GithubHelp home page GithubHelp logo

gavz / rusty-memory-loadlibrary Goto Github PK

View Code? Open in Web Editor NEW

This project forked from malware-unicorn/rusty-memory-loadlibrary

0.0 0.0 0.0 122 KB

Load DLLs from memory with rust

License: MIT License

Rust 100.00%

rusty-memory-loadlibrary's Introduction

rusty-memory-loadlibrary

Load DLLs from memory into another process with rust

  • x64bit Only
  • Largely based on fancycode/MemoryModule
  • Will map a DLL in another process' memory
  • Uses PEB to build most of the import table, if not will remotely load libraries with a classic dll injection (LoadLibraryA, VirtualAlloc LibName, CreateRemoteThread)
  • Uses WriteProcessMemory/ReadProcessMemory to write/read another process
  • Uses a shellcode wrapper for TLS & DllMain calls
  • Uses CreateRemoteThread (I recommend using EtwpCreateEtwThread instead)
  • Threw in a PPID spoof for testing with main

Prereqs

sudo apt-get install gcc-mingw-w64-x86-64
rustup target add x86_64-pc-windows-gnu

Build

cargo build --release --target x86_64-pc-windows-gnu

Example Usage:

Recommended for remote loading

let handle = _memory_loadlibary_remote(
    data.as_mut_ptr() as *mut c_void,
    data.len() as u32,
    process_info.p_handle,
);

Recommended for reflective loading

let handle = memory_loadlibary_remote(
    data.as_mut_ptr() as *mut c_void, 
    data.len() as u32, 
    NULL
);

Platform Info

  • Built with Ubuntu WSL
  • Tested on Windows 10
  • Tested reflective DLL injection with CobaltStrike, not remote DLL injection

References:

Future Plans:

  • TODO: Freeing memory allocs
  • TODO: Get proc address like in fancycode/MemoryModule
  • TODO: Unhooking NTDLL for writes & reads
  • TODO: Probably some code refactoring & better error handling

rusty-memory-loadlibrary's People

Contributors

malware-unicorn avatar niorvector avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.