Shellcode test injector

Author: XaFF-XaFF

Shellcodev/command.cpp

@@ -419,7 +419,7 @@ static BOOL winrepl_command_help()
 	std::cout << ".read addr size\t\tRead from a memory address." << std::endl;
 	std::cout << ".write addr hexdata\tWrite to a memory address." << std::endl;
 	std::cout << ".toshell format\t\tConvert list to selected shellcode format. Available formats: c, cs, raw" << std::endl;
-	//std::cout << ".inject pid\t\tTest shellcode by injecting it into the process." << std::endl;
+	std::cout << ".inject pid\t\tTest shellcode by injecting it into the process. Works currently only on x86!" << std::endl;
 	std::cout << ".allocate size\t\tAllocate a memory buffer." << std::endl;
 	std::cout << ".loadlibrary path\tLoad a DLL into the process." << std::endl;
 	std::cout << ".kernel32 func\t\tGet address of a kernel32 export." << std::endl;

Shellcodev/inject.cpp

@@ -17,5 +17,15 @@ BOOL shelldev_inject_shellcode(std::vector<asm_t>* assemblies, std::string pid)
 
 	std::vector<unsigned char> bytes = get_shellcode(assemblies);
 
+	HANDLE processHandle;
+	HANDLE remoteThread;
+	PVOID remoteBuffer;
+
+	processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, (DWORD)std::atoi(pid.c_str()));
+	remoteBuffer = VirtualAllocEx(processHandle, NULL, bytes.size(), (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
+	WriteProcessMemory(processHandle, remoteBuffer, bytes.data(), bytes.size(), NULL);
+	remoteThread = CreateRemoteThread(processHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
+	CloseHandle(processHandle);
+
 	return TRUE;
 }