What is this?
Injectopi is a set of tutorials that I've decided to write down in order to learn about various injection techniques in the Windows' environment. The idea came to my mind when I noticed these awesome sources by Hasherezade.
Here is what I thought:
"Is there anything better than a mighty animal with multiple arms swinging poisonous pointy weapons?"
This tutorial shows how you can create a program that, when run, will inject code into an existing process. We will show multiple techniques of increasing complexity discovered by security researchers and malware coders. It has to be noted that these list is not complete as it only shows the main techniques!
|CreatePatched||Spawns a benign process with its Entrypoint patched with a shellcode||
|CreateSection||Creates a new executable section, containing a shellcode, in an existing process||
|CreateSectionAPC||Same as CreateSection: this time asynchronous procedure calls will be used.||
|FullCopy||Allocates an executable memory region in an existing process and copies itself in that region||
If you want to compile each binary it is suggested to use:
- Visual Studio 2017 (Community will suffice)
- Windows 7+
Injectopi.sln with Visual Studio!
Visual Studio 2017
Make sure to have the
Desktop C++ x86 and x64 components enabled with your Visual Studio installation!
You should be ready to go!
What are you running with that shellcode?
I have commented what the shellcode does in the file
Here below you can find a list of interesting articles / websites / papers which I found useful while writing down Injectopi!
From their website:
Imagine running your favorite Windows applications and drivers in an open-source environment you can trust. That's ReactOS. Not just an Open but also a Free operating system.
ReactOS is an awesome project which aims at open-sourcing the Windows OS by reverse engineering it. The documentation you find on their website is pure gold.
skape's "Understanding Windows Shellcode" paper is a great resource that will surely help you understand how Windows' internals work and how to use them to write shellcode.
The shellcode I use in these examples uses some techniques shown in the paper!
Any contribution is very welcome! Feel free to open issues and pull requests!
Copyright 2017 Giulio De Pasquale Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.