{"id":24795943,"url":"https://github.com/moroii69/custom-malware","last_synced_at":"2025-03-24T20:17:26.339Z","repository":{"id":243901870,"uuid":"813719670","full_name":"moroii69/custom-malware","owner":"moroii69","description":"this project demonstrates shellcode injection on windows using self-injection and process injection.","archived":false,"fork":false,"pushed_at":"2024-08-11T12:36:54.000Z","size":115,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-30T00:32:13.944Z","etag":null,"topics":["cpp","cybersecurity","malware","windows"],"latest_commit_sha":null,"homepage":"https://owasp.org/www-community/attacks/Command_Injection","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/moroii69.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-11T15:51:54.000Z","updated_at":"2024-08-11T12:37:15.000Z","dependencies_parsed_at":"2025-01-30T00:30:11.724Z","dependency_job_id":"e201bc94-0707-47fa-9106-cfe9b61aa1f6","html_url":"https://github.com/moroii69/custom-malware","commit_stats":null,"previous_names":["moroii69/malware-dev","moroii69/custom-malware"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moroii69%2Fcustom-malware","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moroii69%2Fcustom-malware/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moroii69%2Fcustom-malware/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/moroii69%2Fcustom-malware/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/moroii69","download_url":"https://codeload.github.com/moroii69/custom-malware/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245344002,"owners_count":20599867,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cpp","cybersecurity","malware","windows"],"created_at":"2025-01-30T00:30:09.812Z","updated_at":"2025-03-24T20:17:21.330Z","avatar_url":"https://github.com/moroii69.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# windows shellcode injection\n\nthis project demonstrates two methods of shellcode injection on windows: self-injection and process injection. the provided examples show how to inject and execute shellcode in a process's memory space using the windows api.\n\n![shellcode injection](shellcode_injection.jpg)\n\n## disclaimer\n\nthis code is for educational purposes only. misuse of this code can lead to severe consequences. use it responsibly and only on systems you have permission to test.\n\n## overview\n\n- **self-injection:** injects and executes shellcode within the same process.\n- **process injection:** injects and executes shellcode into a remote process (`mspaint.exe`).\n\n## prerequisites\n\n- windows operating system ([windows official website](https://www.microsoft.com/windows))\n- visual studio or any c++ compiler that supports windows api ([visual studio download](https://visualstudio.microsoft.com/downloads/))\n\n## compiling\n\nto compile the code, use a c++ compiler such as visual studio:\n\n1. open the project in [visual studio](https://visualstudio.microsoft.com/).\n2. ensure that you have set the project to compile as a c++ application.\n3. build the project.\n\n## self-injection\n\nself-injection is the process of injecting and executing shellcode within the same process. the provided example shows how to allocate memory, write shellcode into it, and create a thread to execute the shellcode.\n\n### code explanation\n\n- **memory allocation:** allocates memory using [`VirtualAlloc`](https://learn.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc).\n- **shellcode writing:** writes the shellcode to the allocated memory using [`RtlCopyMemory`](https://learn.microsoft.com/windows/win32/api/winbase/nf-winbase-rtlcopymemory).\n- **thread creation:** creates a thread to execute the shellcode using [`CreateThread`](https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-createthread).\n\n### usage\n\n1. compile the code.\n2. run the compiled executable.\n3. the shellcode (a message box) will execute within the same process.\n\n## process injection\n\nprocess injection is the technique of injecting and executing shellcode into a remote process. the provided example shows how to find a target process (`mspaint.exe`), allocate memory in it, write the shellcode, and create a remote thread to execute the shellcode.\n\n### code explanation\n\n- **process enumeration:** uses [`CreateToolhelp32Snapshot`](https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-createtoolhelp32snapshot) and [`Process32First/Process32Next`](https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-process32first) to find the target process.\n- **memory allocation:** allocates memory in the target process using [`VirtualAllocEx`](https://learn.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex).\n- **shellcode writing:** writes the shellcode into the target process's memory using [`WriteProcessMemory`](https://learn.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory).\n- **thread creation:** creates a remote thread to execute the shellcode using [`CreateRemoteThread`](https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread).\n\n### usage\n\n1. compile the code.\n2. ensure `mspaint.exe` is running.\n3. run the compiled executable.\n4. the shellcode (a message box) will execute within `mspaint.exe`.\n\n## shellcode\n\nthe provided shellcode examples are simple message boxes:\n\n- **self-injection shellcode:** x86 message box shellcode.\n- **process injection shellcode:** x64 message box shellcode.\n\n## notes\n\n- ensure the target process (`mspaint.exe`) is running before executing the process injection code.\n- the shellcode provided is for demonstration purposes only and may need to be adapted for other use cases.\n\n![message box](message_box.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoroii69%2Fcustom-malware","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmoroii69%2Fcustom-malware","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmoroii69%2Fcustom-malware/lists"}