D
DioProcess

Shellcode Injection

DioProcess provides 3 shellcode injection methods for executing raw machine code in remote processes.

Dangerous Operation

Shellcode injection can execute arbitrary code in remote processes. Only use on systems you own or have explicit permission to test.

Available Methods

1. Classic

File-based

Read raw shellcode from a .bin file and inject using the standard technique.

Algorithm:
  1. OpenProcess with PROCESS_ALL_ACCESS
  2. VirtualAllocEx(PAGE_READWRITE) — allocate RW memory
  3. WriteProcessMemory — write shellcode bytes
  4. VirtualProtectEx(PAGE_EXECUTE_READWRITE) — make executable
  5. CreateRemoteThread at shellcode address
File: classic.rs
Functions: inject_shellcode_classic(), inject_shellcode_bytes()

2. Web Staging

URL Download

Download shellcode from a URL via WinInet, then inject using the classic technique. Useful for staged payloads.

Algorithm:
  1. InternetOpenW — initialize WinInet
  2. InternetOpenUrlW — open HTTP/HTTPS URL
  3. InternetReadFile — read in 1024-byte chunks
  4. Inject using classic technique
File: web_staging.rs
Function: inject_shellcode_url()

3. Threadless

Advanced

No CreateRemoteThread. Hooks an exported function with a CALL trampoline. Payload fires when the target process naturally calls the hooked function.

Algorithm:
  1. Find target function (e.g., USER32!MessageBoxW)
  2. Allocate "memory hole" within ±1.75 GB of target function
  3. Write 63-byte hook stub (saves registers, restores original bytes, calls payload, jumps back)
  4. Write main shellcode payload after stub
  5. Patch target function with 5-byte CALL trampoline
  6. Self-healing: hook restores original bytes after first execution
File: threadless.rs
Function: inject_shellcode_threadless()

Default Target

Default hook target is USER32!MessageBoxW. This can be customized in the UI to any exported function.

Usage

Access shellcode injection via the UI:

  1. Right-click on a process in the Process tab
  2. Navigate to Miscellaneous → Shellcode Injection
  3. Select the injection method:
    • Classic — file picker for .bin shellcode files
    • Web Staging — opens modal with URL input field
    • Threadless — opens modal with shellcode file picker + target DLL/function inputs

Method Comparison

MethodNew ThreadNetworkExecution
ClassicYesNoImmediate
Web StagingYesYesImmediate
ThreadlessNoNoOn function call