This project demonstrates two methods of shellcode injection on Windows: self-injection and process injection. The provided examples show how to inject and execute shellcode in a process's memory space using the Windows API.
This code is for educational purposes only. Misuse of this code can lead to severe consequences. Use it responsibly and only on systems you have permission to test.
- Self-Injection: Injects and executes shellcode within the same process.
- Process Injection: Injects and executes shellcode into a remote process (
mspaint.exe
).
- Windows Operating System
- Visual Studio or any C++ compiler that supports Windows API
To compile the code, use a C++ compiler such as Visual Studio:
- Open the project in Visual Studio.
- Ensure that you have set the project to compile as a C++ application.
- Build the project.
Self-injection is the process of injecting and executing shellcode within the same process. The provided example shows how to allocate memory, write shellcode into it, and create a thread to execute the shellcode.
- Memory Allocation: Allocates memory using
VirtualAlloc
. - Shellcode Writing: Writes the shellcode to the allocated memory using
RtlCopyMemory
. - Thread Creation: Creates a thread to execute the shellcode using
CreateThread
.
- Compile the code.
- Run the compiled executable.
- The shellcode (a message box) will execute within the same process.
Process injection is the technique of injecting and executing shellcode into a remote process. The provided example shows how to find a target process (mspaint.exe
), allocate memory in it, write the shellcode, and create a remote thread to execute the shellcode.
- Process Enumeration: Uses
CreateToolhelp32Snapshot
andProcess32First/Process32Next
to find the target process. - Memory Allocation: Allocates memory in the target process using
VirtualAllocEx
. - Shellcode Writing: Writes the shellcode into the target process's memory using
WriteProcessMemory
. - Thread Creation: Creates a remote thread to execute the shellcode using
CreateRemoteThread
.
- Compile the code.
- Ensure
mspaint.exe
is running. - Run the compiled executable.
- The shellcode (a message box) will execute within
mspaint.exe
.
The provided shellcode examples are simple message boxes:
- Self-Injection Shellcode: x86 message box shellcode.
- Process Injection Shellcode: x64 message box shellcode.
- Ensure the target process (
mspaint.exe
) is running before executing the process injection code. - The shellcode provided is for demonstration purposes only and may need to be adapted for other use cases.