Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/moroii69/custom-malware

this project demonstrates shellcode injection on windows using self-injection and process injection.
https://github.com/moroii69/custom-malware

cpp cybersecurity malware windows

Last synced: 7 days ago
JSON representation

this project demonstrates shellcode injection on windows using self-injection and process injection.

Host: GitHub
URL: https://github.com/moroii69/custom-malware
Owner: moroii69
Created: 2024-06-11T15:51:54.000Z (8 months ago)
Default Branch: main
Last Pushed: 2024-08-11T12:36:54.000Z (6 months ago)
Last Synced: 2024-08-11T13:49:47.853Z (6 months ago)
Topics: cpp, cybersecurity, malware, windows
Language: C++
Homepage: https://owasp.org/www-community/attacks/Command_Injection
Size: 112 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# windows shellcode injection

this project demonstrates two methods of shellcode injection on windows: self-injection and process injection. the provided examples show how to inject and execute shellcode in a process's memory space using the windows api.

![shellcode injection](shellcode_injection.jpg)

## disclaimer

this code is for educational purposes only. misuse of this code can lead to severe consequences. use it responsibly and only on systems you have permission to test.

## overview

- **self-injection:** injects and executes shellcode within the same process.
- **process injection:** injects and executes shellcode into a remote process (`mspaint.exe`).

## prerequisites

- windows operating system ([windows official website](https://www.microsoft.com/windows))
- visual studio or any c++ compiler that supports windows api ([visual studio download](https://visualstudio.microsoft.com/downloads/))

## compiling

to compile the code, use a c++ compiler such as visual studio:

1. open the project in [visual studio](https://visualstudio.microsoft.com/).
2. ensure that you have set the project to compile as a c++ application.
3. build the project.

## self-injection

self-injection is the process of injecting and executing shellcode within the same process. the provided example shows how to allocate memory, write shellcode into it, and create a thread to execute the shellcode.

### code explanation

- **memory allocation:** allocates memory using [`VirtualAlloc`](https://learn.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualalloc).
- **shellcode writing:** writes the shellcode to the allocated memory using [`RtlCopyMemory`](https://learn.microsoft.com/windows/win32/api/winbase/nf-winbase-rtlcopymemory).
- **thread creation:** creates a thread to execute the shellcode using [`CreateThread`](https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-createthread).

### usage

1. compile the code.
2. run the compiled executable.
3. the shellcode (a message box) will execute within the same process.

## process injection

process injection is the technique of injecting and executing shellcode into a remote process. the provided example shows how to find a target process (`mspaint.exe`), allocate memory in it, write the shellcode, and create a remote thread to execute the shellcode.

### code explanation

- **process enumeration:** uses [`CreateToolhelp32Snapshot`](https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-createtoolhelp32snapshot) and [`Process32First/Process32Next`](https://learn.microsoft.com/windows/win32/api/psapi/nf-psapi-process32first) to find the target process.
- **memory allocation:** allocates memory in the target process using [`VirtualAllocEx`](https://learn.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-virtualallocex).
- **shellcode writing:** writes the shellcode into the target process's memory using [`WriteProcessMemory`](https://learn.microsoft.com/windows/win32/api/memoryapi/nf-memoryapi-writeprocessmemory).
- **thread creation:** creates a remote thread to execute the shellcode using [`CreateRemoteThread`](https://learn.microsoft.com/windows/win32/api/processthreadsapi/nf-processthreadsapi-createremotethread).

### usage

1. compile the code.
2. ensure `mspaint.exe` is running.
3. run the compiled executable.
4. the shellcode (a message box) will execute within `mspaint.exe`.

## shellcode

the provided shellcode examples are simple message boxes:

- **self-injection shellcode:** x86 message box shellcode.
- **process injection shellcode:** x64 message box shellcode.

## notes

- ensure the target process (`mspaint.exe`) is running before executing the process injection code.
- the shellcode provided is for demonstration purposes only and may need to be adapted for other use cases.

![message box](message_box.png)