Phrozen Unprotect Project - Papers - Phrozen
External Process Hollowing, RunPE 24 Jun 2022

New Unprotect Delphi Code Snippet added for technique Process Hollowing, RunPE with support of both x86-32 and x86-64 in a single code.


External ProcEnvInjection - Remote code injection by abusing process environment strings 17 Jun 2022

New Unprotect Delphi Code Snippet added for technique ProcEnvInjection - Remote code injection by abusing process environment strings for both x86-32 and x86-64.


External DLL Injection via CreateRemoteThread and LoadLibrary 17 Jun 2022

New Unprotect Delphi Code Snippet added for technique DLL Injection via CreateRemoteThread and LoadLibrary with both support of x86-32 and x86-64.


External Checking Mouse Activity 17 Jun 2022

New Unprotect Delphi Code Snippet added for technique Checking Mouse Activity


File Melt 22 Feb 2021

This technique is often used by Malware to hide their presence on system after execution. The application self-delete after the end of its execution. The best method to archive a such goal is through process injection.

Read more...