что такое manual map inject
Manual DLL injection
Manual DLL injection is a technique for stealth DLL injection. It works by copying the DLL image into target process’s address space. The injector then copy the loader code into target process’s address space, and then executed. The loader code perform relocations and resolve DLL imports for the DLL image. Finally, the loader code find for the DLL entry point, and then call it if found.
Since the DLL image is directly copied into target process’s address space, the injected DLL will not appear in the module list of PEB, thus making detection more difficult.
Usage: ManualInject [DLL name] [PID]
1) Open the DLL file (CreateFile)
2) Read the DLL into memory (ReadFile)
3) Validate the DLL image.
4) Open the target process (OpenProcess)
5) Allocate memory for the DLL and loader code in the target process (VirtualAllocEx)
6) Copy the DLL image into target process’s address space (WriteProcessMemory)
7) Copy the loader code into target process’s address space (WriteProcessMemory)
8) Create a remote thread to execute the loader code in target process’s address space (CreateRemoteThread)
9) Wait for the loader code to complete (WaitForSingleObject). The loader code perform relocations and resolve DLL imports for the image, and then call the entry point if found.
10) Free the loader code (VirtualFreeEx)
Attached Files
well conserding WriteProcessMemory, OpenProcess are very easily detected this isn’t stealth but gj.
A way to do this automatically?
you can use this concept in order to get a kernelmode manual dll mapper, so you can load an usermode DLL from a driver.
Manual DLL injection is a technique for stealth DLL injection. It works by copying the DLL image into target process’s address space. The injector then copy the loader code into target process’s address space, and then executed. The loader code perform relocations and resolve DLL imports for the DLL image. Finally, the loader code find for the DLL entry point, and then call it if found.
Great job on this injection!
Is there any way we can get this working for 64bit?
Yes, of course, this is also possible with 64 bit. But if I wanted to hide my rootkit DLL I let the standard loader load and initialize it
and then I copied the whole DLL image in allocated RWX memory. Then I accessed the PEB and renamed my module name to
something innocent looking based on the size of my dll name. Then I unloaded it. This way, it was not appearing in the
DLL lists and in the unloaded module list was existing solely an innocent looking well known DLL name, e.g. OLEAUT32.DLL.
You can find that DLL supplied by Microsoft in the \system32\ directory.
I claim that this is almost as good as manual mapping but way easier. but manual mapping leaves you with more options I guess.
Thanks to x64 RIP relative addressing it worked completely flawlessly for me.
TheCruZ / Simple-Manual-Map-Injector Go PK Goto Github PK
Simple C++ DLL Manual Map Injector For x86 and x64
License: MIT License
Simple-Manual-Map-Injector’s Introduction
Simple Manual Map Injector
Contributors
Stargazers
Watchers
Forkers
Simple-Manual-Map-Injector’s Issues
About DLL file size cannot be injected
I added a VMP, but it will prompt target process memory allocation failed (Ex) error. My DLL file size is about 5MB
CS:GO crashes when injecting
I tried to inject this simple DLL into CS:GO, but CS always crashes.
I ran it with Injector-x86.exe test.dll csgo.exe
SEH Exceptions
Have you considered adding SEH Exception support? I cannot use this, as without SEH Exceptions my DLL will instantly crash my target
Recommend Projects
A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
Recommend Topics
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
server
A server is a program made to process requests and deliver data to clients.
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Recently View Projects
Simple-Manual-Map-Injector
Simple C++ DLL Manual Map Injector For x86 and x64
mp-audio-toolchain
lux-project
tgtlg
a fork-clone of https://github.com/gautamajay52/torrentleech-gdrive, modified to work on heroku.
ProgrammingAssignment2
repository for programming assignment 2 for r programming on coursera.