Shellcode reflective DLL injection in Rust
generator | ||
injector | ||
payload | ||
reflective_loader | ||
shared | ||
toolchains | ||
.gitignore | ||
build.sh | ||
CMakeLists.txt | ||
LICENSE | ||
README.md |
Shellcode reflective DLL injection in C++
Reflective DLL injection demo for fun and education. In practical applications, there's significant scope for enhancing build sizes, obfuscation, and delivery logic.
A blog post describing the technicalities of sRDI.
Project Structure
.
├── build.sh # Build script (cmake & make)
├── generator # Shellcode generator (ties together bootstrap, loader, payload, and user data)
├── injector # PoC injector
├── payload # PoC payload (DllMain & PrintMessage(lpUserData))
├── reflective_loader # sRDI implementation
├── shared # Common cryptographic & file modules
└── toolchains # Cross-compilation toolchains (linux & darwin)
Features
- Hashed import names & indirect function calls
- Randomized export iteration & IAT patching
- XOR encryption for shellcode (randomized key generated during shellcode generation)
Check out Alcatraz for additional obfuscation for the shellcode/injector.
Usage
Compile the libraries and executables with the included build.sh
shellscript (if cross-compiling).
Disclaimer
Information and code provided on this repository are for educational purposes only. The creator is in no way responsible for any direct or indirect damage caused due to the misuse of the information.
Credits
- Stephen Fewer (@stephenfewer) for reflective DLL injection
- Nick Landers (@monoxgas) for shellcode generator
- @memN0ps for bootstrap shellcode