A simple .NET library for injecting native(PE) DLLs into other processes from managed processes. It uses named shared memory to make a byte[]
payload available to the remote process. It works by running LoadLibrary in the target process, resulting in dllmain()
in your DLL being called, where your injected code will be. There are important restrictions and best practices regarding code that runs in dllmain(), so caution is advised. Doubly so because you're running code in a foreign process you know nothing about.
It was written for simple, short-lived functions, such as the PATH injection used in Winston.
byte[] payload = Encoding.Unicode.GetBytes("some argument, struct, or other data");
// Synchronously waits for dllmain() to finish, then unloads the DLL
Injector.Inject(pid, dll32path, dll64path, "my shared memory name", payload);
- Copy the payload to shared memory
- Allocate memory in the target process
- Copy the path of the DLL to be injected into previously allocated memory
- Create a remote thread to execute LoadLibrary, passing a pointer to the above memory for its argument
- LoadLibrary calls the DLL's dllmain(), where your injected code runs
- Injector waits for code to finish then unloads the DLL