ManualDllMapping

A Windows DLL injector that uses manual mapping to load a DLL into a target process without calling LoadLibrary, making the injection invisible to module lists and many anti-cheat/anti-tamper solutions.

How It Works

Instead of using the standard LoadLibrary API, manual mapping mimics what the Windows loader does internally:

1. Read the DLL from disk into a local buffer and validate the PE headers (DOS + NT signatures).
2. Allocate memory in the target process (VirtualAllocEx) at the DLL's preferred image base, falling back to any available address if it's already in use.
3. Write PE headers into the allocated region (WriteProcessMemory).
4. Apply base relocations — if the DLL was not loaded at its preferred base, all absolute addresses in the .reloc section are patched by the load delta (supports both 32-bit HIGHLOW and 64-bit DIR64 relocation types).
5. Copy sections (.text, .data, etc.) into the target process at their correct virtual addresses.
6. Inject shellcode — a small position-independent Shellcode function is written into the target process and executed via CreateRemoteThread. The shellcode:
   • Resolves imports by walking the Import Directory and calling LoadLibraryA / GetProcAddress.
   • Calls the DLL entry point (DllMain) with DLL_PROCESS_ATTACH.
7. Poll for completion by reading back the MANUAL_MAPPING_DATA struct until hMod is set by the shellcode, confirming successful initialization.

Usage

1. Open main.cpp and set the two constants at the top:

   const char szDllFile[] = "C:\\path\\to\\your.dll";   // DLL to inject
   const wchar_t szProc[] = L"target.exe";               // Target process name

2. Build the project in Release x64 (or x86 to match your target).

3. Run the injector as Administrator — OpenProcess with PROCESS_ALL_ACCESS requires elevated privileges for most targets.

Project Structure

File	Description
main.cpp	Entry point — finds the target process by name and calls ManualMap
DllMapper.h	Declarations for ManualMap, Shellcode, MANUAL_MAPPING_DATA, and helper types
DllMapper.cpp	Full manual mapping implementation including PE parsing, relocation, section copying, shellcode injection, and the in-process Shellcode routine

Requirements

• Windows (x86 or x64)
• Visual Studio
• Administrator privileges

Notes

• The injector auto-detects whether the target DLL is 32-bit or 64-bit and parses IMAGE_NT_HEADERS32 / IMAGE_NT_HEADERS64 accordingly.
• The Shellcode function must be position-independent — avoid using global variables or the CRT inside it.
• The shellcode buffer size is computed dynamically at runtime using ShellcodeEnd - Shellcode.
• All allocated remote memory is cleaned up after injection completes (shellcode and mapping-data pages are freed; the mapped image itself remains as the loaded DLL).