BytecodeApi.Penetration

February 14, 2026 ยท View on GitHub

Basic implementations of certain penetration testing routines, such as code injection.

Examples

BytecodeApi.Penetration

Shellcode

The Shellcode class handles compiled assembly that is typically position independent.

byte[] compiledInstructions = ...;
Shellcode.Execute(compiledInstructions);

To extract the code section from an executable file, use ExtractFromExecutable:

byte[] exeFile = File.ReadAllBytes(@"C:\Windows\explorer.exe");
byte[] textSection = Shellcode.ExtractFromExecutable(exeFile);
DllInjection

To inject a running process with a DLL, use DllInjection.Inject:

using Process process = Process.GetProcessesByName("explorer")[0];
DllInjection.Inject(process, @"C:\path\to\library.dll");
ExecutableInjection

To perform process hollowing, use the RunPE method. An optional parameter enables parent process spoofing.

byte[] exeFile = ...;
int spoofedParentProcessId = ...;
ExecutableInjection.RunPE(@"C:\Windows\System32\svchost.exe", null, exeFile, spoofedParentProcessId);

To load and invoke a .NET executable, use ExecuteDotNetAssembly:

byte[] dotNetExecutable = ...;
ExecutableInjection.ExecuteDotNetAssembly(dotNetExecutable, new[] { "arg1", "arg2" });

Changelog

5.0.0 (15.02.2026)

  • change: Targeting .NET 10.0

4.0.0 (15.09.2025)

  • change: Targeting .NET 9.0

3.0.0 (08.09.2023)

  • Initial release