https://github.com/dumitory-dev/dll-injector
This simple injector is for injecting DLL into processes.
https://github.com/dumitory-dev/dll-injector
c dll-injection injection
Last synced: 9 months ago
JSON representation
This simple injector is for injecting DLL into processes.
- Host: GitHub
- URL: https://github.com/dumitory-dev/dll-injector
- Owner: dumitory-dev
- License: mit
- Created: 2020-09-23T09:17:13.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-09-24T08:57:57.000Z (over 5 years ago)
- Last Synced: 2025-07-04T00:37:01.176Z (11 months ago)
- Topics: c, dll-injection, injection
- Language: C
- Homepage:
- Size: 35.2 KB
- Stars: 5
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Simple DLL Injector
### Appointment
This simple injector is for injecting DLL into processes.
### Functionality
1. Checking administrator rights. (If the process has administrator rights, then the rights are set. It is also possible to use an injector without administrator rights (then DLL injection will be possible only in the processes of the current session)).
2. X64 injector can inject DLL into X64 and X86 processes.
3. X86 injector can inject DLL into X86 processes.
### Implementation details
The injector uses the offset of the virtual address to find the Wow64 address of the LoadLibrary function.
- Approximate order of actions:
- 64 bit Injector retrieves address of kernel32.dll loaded by 32 bit target using EnumProcessModulesEx().
- Get filename of that kernel32.dll, parse the PE header and get the RVA of LoadLibraryA.
- At this point, we know where kernel32.dll is loaded in the 32 bit target and the address of the function from this DLL.
- 64 bit Injector starts remote thread in 32 bit target with ImageBase + Function RVA.
Supported OS: Win7 - Win10 x86 x64
# Using
``` c++
#include
#include
#include
using inject_func = BOOL(__cdecl*)(char const* dllPath, DWORD pid);
using error_func = DWORD(__cdecl*)();
int main() {
try
{
std::unique_ptr const p_library
{
::LoadLibrary(TEXT("Injector.dll")),
::FreeLibrary
};
if (!p_library)
{
return EXIT_FAILURE;
}
auto const inject = reinterpret_cast(::GetProcAddress(p_library.get(), "inject"));
auto const get_error = reinterpret_cast(::GetProcAddress(p_library.get(), "getError"));
if(!inject || !get_error)
{
return EXIT_FAILURE;
}
if (!inject("path_to_dll", 0))
{
std::cerr << get_error() << std::endl;
return EXIT_FAILURE;
}
}
catch (std::exception const& error)
{
std::cerr << error.what() << std::endl;
}
}
```
# License
Injector is licensed under the MIT License. Dependencies are under their respective licenses.