Polymorphic shellcode loader generator. Takes raw shellcode, encrypts it, and generates a ready-to-compile C source file with randomized variable and function names. Every run produces unique output, making static signature detection basically impossible.
7 injection techniques: self-inject (VirtualAlloc + CreateThread), CreateRemoteThread into a running process, Early Bird APC (queue APC to newly suspended process), callback abuse (via EnumChildWindows), fiber execution (ConvertThreadToFiber + CreateFiber), thread hijack (suspend remote thread, modify RIP, resume), and module stomping (load signed DLL, overwrite its .text section).
Supports XOR and AES-256-CBC encryption, optional sandbox evasion (timing checks + process count), and outputs a standalone C file compilable with MSVC or MinGW. x64 Windows.
python phantomgate.py shellcode.bin
python phantomgate.py shellcode.bin -t inject --target notepad.exe
python phantomgate.py shellcode.bin -t apc -e aes -s
python phantomgate.py shellcode.bin -t stomp --sandbox
python phantomgate.py shellcode.bin -t hijack --target explorer.exe -o custom.c
-t, --technique- Injection technique: local, inject, apc, callback, fiber, hijack, stomp-e, --encrypt- Encryption: xor (default), aes-s, --sandbox- Add sandbox evasion--target- Target process for inject/hijack/apc (default: explorer.exe)-o, --output- Output filename (default: loader.c)
cl /O2 output/loader.c
With AES encryption, link bcrypt:
cl /O2 output/loader.c /link bcrypt.lib
- Python 3.6+
- pycryptodome (optional, only for AES mode):
pip install pycryptodome
Discord: eren_._z