el84_injector_0.0 is a code injection tool developed for educational and security research purposes. It demonstrates advanced techniques in code injection and evasion, focusing on Windows environments. The tool utilizes API hashing, custom encoding/decoding methods, and direct manipulation of process memory to inject payloads into target processes without detection by Windows Defender.
- API Hashing: Utilizes API hashing to locate necessary WinAPI functions dynamically.
- XOR Encoding: Encodes WinAPI function pointers with a random 64-bit value (XOR) to evade static analysis.
- FCALL Macro: Simplifies WinAPI calls, enhancing code readability and maintainability.
- Custom Encoding/Decoding: Implements a basic custom method for payload encoding and decoding to bypass security measures.
- Simple Usage: Designed for easy use, requiring only the target process ID and a payload saved as
shellcode.binin the project directory.
- Place your x64 payload in a file named
shellcode.binin the project directory. - Run
build.shto compile the injector. This script automates the process, including payload encoding and injector compilation. - Execute
injector.exewith the target process ID as the command line argument:
./injector.exe <pid>The project can be built on systems with GCC and Mingw-w64 installed. The build process involves compiling helper programs for hash generation and payload encoding, followed by the main injector program.
Dependencies:
- GCC (for hash and encode utilities)
- x86_64-w64-mingw32-gcc (for compiling the injector on non-Windows platforms)
- Any necessary libraries for Windows API calls
Build Steps:
Refer to the build.sh script for detailed build commands and steps.
This tool is intended for educational and security research purposes only. The author is not responsible for misuse or for any damage that may occur from using this tool. It is the end user's responsibility to comply with all applicable laws and regulations. The use of this tool against targets without prior mutual consent is illegal.
- API Hashing and evasion techniques
- Custom payload encoding/decoding methods
- INCBIN GitHub Repository for binary inclusion in C/C++
- 64-Bit Programming Models: Why LP64?