Skip to content
/ special-spoon Public

Windows service that injects custom DLL shellcode into random processes using manual mapping

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

franciscolinan/special-spoon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Rootkit
Rootkit
 
 
README.md
README.md
 
 
Rootkit.sln
Rootkit.sln
 
 

Repository files navigation

special-spoon

Overview

This C++ project demonstrates a Windows service that starts at system startup and injects a DLL shellcode into a random process using manual mapping. The project allows users to inject custom shellcode into running processes without leaving traces on the disk, making it an effective way to achieve stealthy code execution.

Ethical Uses

While DLL injection can be misused, there are ethical and legitimate use cases for this project, including:

  • Parental Control Apps: Parental control applications could use this technique to restrict access to certain applications or websites for child safety
  • Antivirus Software: Some security applications may use DLL injection to monitor and protect other processes from potential threats
  • System Monitoring Tools: Certain system monitoring applications may utilize this project to gather data from running processes at system startup
  • Accessibility Tools: Accessibility tools could use this project to modify the behavior of specific applications to better suit the needs of users with disabilities
  • Software Licensing and DRM: Some applications may use this project to enforce software licensing or digital rights management (DRM) measures to prevent unauthorized usage
  • Security Research: Security researchers may use this technique for studying and analyzing the behavior of malware or suspicious software in a controlled environment

Features

  • Windows service that starts at system startup
  • Manual mapping technique for injecting a DLL shellcode into a random process
  • Stealthy execution

Customizing Shellcode

  • Open the payload.cpp file in the source code
  • Modify the payload array with your custom shellcode. Make sure it's compatible with the target process architecture
  • Rebuild the solution in Release mode

How it Works

The project uses the Windows Service Control Manager (SCM) to create and manage the service. Upon system startup, the service is launched, and it triggers the manual mapping DLL injection technique to inject the custom shellcode into a randomly selected process. The manual mapping technique is chosen for its stealthiness.

Disclaimer

This project is provided for educational purposes only. Use this project responsibly and at your own risk. The authors are not responsible for any misuse or damage caused by this software.

Note: Be cautious when working with DLL injection techniques, as they can lead to system instability and security vulnerabilities. Always test the project in a controlled environment and use it responsibly and ethically.

About

Windows service that injects custom DLL shellcode into random processes using manual mapping

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages