JALSI - Just Another Lame Shellcode Injector
JALSI is short for Just Another Lame Shellcode Injector.JALSI can inject shellcode (in the form of byte array,ofcourse) to local process or remote process.The special thing about JALSI is just that it uses D/Invoke and it implements SharpUnhooker.Anything else,its pretty lame.I test this program on Powershell and it bypasses WD for some reason
This tool is tested on Windows 10 v20H2 x64 using MSFVenom's shellcode
Usage
Simply load the pre-compiled DLL or add the code function and call the LocalInject,RemoteInject,or QueueAPCInject function from the JALSI class. You can load the pre-compiled DLL on Powershell with Reflection.Assembly too! This code uses C# 5,so it can be compiled with the built-in CSC from Windows 10.
Parameters
RemoteInject(int TargetProcessID, byte[] shellcode)
LocalInject(byte[] shellcode)
QueueAPCInject(string PathToExecutableForProcess, byte[] shellcode)
RemoteInject Function
Inject shellcode to a remote process using NtOpenProcess/NtAllocateVirtualMemory/NtWriteVirtualMemory/NtProtectVirtualMemory(preventing RWX)/NtCreateThreadEx
pattern.
Memory Protection settings used : RW,RX
LocalInject Function
Inject shellcode to local/current process using Marshal.AllocHGlobal/NtProtectVirtualMemory/Marshal.Copy/NtCreateThreadEx
pattern.
Memory Protection settings used : RW,RX
QueueAPCInject Function
Inject shellcode to a newly spawned process using CreateProcess/NtAllocateVirtualMemory/NtWriteVirtualMemory/NtProtectVirtualMemory(preventing RWX)/NtQueueApcThread/NtAlertResumeThread
pattern.
Memory Protection settings used : RW,RX
To-Do
- Implement TripleS