C# DLL Injection Library

[notquin]

Due to the lack of well documented C# sources, I decided to make my own injection library. It supports both x86 and x64 injection for all methods.

Currently, it supports the following methods
CreateRemoteThread
QueueUserAPC
SetThreadContext (Thread Hijack)

I will probably be adding more methods when I get the time, however, for now, It works as is.

The source code is hosted on ****** as well as the instructions on how to use it.

[notquin]

Due to the lack of well documented C# sources, I decided to make my own injection library. It supports both x86 and x64 injection for all methods.

Currently, it supports the following methods
CreateRemoteThread
QueueUserAPC
SetThreadContext (Thread Hijack)

I will probably be adding more methods when I get the time, however, for now, It works as is.

The source code is hosted on ****** as well as the instructions on how to use it.

- Added RtlCreateUserThread method

[notquin]

Due to the lack of well documented C# sources, I decided to make my own injection library. It supports both x86 and x64 injection for all methods.

Currently, it supports the following methods
CreateRemoteThread
QueueUserAPC
SetThreadContext (Thread Hijack)

I will probably be adding more methods when I get the time, however, for now, It works as is.

The source code is hosted on ****** as well as the instructions on how to use it.

- Added the ability to Erase PE Headers
- Added the ability to Randomise PE Headers

[MikeRohsoft]

very nice maybe u can add an optional second parameter for getting the memoryInformation as output variable, so People can even restore the PE Header if they want without changing anything. If you restore the PE Header u can unload your DLL with FreeLibraryAndExitThread((HMODULE)handle, 0); from the Injected DLL itself

[NewieX]

U can a manual map?

[Biesi]

Nice, go for manual mapping next. I can offer some C++ code for reference here

[brlala]

thanks for the share! i've been needing this for awhile

[notquin]

As per request, I will probably be implementing manual mapping for both architectures in the next few weeks/months once I finish up with my exams

[notquin]

In prep for any future updates I decided it was time to finally add unit tests

- Added unit tests for both x86 and x64 versions of the library

[critikal17]

Good clean code! Love it!

[Biesi]

You should start using Marshal.GetLastError() and SetLastError = true for your p/invokes

[notquin]

You should start using Marshal.GetLastError() and SetLastError = true for your p/invokes

I do use them I'm debugging new code. However, there's no point leaving them in the library as the return value of each method is a boolean, not a windows error code.

[Biesi]

I do use them I'm debugging new code. However, there's no point leaving them in the library as the return value of each method is a boolean, not a windows error code.

There is a point. If you throw a Win32Exception the framework will put a useful error message to your error. So the user will get a "0x5 Access denied" instead of a generic "operation failed".

[notquin]

Due to the lack of well documented C# sources, I decided to make my own injection library. It supports both x86 and x64 injection for all methods.

Currently, it supports the following methods
CreateRemoteThread
QueueUserAPC
SetThreadContext (Thread Hijack)

I will probably be adding more methods when I get the time, however, for now, It works as is.

The source code is hosted on ****** as well as the instructions on how to use it.

I finally got aroud to writing a manual mapping method. Currently, the library only supports x86 manual mapping as there are some arithmetic issues I need to fix for x64 which I hope to have fixed sometime in the future.

I apologise in advance for the code if your looking at the source, It has been a long couple of days writing this in-between exams but I will definitely clean it up to my usual standard in the near future.

- - - Updated - - -

Also a word of warning, I was unable to test mapping Tls entries because I didn't have any DLL's on hand that utilised the Tls Directory

[notquin]

The library is now available as a NuGet package to make installation much easier