BytecodeApi.Penetration
February 14, 2026 ยท View on GitHub
Basic implementations of certain penetration testing routines, such as code injection.
Examples
BytecodeApi.Penetration
Shellcode
The Shellcode class handles compiled assembly that is typically position independent.
byte[] compiledInstructions = ...;
Shellcode.Execute(compiledInstructions);
To extract the code section from an executable file, use ExtractFromExecutable:
byte[] exeFile = File.ReadAllBytes(@"C:\Windows\explorer.exe");
byte[] textSection = Shellcode.ExtractFromExecutable(exeFile);
DllInjection
To inject a running process with a DLL, use DllInjection.Inject:
using Process process = Process.GetProcessesByName("explorer")[0];
DllInjection.Inject(process, @"C:\path\to\library.dll");
ExecutableInjection
To perform process hollowing, use the RunPE method. An optional parameter enables parent process spoofing.
byte[] exeFile = ...;
int spoofedParentProcessId = ...;
ExecutableInjection.RunPE(@"C:\Windows\System32\svchost.exe", null, exeFile, spoofedParentProcessId);
To load and invoke a .NET executable, use ExecuteDotNetAssembly:
byte[] dotNetExecutable = ...;
ExecutableInjection.ExecuteDotNetAssembly(dotNetExecutable, new[] { "arg1", "arg2" });
Changelog
5.0.0 (15.02.2026)
- change: Targeting .NET 10.0
4.0.0 (15.09.2025)
- change: Targeting .NET 9.0
3.0.0 (08.09.2023)
- Initial release