Proof-of-Concept Manual DLL Injector that hijacks a thread in order to load dll into target process.
How does it work?
- Open DLL and read content into buffer
- Make sure the file is a DLL and headers are properly defined
- Adjust Privilege & open the target process based on PID provided in first cmd argument
- Copy DLL into target process
- Copy loader information into target process
- Copy loader function into target process
- Find thread to hijack
- Suspend target thread
- Modify shellcode with proper addresses (ex: address to loader func, address to inject info)
- Copy shellcode to call our loader function
- Modify Thread EIP to go to our shellcode
- Shellcode calls loader function with injection info as first argument
- Resume target thread - should be injected now
ThreadJect.exe <PID> <DLL Name>
@ZwClose7 on Rohitab - Base LoadLibrary Injector (uses Thread Hijacking) and his CreateRemoteThread Manual DLL Injector @D4stiny (me) - Modified LoadLibrary Injector by adding code from the CreateRemoteThread injector and changing the shellcode that is used in the thread hijacking to support the manual mapping of the DLL.