https://github.com/xan105/node-remote-thread
NAPI Native addon for Windows DLL injection with support for Wow64 and Unicode path
https://github.com/xan105/node-remote-thread
createremotethread dll-injection kernel32 loadlibraryw napi nodejs unicode windows wow64
Last synced: about 2 months ago
JSON representation
NAPI Native addon for Windows DLL injection with support for Wow64 and Unicode path
- Host: GitHub
- URL: https://github.com/xan105/node-remote-thread
- Owner: xan105
- License: mit
- Created: 2024-10-18T02:10:51.000Z (7 months ago)
- Default Branch: main
- Last Pushed: 2024-11-17T12:46:27.000Z (6 months ago)
- Last Synced: 2025-03-24T22:51:12.251Z (2 months ago)
- Topics: createremotethread, dll-injection, kernel32, loadlibraryw, napi, nodejs, unicode, windows, wow64
- Language: C++
- Homepage:
- Size: 239 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
About
=====
NAPI Native addon for Windows DLL injection with support for Wow64 and Unicode path.
This is a simple injector using the classic `createRemoteThread()` + `LoadLibrary()` from `Kernel32` combo.
- x64 injector
+ can inject x64 DLL into x64 processes.
+ can inject x86 DLL into x86 processes (Wow64).
- x86 injector
+ can inject x86 DLL into x86 processes.
- ARM64 injector (Untested)
+ *should* inject ARM64 DLL into ARM64 processes.
π¦ Scoped `@xan105` packages are for my own personal use but feel free to use them.
Example
=======
```js
import { spawn } from "node:child_process";
import { dirname } from "node:path";
import { createRemoteThread } from "@xan105/remote-thread";
const EXECUTABLE = "G:\\foo\\bar.exe";
const ADDON = "G:\\foo\\δΊΊε.dll";
const binary = spawn(EXECUTABLE, [], {
cwd: dirname(EXECUTABLE),
stdio:[ "ignore", "ignore", "ignore" ],
detached: true
});
binary.once("error", (err) => {
console.error(err);
});
binary.once("spawn", () => {
binary.unref();
//DLL Injection
createRemoteThread(binary.pid, ADDON);
});
```
Installation
============
```
npm install @xan105/remote-thread
```
π x86, x64 and ARM64 prebuilt binary provided.
Force compiling:
```
npm install @xan105/remote-thread --build-from-source
```
You will need C/C++ build tools and Python 3.x (node-gyp) to build this module.
> [!IMPORTANT]
> This package doesn't have any installation restrictions in its package.json file to facilitate multi-platform development; however, it is designed to work only on Windows with x86/x64 architecture. ARM64 is untested.
API
===
β οΈ This module is only available as an ECMAScript module (ESM).
## Named export
#### `createRemoteThread(pid: string, filePath: string): void`
Injects the specified DLL located at _filePath_ into the process identified by the given _pid_.
β This function will throw if you are not running on Windows x86/x64.
β This function will throw on unexpected error.