Skip to content
/ pclone Public

pclone is small project designed to clone running processes.

7 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

samehfido/pclone

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
img
img
 
 
pclone
pclone
 
 
README.md
README.md
 
 
pclone.sln
pclone.sln
 
 

Repository files navigation

pclone

pclone is small project designed to clone running processes. The cloning does not clone threads nor handles, it does however clone all virtual memory. It does this by swapping dirbase in the clones EPROCESS structure. It also swaps the PEB in the EPROCESS structure so the clone will list the same loaded modules as the cloned process.

usage

To make a pclone_ctx you must create a vdm_ctx and you must have a process id you want to clone. Once you have both of those you can clone a process.

pclone_ctx clone_ctx(vdm, util::get_pid("notepad.exe"));

// clone_pid is the pid of the new clone process
// clone_handle is a PROCESS_ALL_ACCESS handle which you can
// use to call VirtualAllocEx, ReadProcessMemory, WriteProcessMemory... etc...
const auto [clone_pid, clone_handle] = clone_ctx.clone();

example

As you can see here I clone notepad using a RuntimeBroker.exe as a dummy process to use as the clone. The loaded modules list the ones in notepad.exe and all the virtual memory is the same as it is in notepad.exe

About

pclone is small project designed to clone running processes.

Resources

Readme
Activity

Stars

7 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages