# Shellcode Reflective DLL Injection¶

Shellcode reflective DLL injection $sRDI$ is a technique that allows converting a given DLL into a position independent shellcode that can then be injected using your favourite shellcode injection and execution technique. In this lab I wanted to try this technique as I think it is an amazing technique to have in your arsenal.

In this lab, I'm playing with the amazing https://github.com/monoxgas/sRDI written by monoxgas from Silent Break Security.

## Execution¶

Let's compile a simple x86 DLL - in my case, an odd DLL that pops 2 notepad processes when executed:

Convert the DLL into shellcode. We will get an array of shellcode bytes represented in decimal values:

$sc = ConvertTo-Shellcode \\VBOXSVR\Experiments\messagebox\messagebox\Debug\messagebox.dll  Let's convert them to hex: $sc2 = $sc | % { write-output ([System.String]::Format('{0:X2}',$_)) }


Join them all and print to a text file:

\$sc2 -join "" > shell.txt


Create a new binary file with the shellcode we got earlier:

In order to load and execute the shellcode, we will place it in the binary as a resource as described in my other lab Loading and Executing Shellcode From PE Resources:

Compile and run the binary. If the shellcode runs successfully, we should see two notepad.exe processes popup:

{% hint style="warning" %} The RWX memory blocks are not opsec safe, but this lab is not concerned about that. {% endhint %}

## References¶

{% embed url="https://github.com/monoxgas/sRDI/tree/master/PowerShell" %}