module
Windows Inject PE Files, Bind TCP Stager (No NX or Win7)
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
Inject a custom native PE file into the exploited process using a reflective PE loader. The reflective PE
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (No NX)
loader will execute the pre-mapped PE image starting from the address of entry after performing image base
relocation and API address resolution. This module requires a PE file that contains relocation data and a
valid (uncorrupted) import table. PE files with CLR(C#/.NET executables), bounded imports, and TLS callbacks
are not currently supported. Also PE files which use resource loading might crash.
Listen for a connection (No NX)
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.