citydrifter (10-24-2018),critikal17 (11-14-2018),MikeRohsoft (10-13-2018)
Due to the lack of well documented C# sources, I decided to make my own injection library. It supports both x86 and x64 injection for all methods.
Currently, it supports the following methods
CreateRemoteThread
QueueUserAPC
SetThreadContext (Thread Hijack)
I will probably be adding more methods when I get the time, however, for now, It works as is.
The source code is hosted on ****** as well as the instructions on how to use it.
citydrifter (10-24-2018),critikal17 (11-14-2018),MikeRohsoft (10-13-2018)
very nice maybe u can add an optional second parameter for getting the memoryInformation as output variable, so People can even restore the PE Header if they want without changing anything. If you restore the PE Header u can unload your DLL with FreeLibraryAndExitThread((HMODULE)handle, 0); from the Injected DLL itself
Nice, go for manual mapping next. I can offer some C++ code for reference here
thanks for the share! i've been needing this for awhile
As per request, I will probably be implementing manual mapping for both architectures in the next few weeks/months once I finish up with my exams
In prep for any future updates I decided it was time to finally add unit tests
- Added unit tests for both x86 and x64 versions of the library
Good clean code! Love it!
You should start using Marshal.GetLastError() and SetLastError = true for your p/invokes
I finally got aroud to writing a manual mapping method. Currently, the library only supports x86 manual mapping as there are some arithmetic issues I need to fix for x64 which I hope to have fixed sometime in the future.
I apologise in advance for the code if your looking at the source, It has been a long couple of days writing this in-between exams but I will definitely clean it up to my usual standard in the near future.
- - - Updated - - -
Also a word of warning, I was unable to test mapping Tls entries because I didn't have any DLL's on hand that utilised the Tls Directory
Last edited by notquin; 11-21-2018 at 03:20 AM.
The library is now available as a NuGet package to make installation much easier