injectum 0.1.2

Overview

Injectum is a modular, type-safe Rust library for process injection in Rust. It abstracts away the headache of platform-specific implementations so you can focus on the strategy.

Think of it as the "Lego set" for offensive tradecraft: it provides a structured interface for executing various injection strategies (mapped to MITRE ATT&CK T1055 techniques) while handling memory allocation, permission juggling, and thread creation safely.

Why Injectum?

🛡️ OpSec-Conscious: We don't promise invisibility (nothing can), but we default to the stealthiest known patterns and minimize artifacts to give you the best fighting chance against modern EDRs.
🦀 Memory Safety: Built on Rust to prevent crashes in your loader, because a crashed loader is a detected loader.
🧩 Modular Architecture: Swap injection techniques (T1055.xxx) dynamically without rewriting your core logic.
🚀 Developer Experience: A fluent, type-safe Builder API that catches errors at compile time, not runtime.

Architecture

The library is built around a unidirectional data flow: Builder $\to$ Configuration $\to$ Factory $\to$ Execution.

1. The Builder Pattern

The primary entry point is the InjectorBuilder. It provides a fluent interface to construct an immutable injection configuration, ensuring all components (Strategy, Payload, Target) are valid before execution.

Initialization: InjectorBuilder::new() starts the chain.
Validation: The build() method enforces the presence of a strategy and payload.
Execution: The builder allows immediate execution via .execute().

2. Payload & Metadata

Payloads are strongly typed via the Payload enum to prevent misuse.

Variants: Supports Shellcode, DllFile, Executable, Script, and generic Blob.
Metadata: Every payload includes PayloadMetadata for OpSec tracking (origin, description) and safety checks (e.g., safe_sample flag).

3. Target Abstraction

The Target enum abstracts the destination.

PID: Targets a specific process ID (Target::Pid(u32)).
None: For self-injection or strategies that spawn their own targets (Target::None).

4. Strategy Factory

Strategies are instantiated at runtime based on the StrategyType.

Feature Gating: Strategies are gated by Cargo features (e.g., feature = "T1055_001") to minimize binary size.
Resolution: The Factory matches the requested technique to its concrete implementation.

5. The Execution Engine

The Injector serves as the stateless runner.

Pre-flight Checks: Validates compatibility (e.g., does the strategy require a PID?).
Error Propagation: Returns Result<(), InjectumError> for granular error handling.

How It Works

Basic Usage with `Injector`

use injectum::{Injector, Payload, PayloadMetadata, StrategyType, Target, Technique};
use std::path::PathBuf;

fn main() {
    // 1. Define the payload
    let payload = Payload::DllFile {
        path: Some(PathBuf::from("C:\\temp\\payload.dll")),
        image: None,
         meta: PayloadMetadata::default(),
    };
    
    // 2. Define the target
    let target = Target::Pid(1234);
    
    // 3. Select the strategy (T1055.001 -> "DLLInjection")
    let strategy = StrategyType::new(Technique::T1055_001, Some("DLLInjection"));

    // 4. Run
    match Injector::run(strategy, &payload, &target) {
        Ok(_) => println!("Injection succeeded."),
        Err(e) => eprintln!("Injection failed: {:?}", e),
    }
}

Using the Builder API

use injectum::{InjectorBuilder, Payload, PayloadMetadata, StrategyType, Target, Technique};

fn main() {
    let payload = Payload::DllFile {
        path: Some(PathBuf::from("C:\\temp\\payload.dll")),
        image: None, 
        meta: PayloadMetadata {
            description: Some("Production Payload".into()),
            safe_sample: false,
            ..Default::default()
        }
    };

    let result = InjectorBuilder::new()
        .strategy(StrategyType::new(Technique::T1055_001, Some("DLLInjection")))
        .payload(payload)
        .target(Target::Pid(1234))
        .execute();

    if let Err(e) = result {
        eprintln!("Injection failed: {:?}", e);
    }
}

Installation

Run the following Cargo command in your project directory:

cargo add injectum

Or add the following line to your Cargo.toml:

injectum = "0.1.0"

Build Instructions

Before building, please check the configuration file:

Open .cargo/config.toml.
Windows Users: Comment out the linker = "lld-link" line.
Linux Users: Ensure linker = "lld-link" is uncommented.

Native Windows

Requires the MSVC toolchain (Visual Studio Build Tools).

cargo build --release

Cross-Compilation from Linux

This library relies on the proprietary MSVC runtime libraries. The easiest way to compile from Linux is using cargo-xwin.

Install cargo-xwin:

cargo install cargo-xwin

Build with the MSVC target:

cargo xwin build --example T1055_001_DLL_Injection --features "tracing,T1055_001" --release

Roadmap - MITRE ATT&CK Process Injection (T1055)

Injectum aims to provide a modular, feature‑gated implementation of the full set of process‑injection techniques referenced in the MITRE ATT&CK framework.

ID	Name	Status
T1055.001	Dynamic-link Library Injection	[x]
T1055.002	Portable Executable Injection	[ ]
T1055.003	Thread Execution Hijacking	[ ]
T1055.004	Asynchronous Procedure Call	[ ]
T1055.005	Thread Local Storage	[ ]
T1055.008	Ptrace System Calls	[ ]
T1055.009	Proc Memory	[ ]
T1055.011	Extra Window Memory Injection	[ ]
T1055.012	Process Hollowing	[ ]
T1055.013	Process Doppelgänging	[ ]
T1055.014	VDSO Hijacking	[ ]
T1055.015	ListPlanting	[ ]

Contributing

Contributions are welcome!

Adding new injection strategies
Writing comprehensive tests
Benchmarking performance

Ensure your code is properly formatted:

cargo fmt
cargo clippy

Supporting

Author: Skynõx

If you'd like to support the project, you can donate via the following addresses:

Bitcoin	bc1q87r2z8szxwqt538edzw5gl397c9v3hzxwjw82h
Ethereum	0xe277049067F72E89326c2C0D11333531d5BbB78B