Skip to content
/ el84_injector_0.0 Public

el84_injector_0.0 is a code injection tool for Windows environments, which utilizes hashing, custom encoding and manipulation of process memory to inject payloads into processes bypassing EDR.

2 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rat-c/el84_injector_0.0

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
build.sh
build.sh
 
 
encode.c
encode.c
 
 
hash.c
hash.c
 
 
hash.h
hash.h
 
 
incbin.h
incbin.h
 
 
main.c
main.c
 
 

Repository files navigation

el84_injector_0.0

el84_injector_0.0 is a code injection tool developed for educational and security research purposes. It demonstrates advanced techniques in code injection and evasion, focusing on Windows environments. The tool utilizes API hashing, custom encoding/decoding methods, and direct manipulation of process memory to inject payloads into target processes without detection by Windows Defender.

image

Features

  • API Hashing: Utilizes API hashing to locate necessary WinAPI functions dynamically.
  • XOR Encoding: Encodes WinAPI function pointers with a random 64-bit value (XOR) to evade static analysis.
  • FCALL Macro: Simplifies WinAPI calls, enhancing code readability and maintainability.
  • Custom Encoding/Decoding: Implements a basic custom method for payload encoding and decoding to bypass security measures.
  • Simple Usage: Designed for easy use, requiring only the target process ID and a payload saved as shellcode.bin in the project directory.

Usage

  1. Place your x64 payload in a file named shellcode.bin in the project directory.
  2. Run build.sh to compile the injector. This script automates the process, including payload encoding and injector compilation.
  3. Execute injector.exe with the target process ID as the command line argument:
./injector.exe <pid>

Building from Source

The project can be built on systems with GCC and Mingw-w64 installed. The build process involves compiling helper programs for hash generation and payload encoding, followed by the main injector program.

Dependencies:

  • GCC (for hash and encode utilities)
  • x86_64-w64-mingw32-gcc (for compiling the injector on non-Windows platforms)
  • Any necessary libraries for Windows API calls

Build Steps: Refer to the build.sh script for detailed build commands and steps.

Disclaimer

This tool is intended for educational and security research purposes only. The author is not responsible for misuse or for any damage that may occur from using this tool. It is the end user's responsibility to comply with all applicable laws and regulations. The use of this tool against targets without prior mutual consent is illegal.

References

About

el84_injector_0.0 is a code injection tool for Windows environments, which utilizes hashing, custom encoding and manipulation of process memory to inject payloads into processes bypassing EDR.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages