explaingit

adroxz1122/injected-host-enumeration

Analysis updated 2026-05-18

1CAudience · developerComplexity · 3/5Setup · moderate

TLDR

A Windows security research project demonstrating DLL injection using an RC4-encrypted, UUID-obfuscated payload embedded in the loader's resource section.

Mindmap

mindmap
  root((injected-host-enumeration))
    What it does
      DLL injection demo
      Payload obfuscation
      Resource embedding
    Techniques
      RC4 encryption
      UUID encoding
      Remote thread injection
    Build steps
      Compile DLL payload
      Encrypt and UUID-encode
      Embed resource
      Build loader
    Planned improvements
      Reflective in-memory load
      AES encryption
      C2 beacon output
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how remote thread DLL injection works at the Windows API level for security research or coursework.

USE CASE 2

Learn how RC4 encryption and UUID encoding can obfuscate a payload to avoid static signature scanning.

USE CASE 3

Use as a hands-on base for practicing Windows offensive security concepts on systems you own.

USE CASE 4

Follow the planned improvement notes to extend the project with in-memory loading or AES encryption.

What is it built with?

CWindows APIMinGW-w64RC4windres

How does it compare?

adroxz1122/injected-host-enumerationiamdaven/miraosloganw234/mercenaries2
Stars111
LanguageCCC
Setup difficultymoderatehardhard
Complexity3/55/55/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires MinGW-w64 or MSVC build tools and Windows SDK headers, must only be tested on systems you own or have permission to test.

In plain English

This is a Windows security research project, described in the README as for educational purposes only, that demonstrates how DLL injection works in practice. The code walks through a chain of techniques studied in offensive security courses: encrypting a payload DLL, encoding it as UUID strings inside an executable's resource section, and then decrypting and injecting it into a running process at runtime. The project has three stages. First, a DLL payload is compiled, and tools in the repository encrypt it with the RC4 cipher and convert the encrypted binary into a list of UUID-formatted strings that look like ordinary identifier values to a scanner. Second, those UUID strings are embedded inside the loader executable using a Windows resource script, so the final program carries everything it needs with no separate DLL file on disk. Third, when the loader runs, it reads the embedded resource, parses the UUID strings back into bytes, decrypts the DLL, writes it to a temporary file in the Windows TEMP directory, injects it into a target process (the default is Notepad), and then deletes the temporary file. The injection itself uses standard Windows API calls: the loader opens the target process, allocates memory inside it, writes a DLL path, and starts a thread in the remote process that calls LoadLibraryW, telling the operating system to load the DLL. The UUID encoding and RC4 encryption layer is there to prevent static signature-based scanners from recognizing the DLL by its raw bytes. The README includes a list of planned changes the author intends to make: loading the DLL directly into memory without writing to disk, replacing RC4 with AES encryption, and adding a network connection to send results to a remote server rather than writing to a local file. Building requires MinGW-w64 or MSVC, the standard Windows SDK headers, and a four-step compile sequence described in the README. The project must be used only on systems the user owns or has explicit permission to test.

Copy-paste prompts

Prompt 1
Walk me through each step of the build process for this DLL injection project on Windows using MSYS2 UCRT64.
Prompt 2
I want to change the injection target from notepad.exe to a different process. Which file do I edit and what do I change?
Prompt 3
I want to implement the reflective loader improvement in the README so the DLL never touches disk. How would I change loader.c to load the DLL directly into the target process's memory?
Prompt 4
How does the UUID obfuscation work at the byte level, and why does converting encrypted bytes into UUID strings help avoid detection by static scanners?
Prompt 5
I want to replace the RC4 encryption step with AES. Which file handles the encryption and how would I swap in an AES implementation?

Frequently asked questions

What is injected-host-enumeration?

A Windows security research project demonstrating DLL injection using an RC4-encrypted, UUID-obfuscated payload embedded in the loader's resource section.

What language is injected-host-enumeration written in?

Mainly C. The stack also includes C, Windows API, MinGW-w64.

How hard is injected-host-enumeration to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is injected-host-enumeration for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub adroxz1122 on gitmyhub

Verify against the repo before relying on details.