works great, but there's a small problem - the main program doesn't start until the payload finishes. This is significant if your payload is, for example, a shell. The program will most likely never start!

The solution is to start your shellcode in a new thread. This way, the payload and the executable will run concurrently.

Here's a link to dtm's program rewritten in python with threading added. Do note however, that this sometimes fails and the infected program crashes upon starting. Stick to infecting small programs.


Here we have a code cave in putty.exe:

Image via

Let's infect it:

Image via

Our shellcode is inside the cave:

Image via

infected_putty.exe starts up fine:

Image via

Let's telnet to port 8888...

Image via

Et voila!

Love and waffles,
Joe Schmoe

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

3 Responses

Dope, bro. Great job.

Have you used createRemoteThread or createthread api?

Share Your Thoughts

  • Hot
  • Active