Shellcode reflective DLL injection in Rust
Go to file
2024-01-06 13:53:18 +02:00
generator proper linting & google formatting 2024-01-06 13:53:18 +02:00
injector proper linting & google formatting 2024-01-06 13:53:18 +02:00
payload proper linting & google formatting 2024-01-06 13:53:18 +02:00
reflective_loader proper linting & google formatting 2024-01-06 13:53:18 +02:00
shared proper linting & google formatting 2024-01-06 13:53:18 +02:00
toolchains build size optimizations, streamlining 2024-01-04 20:00:24 +02:00
.gitignore semiproper cmake build configuration 2023-12-29 21:36:08 +02:00
build.sh build size optimizations, streamlining 2024-01-04 20:00:24 +02:00
CMakeLists.txt update build to match dir structure 2024-01-05 21:48:20 +02:00
LICENSE Initial commit 2023-12-13 00:18:24 +02:00
README.md include blog post link 2024-01-05 21:57:22 +02:00

Shellcode reflective DLL injection in C++

Reflective DLL injection demo for fun and education. In practical applications, there's significant scope for enhancing build sizes, obfuscation, and delivery logic.

A blog post describing the technicalities of sRDI.

Project Structure

.
├── build.sh            # Build script (cmake & make)
├── generator           # Shellcode generator (ties together bootstrap, loader, payload, and user data)
├── injector            # PoC injector
├── payload             # PoC payload (DllMain & PrintMessage(lpUserData))
├── reflective_loader   # sRDI implementation
├── shared              # Common cryptographic & file modules
└── toolchains          # Cross-compilation toolchains (linux & darwin)

Features

  • Hashed import names & indirect function calls
  • Randomized export iteration & IAT patching
  • XOR encryption for shellcode (randomized key generated during shellcode generation)

Check out Alcatraz for additional obfuscation for the shellcode/injector.

Usage

Compile the libraries and executables with the included build.sh shellscript (if cross-compiling).

Disclaimer

Information and code provided on this repository are for educational purposes only. The creator is in no way responsible for any direct or indirect damage caused due to the misuse of the information.

Credits