JALSI is short for Just Another Lame Shellcode Injector.JALSI can inject shellcode (in the form of byte array,ofcourse) to local process or remote process.The special thing about JALSI is just that it uses D/Invoke and it implements SharpUnhooker.Anything else,its pretty lame.I test this program on Powershell and it bypasses WD for some reason 😂
Simply load the pre-compiled DLL or add the code function and call the LocalInject,RemoteInject,or QueueAPCInject function from the JALSI class. You can load the pre-compiled DLL on Powershell with Reflection.Assembly too! This code uses C# 5,so it can be compiled with the built-in CSC from Windows 10.
RemoteInject(int TargetProcessID, byte[] shellcode)
LocalInject(byte[] shellcode)
QueueAPCInject(string PathToExecutableForProcess, byte[] shellcode)
Inject shellcode to a remote process using NtOpenProcess/NtAllocateVirtualMemory/NtWriteVirtualMemory/NtProtectVirtualMemory(preventing RWX)/NtCreateThreadEx
pattern.
Memory Protection settings used : RW,RX
Inject shellcode to local/current process using Marshal.AllocHGlobal/NtProtectVirtualMemory/Marshal.Copy/NtCreateThreadEx
pattern.
Memory Protection settings used : RW,RX
Inject shellcode to a newly spawned process using CreateProcess/NtAllocateVirtualMemory/NtWriteVirtualMemory/NtProtectVirtualMemory(preventing RWX)/NtQueueApcThread/NtAlertResumeThread
pattern.
Memory Protection settings used : RW,RX
- Implement TripleS