Skip to content
/ stealthInjector Public

Injects shellcode into remote processes using direct syscalls

74 stars 23 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JohnWoodman/stealthInjector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
Makefile
Makefile
 
 
README.md
README.md
 
 
getSyscall.h
getSyscall.h
 
 
injectShellcode.cpp
injectShellcode.cpp
 
 

Repository files navigation

stealthInjector

Injects shellcode into remote processes using direct syscalls.

Direct syscalls will bypass a lot of AV/EDR detection techniques such as API userland hooking and monitoring.

The syscalls are retrieved dynamically through reading ntdll.dll instead of using hardcoded assembly. The advantage of retrieving the syscalls dynamically is that you don't have to worry about syscalls changing between Windows versions/patches, and you don't have to hardcode assembly which takes up space and time.

Usage

Usage: stealthInjector.exe -shellcode <file> [-spawnProc | -pid <num>] [-unsafe]

-spawnProc: spawn nslookup.exe and inject into that
-pid <num>: inject into remote process given PID
-unsafe: inject shellcode using high-level API calls (likely to get caught by AV/EDR)
-shellcode <file>: raw shellcode to inject

About

Injects shellcode into remote processes using direct syscalls

Resources

Readme
Activity

Stars

74 stars

Watchers

5 watching

Forks

23 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages