https://github.com/helyousfi/dll-injection-into-all-processes

This project demonstrates how to perform DLL (Dynamic Link Library) injection into all running processes on a Windows system. DLL injection is a technique used to run custom code within the address space of another process, allowing for various applications such as debugging, hooking, or even malicious activities.
https://github.com/helyousfi/dll-injection-into-all-processes

Last synced: 3 months ago
JSON representation

This project demonstrates how to perform DLL (Dynamic Link Library) injection into all running processes on a Windows system. DLL injection is a technique used to run custom code within the address space of another process, allowing for various applications such as debugging, hooking, or even malicious activities.

• Host: GitHub
• URL: https://github.com/helyousfi/dll-injection-into-all-processes
• Owner: helyousfi
• Created: 2024-08-07T17:29:46.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2024-08-11T16:31:32.000Z (about 1 year ago)
• Last Synced: 2025-04-01T04:41:29.266Z (6 months ago)
• Language: C++
• Homepage:
• Size: 379 KB
• Stars: 6
• Watchers: 3
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md

Awesome Lists containing this project

README

          
## Tools Needed 

- Process Hacker - to view running processes & modules.

- DebugView - to view debugging output from our driver.

- WinObj - to view kernel space objects.

- PEInternals - to statically view PE files.

- WERSetup - to set up Windows Error Reporting to catch user-mode process crashes.

- WinAPI Search - to check Imports/Exports from PE files and to search for error codes.

- Driver Loader/Unloaded - to register, start, stop and unregister our driver.

Kernel32.dll is a core Windows system file responsible for managing memory, input/output operations, and interrupts. It provides essential functions for processes and threads, file handling, and hardware abstraction. This dynamic link library is crucial for the execution of many system-level operations in the Windows operating system. \

Kernel32.dll contains numerous essential functions for system operations. Some examples include: \

- CreateFile: Opens or creates a file or I/O device.

- ReadFile: Reads data from a file or I/O device.

- WriteFile: Writes data to a file or I/O device.

- GetLastError: Retrieves the last error code generated by a function.

- VirtualAlloc: Reserves or commits a region of pages in the virtual address space of the calling process.

## What is a Driver?

- A driver is a software component that allows the operating system and a device to communicate with each other. Drivers are typically hardware-specific and operating-system-specific.

Types of Drivers:

- Kernel-mode drivers: Run in the operating system's kernel space and have high privileges. These are often used for hardware drivers.

- User-mode drivers: Run in user space and have limited privileges. These are generally easier and safer to develop.

![image](https://github.com/user-attachments/assets/b17ad23f-1ba3-4abd-97f8-3d9a173f47d2)