Files

BSOD
Basics
BlockHandle
EDRChecker
Early Cascade Injection
Encryption Methods
Enumeration
Exec_Extern
GhostingProcess
Keyloggers
Malware-Samples
Malware_Tips
MessageBoxes
Named_Pipe
NtApi
NtCreateUserProcess
Persistence
Process-Injection
Process
- EnumDesktopsA
- Herpaderping
- cpu_buffer
- createprocess
- enable_token
- hypnosis
- local_mapping_injection
- process_argument_spoofing
  - src
  - Cargo.toml
  - README.md
- process_fiber
- process_hollowing
- remote_mapping_injection
- EnumDesktopsA.rs
- README.md
- ShellExecute.rs
- cpu_buffer.rs
- createprocess.rs
- enable_token.rs
- hypnosis.rs
- local_mapping_injection.rs
- process_argument_spoofing.rs
- process_fiber.rs
- process_hollowing.rs
- remote_mapping_injection.rs
Recon
Reverse Shell
Self-Deletion-Techniques
Sleep_Obfuscations
Structs
Test_phase
Threads
Windows_Threads
analysis
base_addr_locator
dll_injection
drivers
images
keylog_dropper
lsass_dump
position independent
shellcode_exec
stealer
syscalls
timer
uac-bypass-cmstp
CLEAN.md
CNAME
Dockerfile
LICENSE
README.md
api_hooking.rs
deps.md
docker.md
evade_vm.rs
maldev_rust.png
syscalls.rs

process_argument_spoofing

Whitecat18

Repo Structure

Mar 31, 2025

cbab091 · Mar 31, 2025

History

This branch is 12 commits behind Whitecat18/Rust-for-Malware-Development:main.

Name	Name	Last commit message	Last commit date
parent directory ..
src	src	Changing Repo Structure	Mar 28, 2025
Cargo.toml	Cargo.toml	Changing Repo Structure	Mar 28, 2025
README.md	README.md	Repo Structure	Mar 31, 2025

README.md

Process Argument Spoofing

Process Argument Spoofing is a technique used to manipulate or hide command-line arguments of a process, making it harder for security tools to detect the actual parameters passed to the program.

⬇️ Download

Features

Process argument spoofing implementation in Rust
Uses Windows API and NT API for process manipulation
Demonstrates process memory manipulation techniques

Requirements

Rust toolchain
Required dependencies:
- winapi
- ntapi
- memoffset

Installation

Clone the repository
Navigate to the project directory
Run cargo build to compile the project

Usage

Build the project using Cargo:
```
cargo build --release
```

Run the executable:

./target/release/process_argument_spoofing.exe

References

https://www.ired.team/offensive-security/defense-evasion/parent-process-id-ppid-spoofing

Author

@5mukx

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

process_argument_spoofing

process_argument_spoofing

README.md

Process Argument Spoofing

Features

Requirements

Installation

Usage

References

Author

Files

process_argument_spoofing

Directory actions

More options

Directory actions

More options

Latest commit

History

process_argument_spoofing

Folders and files

parent directory

README.md

Process Argument Spoofing

Features

Requirements

Installation

Usage

References

Author