Hello,
first of all, you have a nice and interesting project here. I have tested it with different calc.exe shellcodes, and the calculator always popped up. My testing also included using the original donut shellcode generator, and I noticed that there are some edrs that detect donut generated shellcodes with a yara rule or something. My guess as to why the shell code generated by InflativeLoading is not detected is that the donut is a lot more widely known. So maybe you can add some sort of polymorphism like https://github.com/cryptolok/MorphAES or Shikata ga nai encoding.
Hello,
first of all, you have a nice and interesting project here. I have tested it with different calc.exe shellcodes, and the calculator always popped up. My testing also included using the original donut shellcode generator, and I noticed that there are some edrs that detect donut generated shellcodes with a yara rule or something. My guess as to why the shell code generated by InflativeLoading is not detected is that the donut is a lot more widely known. So maybe you can add some sort of polymorphism like https://github.com/cryptolok/MorphAES or Shikata ga nai encoding.