Mapping...
File ok
Target process memory allocation failed (ex) 0x5
Error while mapping.

Hi, I am from Belarus, That's why I don't write well in English. I am not good at programming, just learning how it works and trying modify ur code. So, I have some questions related to manual mapping topic. I will be gratefull for any answers!

1. I readed somewhere that erasing of the dll entry point will make injection harder to detect. Do u think this may help? I tried to implement it. The code is below. Check it please. Is I doing right? Unfortunately I dont know how to check it.

NtWriteVirtualMemory(ProcessHandle, (BYTE*)TargetBase + ImageOptionalHeader->AddressOfEntryPoint, ZeroBuffer, 32, &oldp);

Also I discovered that I can erase PE header like this in the end of Shellcode function:

MappingData->DllEntryFunction(MappingData->TargetBase, DLL_PROCESS_ATTACH, nullptr);

MappingData->ModuleHandle = reinterpret_cast<HINSTANCE>(MappingData->TargetBase);

int i = 1024;

unsigned char* ptr = (unsigned char*)MappingData->TargetBase;

while (i-- > 0)         //working
{
	*ptr++ = 0;
}

while (ImageOptionalHeader->SizeOfHeaders-- > 0)        //also working
{
	*ptr++ = 0;
}

unsigned char* ptr = (unsigned char*)MappingData->TargetBase;

int i = ImageOptionalHeader->SizeOfHeaders;
	
while (i-- > 0)                //dont work
{
		*ptr++ = 0;
}

Its just memset implemention. By bruteforce method I found "1024" which erases all page and target working correctly. But sadly I cant understand how its working. When I pass "4096" or "SizeOfHeaders" my target crashes. The same situation with entry point erasing with the same memset method. Do u see the problem?

2. What "adjust sections protection" acctually do? As far as I understand when we wrote sections they all got "RWX" permessions after using "NtWriteVirtualMemory". And this function restore "needed" permissions to be a bit sleathier. Correct me if I am wrong please.

3. Is it profitable to allocate "RW" each time I allocate memory, then change it via "NtProtectVirtualMemory" to needed ... do some work ... and set it to RW or R when finished injection? I tried to do this, but when I exploring memory in ProcessHacker I see 2 "RWX" regions that created after injection. There are shellcode and my dll without headers, so its easy to find by "RWX" cuz its only RW, R and so on in my target process.

4. Still cant write my custom GetProcAddress correctly into remote process. Its crashes. I replaced "strcmp", Its working in local process, but not in remote. Would you like to update your project and add this feature? :D

Thank u!

Hey, I wonder if it would be possible using your project to manual map from source rather than "ifstreaming" the dll from disk.

I tried it the following way but had some issues:

1. Imported the Dll into HxD and exported it as C.
2. export looks like this: char rawData[2785280] = { 0x4D, 0x5A, 0x90, 0x00, 0x03, 0x00, 0x00, 0x00, ... };
3. Added export as dlldata.h to the Project
4. replaced the following code:
   std::ifstream File(dllPath, std::ios::binary | std::ios::ate);
   with
   std::ifstream File(rawData, std::ios::binary);

Result: got an error at if (File.fail()) "Opening the file failed:"

So I changed it from std::ifstream to std::istringstream, also had to change it to:
auto FileSize = sizeof(rawData);.

This almost works but I get an error in Injector.cpp saying "Invalid platform" now.

So now I've reached a point where I don't know what to do next. Would be great if you could help me out as I'm almost finished but cant get it fully working.

Thank you very much.

Consider add a TLS fix

Hello! In the injector.cpp > ManualMapDll fuction arguments > "SIZE_T FileSize" - not used in code. Please, let me know can I just delete it, or as I suppose its need to insert in this line: "void* pShellcode = VirtualAllocEx(hProc, nullptr, 0x1000, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);" insted of 0x1000 and
accordingly in the WriteMemory fuction too. Please answer me and sorry for my bad English.

Have you considered adding SEH Exception support? I cannot use this, as without SEH Exceptions my DLL will instantly crash my target

I added a VMP, but it will prompt target process memory allocation failed (Ex) error. My DLL file size is about 5MB

Hi, man! I kindly ask you to help me figure out how to pass my own (custom) GetProcAdress function in MANUAL_MAPPING_DATA structure. Is it possible?

I will be very grateful! Ty!

Here is code of it:

FARPROC __stdcall InternalGetProcAddressP(HMODULE ModuleHandle, LPCSTR ProcessName) 
{
    PIMAGE_DOS_HEADER ImageDosHeader = (PIMAGE_DOS_HEADER)ModuleHandle;
    PIMAGE_NT_HEADERS ImageNtHeader = (PIMAGE_NT_HEADERS)((BYTE*)ModuleHandle + ImageDosHeader->e_lfanew);
    PIMAGE_EXPORT_DIRECTORY ImageExportDirectory = (PIMAGE_EXPORT_DIRECTORY) ((BYTE*)ModuleHandle + ImageNtHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress);

    DWORD* AddressOfFunctions = (DWORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfFunctions);
    WORD* AddressOfNameOrdinals = (WORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfNameOrdinals);
    DWORD* AddressOfNames = (DWORD*)((BYTE*)ModuleHandle + ImageExportDirectory->AddressOfNames);

    for (DWORD i = 0; i < ImageExportDirectory->NumberOfNames; ++i) {
        if (strcmp(ProcessName, (const char*)ModuleHandle + AddressOfNames[i]) == 0) {
            return (FARPROC)((BYTE*)ModuleHandle + AddressOfFunctions[AddressOfNameOrdinals[i]]);
        }
    }

    return NULL;
}

when opened:
Invalid Params
Usage: dll_path [process_name]
Press any key to continue . . . ( and then quits)

FIX?

I tried to inject this simple DLL into CS:GO, but CS always crashes.

#include <Windows.h>

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
        case DLL_PROCESS_ATTACH:
            MessageBox(NULL, L"Hello World!", L"Dll says:", MB_OK);
            break;
        case DLL_THREAD_ATTACH:
        case DLL_THREAD_DETACH:
        case DLL_PROCESS_DETACH:
            break;
    }
    return TRUE;
}

I ran it with Injector-x86.exe test.dll csgo.exe

Process pid: 17352
Mapping...
File ok
Data allocated
My shellcode pointer 01151E40
Target point 23700000
Press any key to continue . . .
Thread created at: 23700000, waiting for return...
Process crashed, exit code: -1073741819
Error while mapping.
Press any key to continue . . .

Don't know what am I supposed to do, or how can I do it..
No .exe in your files?
Never used visual studio, so I don't know if I have to build the .exe? plus I don't know how to use it :(

why?

tried to build in debug/release
with extreme injector works fine

im playing not steam version of rust (no EAC)
when debugging it says [LoadImageToMemory] Invalid Image: Not Page Aligned

added free(emptyBuffer); in ManualMapDll

Were do i put my Injector_path.exe dll_path [process_name]? When running the program it just says invalid params?

I have no idea why, but it just crashes 🤷
just like CS:GO