sRDI - Shellcode Reflective DLL Injector.

sRDI – Shellcode Reflective DLL Injector.

sRDI is a Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode.

sRDI allows for the conversion of DLL files to position independent shellcode.

unctionality is accomplished via two components:
– C project which compiles a PE loader implementation (RDI) to shellcode
– Conversion code which attaches the DLL, RDI, and user data together with a bootstrap

This project is comprised of the following elements:
+ ShellcodeRDI: Compiles shellcode for the DLL loader
+ NativeLoader: Converts DLL to shellcode if neccesarry, then injects into memory
+ DotNetLoader: C# implementation of NativeLoader
+ Python\ConvertToShellcode.py: Convert DLL to shellcode in place
+ Python\EncodeBlobs.py: Encodes compiled sRDI blobs for static embedding
+ PowerShell\ConvertTo-Shellcode.ps1: Convert DLL to shellcode in place
+ FunctionTest: Imports sRDI C function for debug testing
+ TestDLL: Example DLL that includes two exported functions for call on Load and after

sRDI

Building:
This project is built using Visual Studio 2015 (v140) and Windows SDK 8.1. The python script is written using Python 3.
The Python and Powershell scripts are located at:
+ Python\ConvertToShellcode.py
+ PowerShell\ConvertTo-Shellcode.ps1

After building the project, the other binaries will be located at:
– bin\NativeLoader.exe
– bin\DotNetLoader.exe
– bin\TestDLL_.dll
– bin\ShellcodeRDI_.bin

The DLL does not need to be compiled with RDI, however the technique is cross compatiable.

Use and download:

Source: https://github.com/monoxgas