Mshikaki is a shellcode injection tool designed to showcase various process injection techniques. It currently supports the QueueUserAPC() injection technique.
- QueueUserAPC() Injection: This technique is used to inject shellcode into a running process, providing a method to execute arbitrary code.
- XOR Encryption Support: Enhance the stealthiness of your shellcode by encrypting it with XOR, making detection even more challenging.
- Clone the repository:
git clone https://github.com/trevorsaudi/Mshikaki.git- Compile the cpp source code:
- compile on windows using cl.exe or your preffered compiler. Note that cl.exe is only available if you have installed the Developer Command Prompt for VS or the Microsoft Visual C++ Build Tools
cl /EHsc Mshikaki.cpp /link /SUBSYSTEM:CONSOLE 
- Prepare your shellcode and, if desired, encrypt it using XOR.
- The shellcode file should contain hex formatted shellcode as shown below.
- Execute the tool with the necessary arguments:
Mshikaki.exe -i <path_to_shellcode> Mshikaki.exe -i <path_to_shellcode> -p <process_name>
- Example with encrypted shellcode
- Language: The tool is written in C++.
- Injection Technique: Mshikaki uses the QueueUserAPC() function, a native Windows API, for shellcode injection.
- Encryption: The tool supports XOR encryption to obfuscate the shellcode, making it harder for antimalware solutions to detect.
- Contributions to the Mshikaki project are welcome! If you have improvements, bug fixes, or new features to suggest, please create a pull request or open an issue on the GitHub repository.