shellcode injector

Related tags

CLI process-hollowing shellcode-injector process-injection
Overview

What is Process Injection?

  • It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process’s memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.

TECHNICAL DETAILS

  • Open process with Access Rights
  • LPTHREAD_START_ROUTINE (its a pointer to the application-defined function of type LPTHREAD_START_ROUTINE to be executed by the thread and represents the starting address of the thread in the remote process. The function must exist in the remote process.)
  • VirtualAllocEx (used to allocate space from the target process virtual memory)
  • WriteProcessMemory (used to write the path of the shellcode into the allocated memory)
  • CreateRemoteThread (used to creates a thread in the virtual memory area of a process)
  • WaitForSingleObject (Waits until the specified object is in the signaled state or the time-out interval elapses)

Other Features

  • RtlSetProcessIsCritical used to protect the process from termination , any attempt to terminate it will cause the system to crash (Not Stable)

DEMO

Alt Text

You might also like...
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode
EarlyBird process hollowing technique (BOF) - Spawns a process in a suspended state, inject shellcode, hijack main thread with APC, and execute shellcode

HOLLOW - Cobalt Strike BOF Authors: Bobby Cooke (@0xBoku) Justin Hamilton (@JTHam0) Octavio Paguaga (@OakTree__) Matt Kingstone (@n00bRage) Beacon Obj

Bobby Cooke 203 Dec 20, 2022
A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.
A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.

Twonkie - a USB-PD sniffer based on Google's Twinkie Twonkie is a USB-PD sniffer/injector/sink based on a Google project called Twinkie, re-engineered

Joachim Fenkes 97 Jan 2, 2023
A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.
A USB-PD sniffer/injector/sink based on Google's Twinkie, re-designed to be manufactured by mere mortals.

Twonkie - a USB-PD sniffer based on Google's Twinkie Twonkie is a USB-PD sniffer/injector/sink based on a Google project called Twinkie, re-engineered

Joachim Fenkes 97 Jan 2, 2023
PoC MSVC COFF Object file loader/injector.

COFFInjector A Proof of Concept code - loading and injecting MSVC object file. Blog post with explanation: https://0xpat.github.io/Malware_development

null 132 Dec 28, 2022
C/C++ Windows Process Injector for Educational Purposes.

ProcessInjector C/C++ Windows Process Injector for Educational Purposes. What does this software do? This is a simple process injector that uses the C

Berat Çağrı Eroğlu 8 May 3, 2022
A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation.

splitgate-load-library-injector A loadlibrary injector for the game Splitgate that fully bypasses their EQU8 anti-cheat implementation. Information Th

Hinnie 8 Oct 3, 2022
GlueGD is a mod loader for Geometry Dash that does not require a modification to any existing Geometry Dash files or an external injector or launcher.

GlueGD is a mod loader for Geometry Dash that does not require a modification to any existing Geometry Dash files or an external injector or la

Aly Cerruti 9 Apr 10, 2022
simple C++ dll injector
simple C++ dll injector

Dll-Injector DLL injection is a method of executing arbitrary code in the address space of a separate live process. TECHNICAL DETAILS Open process wit

anas 31 Dec 26, 2022
A LoadLibrary injector for CS:GO that automatically bypasses Trusted Mode by disabling various Win32 function hooks.

TrustedInjector This is a LoadLibrary injector for Counter-Strike: Global Offensive. Information It automatically bypasses trusted mode by removing ho

Brandon 19 Jan 6, 2023
Edited and relatively up-to-date xenos injector

Xenos Windows dll injector. Based on Blackbone library - https://github.com/DarthTon/Blackbone Changes from the original repository Up-to-date blackbo

null 5 Apr 18, 2022
An injector is simply a program that injects some sort of file into your game

example-injector What it injector? An injector is simply a program that injects some sort of file into your game. This could be something as benign as

Speedy 30 Dec 27, 2022
Private internal Cheat-Injector for Valorant

CyberVal-Injector CyberVal is a paste of a internal Valorant Cheat which has been used by several providers like LeagueHell, Enduty and several other

zeroday 38 Jan 5, 2023
A generic post-processing injector for games and video software.

ReShade This is a generic post-processing injector for games and video software. It exposes an automated way to access both frame color and depth info

null 2.9k Dec 28, 2022
FiveM Cheat with KEKHACK. Injected with simple injector in c++.
FiveM Cheat with KEKHACK. Injected with simple injector in c++.

FiveM Cheat with TriggersEvent [KEKHACK] This is the ultimate great source code for building the best cheat FiveM. I'm not going to tell you how to cr

MasterDev 9 Dec 26, 2022
Best EAC/VAC Injector
Best EAC/VAC Injector

DevRcs Dll Injector Implemented Injection Methods We break the injection procedure into serveral "parts", and each part has a few selection of methods

Jalvin Herresa 3 May 11, 2022
With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger
With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger

With xshellex you can paste any kind of c-shellcode strings in x64dbg, ollydbg & immunity debugger. Also you can convert the "binary-copied-clipboard" to c-shellcode string.

David Reguera Garcia aka Dreg 30 Oct 7, 2022
Remote Download and Memory Execute for shellcode framework
Remote Download and Memory Execute for shellcode framework

RmExecute Remote Download and Memory Execute for shellcode framework 远程下载并内存加载的ShellCode框架,暂不支持X64 参(抄)考(袭)项目 windows下shellcode提取模板的实现 主要抄袭来源,直接使用这位大佬

null 52 Dec 25, 2022
POCs for Shellcode Injection via Callbacks

Callback_Shellcode_Injection POCs for Shellcode Injection via Callbacks. Working APIs 1, EnumTimeFormatsA Works 2, EnumWindows Works 3, EnumD

Chaitanya Haritash 322 Jan 5, 2023
C-shellcode to hex converter, handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydbg, x64dbg, immunity debugger & 010 editor

shellex WARNING: the ugliest code in the world C-shellcode to hex converter. Handy tool for paste & execute shellcodes in gdb, windbg, radare2, ollydb

David Reguera Garcia aka Dreg 90 Dec 30, 2022
Owner
anas
anas
GitHub
shellcode injector

What is Process Injection? It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of

anas 83 Dec 26, 2022
White-Stuff - a simple xor encoder/decoder for your shellcode

White-Stuff - a simple xor encoder/decoder for your shellcode

null 14 Nov 9, 2022
sc4cpp is a shellcode framework based on C++

sc4cpp is a shellcode framework based on C++

null 72 Jan 7, 2023
This is a brand-new technique for shellcode injection to evade AVs and EDRs

This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities. As to this date (23-01-2022) also hollows-hunter doesn't find it.

Idov 606 Dec 20, 2022
Custom shellcode runner builder w/ CobaltStrike integration

Custom_Builder Custom shellcode runner builder w/ CobaltStrike integration. Compile builder.c using gcc: gcc -o Builder Builder.c Edit the .cna scrip

null 3 Feb 1, 2022
Manual map shellcode (aka byte array) injector

ShellJector This little tool can download DLL from the internet and inject it as shellcode (aka byte array) into process with manual map injection. Th

Александр Вольф 25 Jan 3, 2023
FUD shellcode Injector

EVA fully undetectable injector Update on Monday, July 12 : USE EVA2 INSTEAD . [+] antiscan.me YOUR MOM IS A -BITCH- IF YOU UPLOADED THIS TO ANY WEBSI

null 191 Nov 17, 2022
Encrypted shellcode injector with basic virtual machine evasion using C++

C++ PE Injector Overview Fully undetectable shellcode injector written in C++ with customizable XOR payload encryption/decryption and basic antivirus

Kampourakis Emmanouil 5 Apr 5, 2022
shellcode injector

What is Process Injection? It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of

anas 83 Dec 26, 2022
raincoat is a shellcode injector that uses direct syscall invoking.

raincoat is a shellcode injector that uses direct syscall invoking. by liz @realhaxorleet & ellyysium @ellyysium opening the code may cause brain dama

null 5 Jan 29, 2022