Skip to content
/ Doge-MemX Public

Golang implementation of Reflective load PE from memory

59 stars 18 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

timwhitez/Doge-MemX

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
args
args
 
 
lib
lib
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Doge-Assembly

  • 🐸Frog For Automatic Scan

  • 🐶Doge For Defense Evasion & Offensive Security

Doge-MemX

Golang implementation of Reflective load PE from memory

Only Supports x64 unmanaged PE

Supports Zip file ,auto unzip

sleep to bypass Windows Defender

ETW bypass & AMSI bypass (default not use)

Usage

blacklist := []string{
		//warning!! may cause panic!
		}

tmpArgs := []string{"coffee"}

//peLoader(&shellcode,"syscall")
peLoader(&shellcode,"createthread")

  • go build

  • run

Usage:
        Doge-MemX.exe mimikatz.exe
	Doge-MemX.exe mimikatz.zip

Limitations

Reflect-pe only works for x64 dynamic executables.

Reflect-pe only works for x64 unmanaged PE

It's not stable.

References

https://github.com/frkngksl/Huan

https://github.com/ayoul3/reflect-pe

https://github.com/Binject/debug

https://github.com/Binject/universal

🚀Star Trend

Stargazers over time

About

Golang implementation of Reflective load PE from memory

Resources

Readme
Activity

Stars

59 stars

Watchers

2 watching

Forks

18 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages