Skip to content

GetRektBoy724/JALSI

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 

Repository files navigation

JALSI - Just Another Lame Shellcode Injector

JALSI is short for Just Another Lame Shellcode Injector.JALSI can inject shellcode (in the form of byte array,ofcourse) to local process or remote process.The special thing about JALSI is just that it uses D/Invoke and it implements SharpUnhooker.Anything else,its pretty lame.I test this program on Powershell and it bypasses WD for some reason 😂

This tool is tested on Windows 10 v20H2 x64 using MSFVenom's shellcode

Usage

Simply load the pre-compiled DLL or add the code function and call the LocalInject,RemoteInject,or QueueAPCInject function from the JALSI class. You can load the pre-compiled DLL on Powershell with Reflection.Assembly too! This code uses C# 5,so it can be compiled with the built-in CSC from Windows 10.

Parameters

  • RemoteInject(int TargetProcessID, byte[] shellcode)
  • LocalInject(byte[] shellcode)
  • QueueAPCInject(string PathToExecutableForProcess, byte[] shellcode)

RemoteInject Function

Inject shellcode to a remote process using NtOpenProcess/NtAllocateVirtualMemory/NtWriteVirtualMemory/NtProtectVirtualMemory(preventing RWX)/NtCreateThreadEx pattern. Memory Protection settings used : RW,RX JALSIRemoteInject

LocalInject Function

Inject shellcode to local/current process using Marshal.AllocHGlobal/NtProtectVirtualMemory/Marshal.Copy/NtCreateThreadEx pattern. Memory Protection settings used : RW,RX

JALSILocalInject

QueueAPCInject Function

Inject shellcode to a newly spawned process using CreateProcess/NtAllocateVirtualMemory/NtWriteVirtualMemory/NtProtectVirtualMemory(preventing RWX)/NtQueueApcThread/NtAlertResumeThread pattern. Memory Protection settings used : RW,RX

JALSIQueueAPCInject

To-Do

Releases

No releases published

Packages

No packages published

Languages