Shellcode implementation of Reflective DLL Injection

Nytro · August 1, 2017

sRDI

Shellcode implementation of Reflective DLL Injection. Supports

sRDI allows for the conversion of DLL files to position independent shellcode. This is accomplished via two components:

C project which compiles a PE loader implementation (RDI) to shellcode
Conversion code which attaches the DLL, RDI, and user data together with a bootstrap

This project is comprised of the following elements:

ShellcodeRDI: Compiles shellcode for the DLL loader
NativeLoader: Converts DLL to shellcode if neccesarry, then injects into memory
DotNetLoader: C# implementation of NativeLoader
Python\ConvertToShellcode.py: Convert DLL to shellcode in place
PowerShell\ConvertTo-Shellcode.ps1: Convert DLL to shellcode in place
TestDLL: Example DLL that includes two exported functions for call on Load and after

Before use, I recommend you become familiar with Reflective DLL Injection and it's purpose.

from ShellcodeRDI import *

dll = open("TestDLL_x86.dll", 'rb').read()
shellcode = ConvertToShellcode(dll)

DotNetLoader.exe TestDLL_x64.dll

python ConvertToShellcode.py TestDLL_x64.dll
NativeLoader.exe TestDLL_x64.bin

Import-Module .\Invoke-Shellcode.ps1
Import-Module .\ConvertTo-Shellcode.ps1
Invoke-Shellcode -Shellcode (ConvertTo-Shellcode -File TestDLL_x64.dll)

This project is built using Visual Studio 2015 (v140) and Windows SDK 8.1. The python script is written using Python 3.

The Python and Powershell scripts are located at:

After building the project, the other binaries will be located at:

The basis of this project is derived from "Improved Reflective DLL Injection" from Dan Staples which itself is derived from the original project by Stephen Fewer.

The project framework for compiling C code as shellcode is taken from Mathew Graeber's reasearch "PIC_BindShell"

The PEFile project is used in the python script for parsing.

Olatunji09 · August 18, 2017

thank you