Wazzzuuuup.
Been working on this for a while now. It's a .NET library with various injection methods which make it very straightforward to make your own injectors/loaders. It even includes a public Manual Map injection method.
Although the source is in C#, the compiled library is usable in both VB.NET and C#, depending on your language preferences. I have included both the raw binary as well as the project folder in the attachments to this post.
The source is fairly documented, but I get lazy so there may be sections that you'll need to work out for yourself when looking into the source. The project targets .NET 2.0, so there should be no compatibility issues with projects you want to make.
To use the library, simply create a new .NET project and add the library as a project reference. (Project >> Add Reference >> Browse >> Locate DLL)
I've implemented this library using a factory pattern, so using the various different injection methods are very straightforward. All the various types of injection inherit from the base "InjectionMethod" class, which implements two different methods for injecting.
Both of these methods have various overloads but the key point is that each method can either inject from a PortableExecutable object, or from a file location. A PortableExecutable object can be created in-memory, or from a file location. This means that when using ManualMap injection, it's possible to inject a DLL without it ever touching the harddisk during the injection process. Standard/ThreadHijack methods both call LoadLibrary, so even if you pass a PortableExecutable object to these injection methods, the module will be written to disk in a random location.Code:Inject(...) // inject a single module or InjectAll(...) // inject a range of modules
The two main namespaces you'll likely refer to are going to be
Example 1: Using the creation factory to make an injection methodCode:C# using InjectionLibrary; using JLibrary.PortableExecutable; VB.NET Imports InjectionLibrary Imports JLibrary.PortableExecutable
Example 2: Super-stealthy injection from resources.Code:C# - InjectionMethod injector = InjectionMethod.Create(InjectionMethodType.ManualMap); VB.NET - Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap)
Virus ScansCode:C# - var injector = InjectionMethod.Create(InjectionMethodType.ManualMap); var processId = Process.GetProcessesByName("engine")[0].Id; var hModule = IntPtr.Zero; using (var img = new PortableExecutable(Properties.Resources.TestDll)) hModule = injector.Inject(img, processId); if (hModule != IntPtr.Zero) { // injection was successful } else { // injection failed if (injector.GetLastError() != null) MessageBox.Show(injector.GetLastError().Message); } VB.NET - Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap) Dim processId As Integer = Process.GetProcessesByName("engine")(0).Id Dim hModule As IntPtr = IntPtr.Zero Using img As New PortableExecutable(My.Resources.TestDll) hModule = injector.Inject(img, processId) End Using If hModule <> IntPtr.Zero ' injection successful Else ' injection failed If injector.GetLastError() IsNot Nothing MessageBox.Show(injector.GetLastError().Message) End If End If
Binary:
[x][x]
Source:
[x][x]
That's about the crux of it, the injector is on x86 compatible, meaning you won't be able to inject into x64 processes, but that shouldn't be too much of an issue. If you have any other questions about using the library, just ask in the thread.
The library is released under the GNU GPL, so you're free to use the library however you wish, I'm not responsible for whatever you make with it though, and I ask for a mention if you release an injector/loader using my library, nothing fancy just an acknowledgement of my work.
Cheers,
Jason