Lib.rs

Operating systemsUnix APIs | Windows APIs
#dll #injector #dll-injection #no-std #windows

no-std inject-lib

A windows dll injection library written in rust with minimal dependencies

by C0D3 M4513R

10 unstable releases (3 breaking)

0.3.3 Dec 23, 2022
0.3.2 Sep 2, 2022
0.3.1 Aug 21, 2022
0.3.0 Jul 26, 2022
0.0.4 Mar 29, 2022

#81 in Windows APIs

LGPL-2.1-only OR MIT

135KB
2.5K SLoC

inject-lib

This library(will later be a crate) exists, to inject a dll into a windows process. This injector currently supports injecting from x64 into x86 and x64, and injecting from x86 into x86 (and x64 [if compiled with correct features]).

Todos

  • Find a good name
  • Make the injector work also on x86->x64
  • Get reliable exit codes/Redo error system.
  • Rework the outfacing api, to allow more control.
  • Use std::os::windows::process::OwnedHandle when stable

lib.rs:

This Crate Provides functionality, for injecting dlls into other processes. Most of the crate is right now accessible through the [Injector] class.

You will need to provide a pid, and a dll to inject. This crate will do the rest for you.

The main focus will always be on performing the injection reliable. If you care about injecting into a 64 bit application whilst needing to compile this library under 32 bits, you will want to enable the "x86tox64" feature. Be aware, that that feature uses "unofficial" api's located in ntdll.dll. Compatibility is technically not guaranteed by windows.

If you have any suggestions, on improving the outfacing api of this crate create an issue, or pr. I am not sure yet, if I like this design.

Linux support will probably not come. It is insanely hard and platform specific, because

  1. we would need to write raw machinecode/shellcode to the target process.
  2. which then has the necessary code to load the .so
  3. we need to somehow redirect the target program's execution, to execute our code
  4. we need to do that, without somehow disrupting ANY of the program's code
  5. we need to return the EXACT state before we did anything, because the other program may need that

If this library is supposed to be helpful I'd want to not require to run it as root. Unfortunately some steps involve calling ptrace. Access to the command is restricted, if you are not the parent process of the process you are trying to trace. These requirements would mean, that we can only inject so files to processes, that the program this library itself created.

Dependencies

~0.6–1.1MB
~17K SLoC