Shellcode & Thread Injection - O-LavenderAshburn/Knowledgebase_MalwareAnalysis GitHub Wiki
Shellcode
Shellcode is a small, malicious piece of code designed to be executed as part of an exploit. It is typically used to gain control of a compromised system, often by opening a shell (hence the name) or executing arbitrary commands.
Thread Injection
Used by malware to inject malicious code into a legitimate process and execute it as part of that process’s thread.
Key Differences
| Feature | Shellcode | Thread Injection |
|---|---|---|
| Definition | A small piece of malicious code | A technique for running malicious code inside another process's thread |
| Purpose | Executes commands, opens shells, or downloads payloads | Runs malware in a legitimate process for stealth |
| Execution | Injected into memory & executed directly | Injected into another process’s thread |
| Detection Evasion | Hardcoded in exploits, may be obfuscated | Hides inside legitimate processes to avoid detection |
| Common Use Cases | Exploits (buffer overflow, ROP, heap spraying) | Malware evasion (trojans, process hollowing, DLL injection) |