Skip to content
Inject native DLLs into other processes from .NET.
Branch: master
Clone or download
Latest commit c0e7799 Feb 7, 2017
Type Name Latest commit message Commit time
Failed to load latest commit information.
EnvUpdate Improve logging function Jan 29, 2016
InjectHost refactor, fixes, test improvements Jan 24, 2016
NativeInjector.Test Cleanup Jan 29, 2016
NativeInjector Fix test, set startup Feb 1, 2016
RunAs32 Support injecting into 64-bit processes from 32-bit .NET apps Jan 28, 2016
.gitignore Switch to for data driven tests Jan 28, 2016
NativeInjector.sln Genericize name Jan 29, 2016 Add description Feb 7, 2017
run-tests.ps1 Fix test, set startup Feb 1, 2016

Build status


A simple .NET library for injecting native(PE) DLLs into other processes from managed processes. It uses named shared memory to make a byte[] payload available to the remote process. It works by running LoadLibrary in the target process, resulting in dllmain() in your DLL being called, where your injected code will be. There are important restrictions and best practices regarding code that runs in dllmain(), so caution is advised. Doubly so because you're running code in a foreign process you know nothing about.

It was written for simple, short-lived functions, such as the PATH injection used in Winston.


byte[] payload = Encoding.Unicode.GetBytes("some argument, struct, or other data");
// Synchronously waits for dllmain() to finish, then unloads the DLL
Injector.Inject(pid, dll32path, dll64path, "my shared memory name", payload);


  1. Copy the payload to shared memory
  2. Allocate memory in the target process
  3. Copy the path of the DLL to be injected into previously allocated memory
  4. Create a remote thread to execute LoadLibrary, passing a pointer to the above memory for its argument
  5. LoadLibrary calls the DLL's dllmain(), where your injected code runs
  6. Injector waits for code to finish then unloads the DLL
You can’t perform that action at this time.