dll-syringe

CI crates.io Documentation dependency status MIT

A windows dll injection library written in Rust.

Supported scenarios

| Injector Process | Target Process | Supported? | | ---------------- | -------------- | ------------------------------------------ | | 32-bit | 32-bit | Yes | | 32-bit | 64-bit | No | | 64-bit | 32-bit | Yes (requires feature into-x86-from-x64) | | 64-bit | 64-bit | Yes |

Usage

Inject & Eject

The example below will inject and then eject injection_payload.dll into a process called "ExampleProcess".

```rust norun use dllsyringe::{Syringe, process::OwnedProcess};

// find target process by name let targetprocess = OwnedProcess::findfirstbyname("ExampleProcess").unwrap();

// create a new syringe for the target process let syringe = Syringe::forprocess(targetprocess);

// inject the payload into the target process let injectedpayload = syringe.inject("injectionpayload.dll").unwrap();

// do something else

// eject the payload from the target (optional) syringe.eject(injected_payload).unwrap(); ```

Calling Remote Procedures

This example performs the same injection as above, but will call the add function exported from the injected module.

The definition of the exported add function looks like this: ```rust no_run

[no_mangle]

pub extern "system" fn add(numbers: const (f64, f64), result: *mut f64) { unsafe { *result = (numbers).0 + (*numbers).1 } } ```

The code of the injector/caller will look like this: ```rust norun use dllsyringe::{Syringe, process::OwnedProcess};

// find target process by name let targetprocess = OwnedProcess::findfirstbyname("ExampleProcess").unwrap();

// create a new syringe for the target process let syringe = Syringe::forprocess(targetprocess);

// inject the payload into the target process let injectedpayload = syringe.inject("injectionpayload.dll").unwrap();

let result = syringe.getprocedure::<(f64, f64), f64>(injectedpayload, "add").unwrap().unwrap().call(&(2.0, 4.0)).unwrap(); println!("{}", result); // prints 6

// eject the payload from the target (optional) syringe.eject(injected_payload).unwrap(); ```

Note that currently only functions with a signature of extern "system" fn(args: *mut A, result: *mut B) -> () are supported. As the parameters are memcpy'd there can be problems if the injector and payload have different target architectures.

The definition of the exported function above can be simplified using dll-syringe-payload-utils: rust dll_syringe_payload_utils::remote_procedure! { fn add(a: f64, b: f64) -> f64 { a + b } }

License

Licensed under MIT license (LICENSE or http://opensource.org/licenses/MIT)

Attribution

Inspired by Reloaded.Injector from Sewer.