If anybody wants to express their gratitude, they can buy me a coffee. Click on the button below!
|– Supports x86 and x64 processes and modules
– Kernel-mode injection feature (driver required)
– Manual map of kernel drivers (driver required)
– Injection of pure managed images without proxy dll
– Windows 7 cross-session and cross-desktop injection
– Injection into native processes (those having only ntdll loaded)
– Calling custom initialization routine after injection
– Unlinking module after injection
– Injection using thread hijacking
– Injection of x64 images into WOW64 process
– Image manual mapping
– Injection profiles
Manual map features:
– Relocations, import, delayed import, bound import
– Static TLS and TLS callbacks
– Security cookie
– Image manifests and SxS
– Make module visible to GetModuleHandle, GetProcAddress, etc.
– Support for exceptions in private memory under DEP
– C++/CLI images are supported (use ‘Add loader reference’ in this case)
Kernel manual map features are mostly identical to user-mode with few exceptions:
– No C++ exception handling support for x64 images (only SEH)
– No static TLS
– No native loader compatibility
– Limited dependency path resolving. Only API set schema, SxS, target executable directory and system directory
Supported OS: Win7 – Win10 x64
Injector has 2 versions – x86 and x64. Apart from obvious features x86 version supports injection of x64 images into x64 processes; x64 injector supports injection of x86 and x64 images into WOW64 processes. However this is only valid for native images. If you want to inject pure managed dll – use same injector version as your target process is.
Injection of x64 images into WOW64 process is totally unpredictable. If you want to do this I would recommend to use manual mapping with manual imports option, because native loader is more buggy than my implementation in this case (especially in windows 7).
– You can’t inject 32 bit image into x64 process
– Use x86 version to manually map 32 bit images and x86 version to map 64 bit images
– You can’t manually map pure managed images, only native injection is supported for them
– May not work properly on x86 OS versions
– Kernel injection is only supported on x64 OSes and requires Driver Test signing mode.
– Win10 RS4 update support
Existing – select existing process from the list
New – new process will be launched before injection
Manual launch – after pressing ‘Inject’ button, injector will wait for target process startup
Native Loader options:
Manual map options:
Close after injection:
Profiles->Load – load injection profile
Tools->Eject modules – open module ejection dialog
Command line options:
Kernel injection methods require system running in Test mode.
1. Access denied
|Failed to load BlackBone driver:
A process has requested access to an object, but has not been granted those access rights.
If you are using account with admin rights – run program as Administrator. If you are using restricted user account – enable UAC and then run as Administrator.
2. Injection failed with error code 0xC0000225. Injector failed to resolve one or more dll dependencies. Make sure you have all required dlls and proper CRT libraries. In case of kernel manual mapping, dependencies should be placed near target process executable or in system32 (SysWOW64 for 32bit processes) folder.
Credits:_Mike@OC for his managed dll injection using AsmJit code
Petr Kobalicek – AsmJit project
Buy Me A Coffee, Click on the Button below to Donate and help use towards Hosting Files so you can get Free Content 4ever, Thank you.