GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fdiskyou → Injectallthethings

fdiskyou / Injectallthethings

Licence: unlicense
Seven different DLL injection techniques in one single project.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

malwaredebuggingdll

Projects that are alternatives of or similar to Injectallthethings

Kernel-dll-injector
Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
Stars: ✭ 256 (-80.26%)
Mutual labels:  dll, malware
Antidebugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 161 (-87.59%)
Mutual labels:  malware, debugging
maalik
Feature-rich Post Exploitation Framework with Network Pivoting capabilities.
Stars: ✭ 75 (-94.22%)
Mutual labels:  dll, malware
Artifacts Kit
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
Stars: ✭ 99 (-92.37%)
Mutual labels:  dll, malware
SQLCallStackResolver
Utility to resolve SQL Server callstacks to their correct symbolic form using just PDBs and without a dump file
Stars: ✭ 55 (-95.76%)
Mutual labels:  debugging, dll
Anti-Debugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 297 (-77.1%)
Mutual labels:  debugging, malware
Pwndbg
Exploit Development and Reverse Engineering with GDB Made Easy
Stars: ✭ 4,178 (+222.13%)
Mutual labels:  malware, debugging
Php Malware Analysis
Deobfuscation and analysis of PHP malware captured by a WordPress honey pot
Stars: ✭ 82 (-93.68%)
Mutual labels:  malware
Training Material
A collection of code examples as well as presentations for training purposes
Stars: ✭ 85 (-93.45%)
Mutual labels:  debugging
Anubis
Free open-source training software / cheat for Counter-Strike: Global Offensive, written in C.
Stars: ✭ 81 (-93.75%)
Mutual labels:  dll
Evilclippy
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
Stars: ✭ 1,224 (-5.63%)
Mutual labels:  malware
Teleshadow3
Telegram Desktop Session Stealer
Stars: ✭ 83 (-93.6%)
Mutual labels:  malware
Vlog
An in-display logging library for Android 📲
Stars: ✭ 86 (-93.37%)
Mutual labels:  debugging
Malwaredatascience
Malware Data Science Reading Diary / Notes
Stars: ✭ 82 (-93.68%)
Mutual labels:  malware
React Native Logs
Performance-aware simple logger for React-Native with namespaces, custom levels and custom transports (colored console, file writing, etc.)
Stars: ✭ 84 (-93.52%)
Mutual labels:  debugging
Spacecow
Windows Rootkit written in Python
Stars: ✭ 81 (-93.75%)
Mutual labels:  malware
Perf Hoc
(Deprecated) Visualize and detect unnecessary rendering and performance issues in React.
Stars: ✭ 87 (-93.29%)
Mutual labels:  debugging
Clitools
🔧 CliTools for Docker, PHP / MySQL development, debugging and synchonization
Stars: ✭ 86 (-93.37%)
Mutual labels:  debugging
1hosts
DNS filter-/blocklists | safe. private. clean. browsing!
Stars: ✭ 85 (-93.45%)
Mutual labels:  malware
Sinkholes
🐛 Malware Sinkhole List in various formats
Stars: ✭ 84 (-93.52%)
Mutual labels:  malware
View All Similar Projects ➔

What is it

Single Visual Studio project implementing multiple DLL injection techniques (actually 7 different techniques) that work both for 32 and 64 bits. Each technique has its own source code file to make it easy way to read and understand.

The table below makes it easy to understand what's actually implemented and how to use it.

Method 32 bits 64 bits DLL to use
CreateRemoteThread() ✔️ ✔️ dllmain_32.dll / dllmain_64.dll
NtCreateThreadEx() ✔️ ✔️ dllmain_32.dll / dllmain_64.dll
QueueUserAPC() ✔️ ✔️ dllmain_32.dll / dllmain_64.dll
SetWindowsHookEx() ✔️ ✔️ dllpoc_32.dll / dllpoc_64.dll
RtlCreateUserThread() ✔️ ✔️ dllmain_32.dll / dllmain_64.dll
SetThreadContext() ✔️ ✔️ dllmain_32.dll / dllmain_64.dll
Reflective DLL ✔️ ✔️ rdll_32.dll / rdll_64.dll

How to use it

C:\Users\rui>injectAllTheThings_64.exe
injectAllTheThings - [email protected]
Usage: injectAllTheThings.exe -t <option> <process name> <full/path/to/dll>
Options:
  1     DLL injection via CreateRemoteThread()
  2     DLL injection via NtCreateThreadEx()
  3     DLL injection via QueueUserAPC()
  4     DLL injection via SetWindowsHookEx()
  5     DLL injection via RtlCreateUserThread()
  6     DLL injection via Code Cave SetThreadContext()
  7     Reflective DLL injection

Needless to say, to be on the safe side, always use injectAllTheThings_32.exe to inject into 32 bits processes or injectAllTheThings_64.exe to inject into 64 bits processes. Although, you can also use injectAllTheThings_64.exe to inject into 32 bits processes. And actually, I didn't implement it but I might have to give it a try later, you can go from WoW64 to 64 bits. Which is basically what Metasploit 'smart_migrate' does. Have a look here.

Compile for 32 and 64 bits, with our without debugging and have fun.

Note: All techniques have been tested successfully in Windows 10 1903 x64 with notepad.exe. This has been used for Endpoint Security testing by me, and a few other people I know, as a PoC. Don't ask for help if you are injecting somewhere else and your target is crashing. I'm pretty sure you can debug the issue yourself if you want to re-use the code in your own tools.

For more information visit: http://deniable.org/windows/inject-all-the-things

Credits

Reflective DLL injection - Stephen Fewer

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].