98 Resources
C/C++ dll-injection Libraries
DxWrapper is a .dll file designed to wrap DirectX files to fix compatibility issues in older games
DxWrapper Introduction DxWrapper is a .dll file designed to wrap DirectX files to fix compatibility issues in older games. This project is primarily t
Add a directory to dynamic DLL search path on Windows.
DLLLoaderHelper Add a directory to DLL search path for Windows. Say you are building a library, :library_name, which loads some 3rd party shared libra
Minecraft injection client, started as a UDP-CPP port for linux
Phantom Fully C++ Minecraft injection client for linux. Mapping code is based off of UDP, and Dear ImGui is used for the window, but the cheats and st
Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
RecycledGate This is just another implementation of Hellsgate + Halosgate/Tartarusgate. However, this implementation makes sure that all system calls
This is a brand-new technique for shellcode injection to evade AVs and EDRs
This is a brand-new technique for shellcode injection to evade AVs and EDRs. This technique is inspired by Module Stomping and has some similarities. As to this date (23-01-2022) also hollows-hunter doesn't find it.
Implements a Windows service (in a DLL) that removes the rounded corners for windows in Windows 11
ep_dwm Implements a Windows service that removes the rounded corners for windows in Windows 11. Tested on Windows 11 build 22000.434. Pre-compiled bin
DLL Hooker using DLL Redirection
DLLHooker DLL Hooker using DLL Redirection. Development Environment IDE: Visual Studio 2019 Demonstration References [1] https://www.exploit-db.com/do
Read-Compile-Run-Loop: tiny and powerful interactive C++ compiler (REPL)
Read-Compile-Run-Loop: tiny and powerful interactive C++ compiler (REPL) RCRL is a tiny engine for interactive C++ compilation and execution (implemen
A rewrite of the old legacy software "depends.exe" in C# for Windows devs to troubleshoot dll load dependencies issues.
Dependencies - An open-source modern Dependency Walker Download here (If you're running an AV, use this download instead) NB : due to limitations on /
An SFTP client shared library (dll/so/dylib) with bindings and classes for C++, Delphi and Free Pascal based on PuTTY
TGPuttyLib A shared library / DLL with Delphi and C++ bindings based on PuTTY, for Windows, macOS, and Linux. The new TGPuttyLib SFTP Library is a DLL
DI: C++14 Dependency Injection Library
[Boost::ext].DI Your C++14 one header only Dependency Injection library with no dependencies https://www.youtube.com/watch?v=yVogS4NbL6U Quick start D
CMake module for building IDL files with MIDL and generating CLR DLL using Tlbimp
FindIDL CMake module for building IDL files with MIDL and generating CLR DLL using Tlbimp. Introduction Requirements Usage find_package() add_idl() ad
Injection - Windows process injection methods
Windows Process Injection Here are some popular methods used for process injection on the windows operating system. Conhost ExtraBytes PROPagate Servi
TiEtwAgent - PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
TiEtwAgent - ETW-based process injection detection This project was created to research, build and test different memory injection detection use cases
Remote hacker probe - Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.
The Remote Hacker Probe is a Threat Emulation and Red Teaming Framework built to be easy to use. The Remote Hacker Probe is Feature Rich! Including, K
Orca - Advanced Malware with multifeatures written in ASM/C/C++ , work on all windows versions ! (some features still under developing and not stable)
About Orca Orca is an Advanced Malware with multifeatures written in ASM/C/C++ features Run in Background (Hidden Mode) Records keystrokes and saves t
LibEFT: an EFT loading DLL for Emergency mods!
LibEFT: an EFT loading DLL for Emergency mods! "Ladies and gentlemen, I present... The disguised S3TC texture. There's no way it's anything else. I di
An example of COM hijacking using a proxy DLL.
COM-Hijacking An example of COM hijacking using a proxy DLL. Demo using getmac/wbemprox.dll In this demo, we use the fact that the getmac.exe command
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD
How Does 0x41 work: 1- checks the environment [detect sandboxes / debuggers / virtual machines] 2- download the [encrypted] shellcode file [.bin] if t
Volatile ELF payloads generator with Metasploit integrations for testing GNU/Linux ecosystems against low-level threats
Revenant Intro This tool combines SCC runtime, rofi, Msfvenom, Ngrok and a dynamic template processor, offering an easy to use interface for compiling
Evasive shellcode loader for bypassing event-based injection detection (PoC)
DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection detection, without necessarily suppressing event collection. The project
A Stub DLL replace in-game text
Gujian3TextMod A Stub DLL replace in-game text messages. Original DirectSound wrapper DLL implementation from DirectX-Wrappers The code was modified t
Simple one file header for hijacking windows version.dll for desired executable to do 3rd party modifying without dll injection.
Version-Hijack Simple one file header for hijacking windows version.dll for desired executable to do 3rd party modifying without dll injection. Usage
A DLL & Code Injection C++ library for Windows.
syringe - A DLL & Code Injection C++ library for Windows. syringe is a DLL & Code Injection C++ library for Windows that contains different techniques
(FIXED) Since the one on github didn't work. (ALSO INCLUDES .DLL SO YOU CAN JUST INJECT INTO FORTNITE)
Marathon-Fortnite-Cheat-Fix-Leak Fortnite Marathon Cheat v18.20 FIXED [Leak] Getting started Open .sln with Visual Studio 2019 Compile batch build to
Multiple payloads for the digispark digistump AVR boards.
Multiple payloads for the digispark digistump AVR boards. Some are translated from RubberDucky and some are original..
THIS REPO IS PART OF WHAT ORCA TOLD ME TO UPLOAD
ACHLYSv2 How it works: First ACHLYS detects the environment of the machine its being in, by checking sandboxes and debuggers presents. second when the
Simple, fully external, smart, fast, JSON-configurated, feature-rich Windows x86 DLL Memory Dumper with Code Generation. Written in Modern C++.
altdumper Simple, fully external, smart, fast, JSON-configurated, feature-rich Windows x86 DLL Memory Dumper with Code Generation. Written in Modern C
A dumper for CS:GO cheat loaders that use manual map injection method
NoobDumper v2 A (mostly dll) dumper for CS:GO cheat loaders that use manual map injection method How to use this Inject the dumper into the loader ( x
Inject dll to cmd.exe to prevent file execution.
Console-Process-Execution Inject dll to cmd.exe to prevent file execution. Requierments: Microsoft Detours Library - https://github.com/microsoft/Deto
Inject a DLL into any program using this C++ program
DLL-Injection-Cpp Inject a DLL into any process using this C++ program Installation Go into a folder and open up Command Prompt. In command prompt run
A lightweight utility for parsing PE file formats (EXE, DLL, SYS) written in C/C++
peParser A lightweight utility for parsing PE file formats (EXE, DLL, SYS). Windows Portable Executable (PE) files includes a variety of parsable data
A small DLL that fixes tool's usage of the Halo 3 shader compiler.
h3-shader-compiler-fix A small DLL that fixes tool's usage of the Halo 3 shader compiler. Tool forgot to initialise the compiler before using it, so t
This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification.
UAC bypass - DLL hijacking Description This is a PoC for bypassing UAC using DLL hijacking and abusing the "Trusted Directories" verification. Summary
A LoadLibrary injector for CS:GO that automatically bypasses Trusted Mode by disabling various Win32 function hooks.
TrustedInjector This is a LoadLibrary injector for Counter-Strike: Global Offensive. Information It automatically bypasses trusted mode by removing ho
A MCBE dll mod (mainly for testing) which modifies some piston functions
PistonFuckery A MCBE dll mod (mainly for testing) which modifies some piston functions. The current version modifies PistonBlockActor::_checkAttachedB
Shared to msvcrt.dll or ucrtbase.dll and optimize the C/C++ application file size.
VC-LTL - An elegant way to compile lighter binaries. 简体中文 I would like to turn into a stone bridge, go through 500 years of wind, 500 years of Sun, ra
A BOF to parse the imports of a provided PE-file, optionally extracting symbols on a per-dll basis.
PE Import Enumerator BOF What is this? This is a BOF to enumerate DLL files to-be-loaded by a given PE file. Depending on the number of arguments, thi
ELF static analysis and injection framework that parse, manipulate and camouflage ELF files.
elfspirit elfspirit is a useful program that parse, manipulate and camouflage ELF files. It provides a variety of functions, including adding or delet
DLL Exports Extraction BOF with optional NTFS transactions.
DLL Exports Extraction BOF What is this? This is a Cobalt Strike BOF file, meant to use two or three arguments (path to DLL, and/or a third argument [
Wireless keystroke injection attack platform
Wireless keystroke injection attack platform
Spotify AdBlocker for Windows, written in C. DLL Injection.
Spotify AdBlock Windows Spotify Ad Block, in C ! Build Open an issue with information related if any error occurs. mingw32-make all Tested gcc: # gcc
A method from GH on how to stream a dll without touching disk, TAGS: fortnite cheat fortnite injector dll injector
dll-encryptor People who make pay hacks typically have down syndrome and are incapable of using their brains in any fashion, and yet these bath salt s
DLL Hijack Search Order Enumeration BOF
DLL Hijack Search Order BOF What is this? This is a Cobalt Strike BOF file, meant to use two arguments (path to begin, and a DLL filename of interest)
code for the Proxy DLL example blog post
ProxyDLLExample A simple DLL for Windows that can be used to demonstrate a DLL Proxy Attack. This project uses GCC through MinGW was tested on Ubuntu
Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode
Hellsgate Undetectable Loader for Cobalt Strike Using Syscalls And A External Shellcode Features: Using Syscalls from Hellsgate tech loading the shell
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel.
Skrull is a malware DRM, that prevents Automatic Sample Submission by AV/EDR and Signature Scanning from Kernel. It generates launchers that can run malware on the victim using the Process Ghosting technique. Also, launchers are totally anti-copy and naturally broken when got submitted.
simple C++ dll injector
Dll-Injector DLL injection is a method of executing arbitrary code in the address space of a separate live process. TECHNICAL DETAILS Open process wit
Image File Execution Options Injection
Image File Execution Options Injection Description from ATT&CK Adversaries may establish persistence and/or elevate privileges by executing malicious
shellcode injector
What is Process Injection? It is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of
Encrypted shellcode injector with basic virtual machine evasion using C++
C++ PE Injector Overview Fully undetectable shellcode injector written in C++ with customizable XOR payload encryption/decryption and basic antivirus
Change applications UI labels by hook SetDlgItemTextW(...) in user32.dll.
UI-Injection-Text Change applications UI labels by hook SetDlgItemTextW(...) in user32.dll.
A simple utility that cold patches dwm (uDWM.dll) in order to disable window rounded corners in Windows 11
Win11DisableRoundedCorners A simple utility that cold patches the Desktop Window Manager (uDWM.dll) in order to disable window rounded corners in Wind
A DLL that fixes some stuff on Fortnite OT 6.5. Originally based on Alphaium by Cyuubi
How to use Compile as x86 because alpha is 32 bit Setup the responses Inject while in the login screen Wait for the console to tell you to login Respo
Skin changer for League of Legends (LOL)
R3nzSkin R3nzSkin is internal skin changer for League of Legends. Change the skin of your champion and other champions in the game. Automatic skins da
A DLL that serves OutputDebugString content over a TCP connection
RemoteDebugView A DLL that serves OutputDebugString content over a TCP connection Usage You will need to compile the DLL and then call the exported fu
A Simple LSASS Credential Injection Tool
CredInject Hello Dear Reader! Welcome to the CredInject repo -- This project is based on HoneyCred and uses the same method to inject credentials into
Section Mapping Process Injection (secinject): Cobalt Strike BOF
Section Mapping Process Injection (secinject): Cobalt Strike BOF Beacon Object File (BOF) that leverages Native APIs to achieve process injection thro
Beacon.dll reverse
beacon实现 最近闲来无事,正好WBGIII大佬逆向了beacon,我觉得站在巨人的肩膀上干事情比较快,索性就拿着beacon分析了一波,这次patch修源码,让其适配64位还是学到了不少东西的。 具体链接 https://github.com/WBGlIl/Beacon_re 建议先下载一份源
New lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking code execution.
BOF - Lateral movement technique by abusing Windows Perception Simulation Service to achieve DLL hijacking ServiceMove is a POC code for an interestin
Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environment strings without touching any DLL's.
Cobalt Strike "Where Am I?" Beacon Object File Cobalt Strike Beacon Object File (BOF) that uses handwritten shellcode to return the process Environmen
EarlyBird: a poc of using the tech with syscalls on powershell.exe
EarlyBird: a poc of using the tech with syscalls on powershell.exe injecting cobalt strike shellcode to powershell.exe using EarlyBird Tech USAGE: fir
Automatically inject a DLL into the selected process with VAC3 bypass.
FTP LOADER Automatically inject a DLL into the selected process with VAC3 bypass. This will only, most likely, work only with source engine games in s
Wrapper DLL for NieR Automata (PC ver.) to disable LODs & fix AO issues
NieRAutomata-LodMod An XInput/DXGI wrapper DLL that hooks into NieR Automata (Steam ver.) and disables object LODs, improving visual quality & fixing
Evasive shellcode loader for bypassing event-based injection detection (PoC)
(cleaned up version here: https://github.com/xinbailu/DripLoader-Ops) DripLoader (PoC) Evasive shellcode loader for bypassing event-based injection de
An implementation of a Windows loader that can load dynamic-linked libraries (DLLs) directly from memory
memory-module-loader memory-module-loader is an implementation of a Windows loader that can load dynamic-link libraries (DLLs) directly from memory. T
Code Injection via Memory Mapped Files
MMFCodeInjection This technique leverages File Mapping and APC(s) to execute shellcode into another process. By leveraging file mapping we would not h
🎮 Plants vs. Zombies multiplayer battle, developed via reverse engineering, inline hook and dynamic-link library injection. Two online players defend and attack as the plant side and zombie side respectively.
Plants vs. Zombies Online Battle This project has two original repositories: https://github.com/czs108/Plants-vs.-Zombies-Online-Battle https://github
Collection of DLL function export forwards for DLL export function proxying
dll-exports Collection of DLL function export forwards for DLL export function proxying. Typical usecase is for backdooring applications for persisten
超轻量级图像中文识别组件 chineseocr_lite 的 DLL 版本,用于 aardio 扩展库,适用于任何支持DLL的语言。
chineseocr_lite_dll 超轻量级图像中文识别组件 chineseocr_lite 的 DLL 版本,用于 aardio 扩展库,适用于任何支持DLL的语言。 感谢 xuncv/chineseocrlite-aardio 提供的 chineseocrlite-aardio 扩展库,让我
Cobalt Strike BOF - Bypass AMSI in a remote process with code injection.
Cobalt Strike BOF - Inject AMSI Bypass Cobalt Strike Beacon Object File (BOF) that bypasses AMSI in a remote process with code injection. Running inje
FUD shellcode Injector
EVA fully undetectable injector Update on Monday, July 12 : USE EVA2 INSTEAD . [+] antiscan.me YOUR MOM IS A -BITCH- IF YOU UPLOADED THIS TO ANY WEBSI
Another version of EVA using anti-debugging techs && using Syscalls
EVA2 Another version of EVA using anti-debugging techs && using Syscalls First thing: Dont Upload to virus total. this note is for you and not for me.
Code Injection, Inject malicious payload via pagetables pml4.
PageTableInjection Code Injection, Inject malicious payload via pagetables pml4. Introduction This is just a proof-of-concept of the page table inject
stackwalkerc - Windows single header stack walker in C (DbgHelp.DLL)
stackwalkerc - Windows single header stack walker in C (DbgHelp.DLL) Features Can be used in C or C++ code Super simple API Single header library make
x64 Windows kernel driver mapper, inject unsigned driver using anycall
anymapper x64 Windows kernel driver mapper, inject unsigned driver using anycall This project is WIP. Todo Fix: Can't make API calls from IAT nor func
汇总了目前可以找到的所有的进程注入的方式,完成了x86/x64下的测试
Process-Injection 目前网上进程注入的文章很多,但是代码质量参差不齐,很多还只有x86下的代码,同时对于进程注入的探讨大多停留在各种注入手法上,缺少系列的汇总性的研究文章,故想要在本项目中汇总所有可以接触到的进程注入的手法,自行研究复现总结成文章,同时会将调试好的可执行的代码贴出,完
Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted file
Process Ghosting This is my implementation of the technique presented by Gabriel Landau: https://www.elastic.co/blog/process-ghosting-a-new-executable
Portal 2/Portal Reloaded internal cheat sdk with imgui-based menu
portal2-internal A simple Portal 2/Portal Reloaded internal cheat base with imgui-based menu coded in a few days because why not Features: simple menu
Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
Transacted Hollowing Transacted Hollowing - a PE injection technique. A hybrid between Process Hollowing and Process Doppelgänging. More info here Cha
Inject dll to explorer.exe and hide file from process.
Hide-FS Inject dll to explorer.exe and hide file from process. Requierments: Microsoft Detours Library - https://github.com/microsoft/Detours Compile:
Concept of Dynamic Application
Concept of Dynamic Application This is a basic concept of dynamic software that supports plug-in feature. More information coming soon... Dynamic-Appl
Manual map shellcode (aka byte array) injector
ShellJector This little tool can download DLL from the internet and inject it as shellcode (aka byte array) into process with manual map injection. Th
OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
offensiveph OffensivePH is a post-exploitation tool that utilizes an old Process Hacker driver to bypass several user-mode access controls. Usage Comp
A small proxy DLL which enables dev. console in Mass Effect 1, 2 and 3 (Legendary Edition).
LEBinkProxy A small proxy DLL which enables dev. console in Mass Effect 1, 2 and 3 (Legendary Edition). Usage In your game binary directory (Game\ME?\
CrashLogger - A dll injected into process to dump stack when crashing.
CrashLogger A dll injected into process to dump stack when crashing
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
TiEtwAgent - ETW-based process injection detection This project was created to research, build and test different memory injection detection use cases
Threat Emulation and Red Teaming Framework, The Hacking Software for normal people.
The Remote Hacker Probe is a Threat Emulation and Red Teaming Framework built to be easy to use. The Remote Hacker Probe is Feature Rich! Including, K
featured cs:go internal hack, one file and less than 1000 lines.
singlefile This is a featured CS:GO internal cheat written in less than 1000 lines, and in one C++ file. I encourage you to submit feature suggestions
a undetectable tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our qqgroup is 703156427
a undetectable ios root access tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our
A program that allows you to hide certain windows when sharing your full screen
Invisiwind Invisiwind (short for Invisible Window) is an application that allows you to hide certain windows when sharing your full screen.
Linux x86_64 Process Injection Utility | Manipulate Processes With Customized Payloads (beta)
K55 - Linux x86_64 Process Injection Utility (C++11) About K55 (pronounced: "kay fifty-five") The K55 payload injection tool is used for injecting x86
Hijack Printconfig.dll to execute shellcode
printjacker Printjacker is a post-exploitation tool that creates a persistence mechanism by overwriting Printconfig.dll with a shellcode injector. The
Beacon Object File (BOF) for remote process injection via thread hijacking
cThreadHijack ___________.__ .______ ___ .__ __ __ ___\__ ___/| |_________ ____ _____
POCs for Shellcode Injection via Callbacks
Callback_Shellcode_Injection POCs for Shellcode Injection via Callbacks. Working APIs 1, EnumTimeFormatsA Works 2, EnumWindows Works 3, EnumD
🦘 A dependency injection container for C++11, C++14 and later
kangaru 🦘 Kangaru is an inversion of control container for C++11, C++14 and later. It provides many features to automate dependency injection and red
A C++ static library offering a clean and simple interface to the 7-zip DLLs.
bit7z A C++ static library offering a clean and simple interface to the 7-zip DLLs Supported Features • Getting Started • Download • Requirements • Bu