DbgNexum — shellcode injection using the Windows Debugging API

🧩 DbgNexum — shellcode injection using the Windows Debugging API

A proof‑of‑concept tool for injecting shellcode into a Windows process using the Debugging API and shared memory. Instead of writing directly into the target process's memory, it manipulates thread context and handles exceptions, which can help evade detection by common injection-detection mechanisms.

📍 Uses CreateFileMapping and MapViewOfFile instead of WriteProcessMemory / VirtualAllocEx 📍 Doesn't call ReadProcessMemory; instead, it extracts data from thread context 📍Controls execution via a hardware breakpoint and a WinAPI call chain inside the target process 📍Works with XOR‑encoded shellcode embedded via shellcode.h

Compared to traditional injectors (e.g., ProcessHollowing or EarlyBird APC Injection), DbgNexum avoids direct memory writes, which may reduce detection likelihood, but it also requires debug privileges and more complex execution orchestration.

📎 PoC: https://github.com/dis0rder0x00/DbgNexum

💬 Discuss