winapi
winapi provides raw FFI bindings to all of Windows API. So, I will use this crate.
code
When run command cargo run, it can be inject dll to process
use winapi::ctypes::*;
use winapi::um::libloaderapi::{GetModuleHandleA, GetProcAddress};
use winapi::um::memoryapi::{VirtualAllocEx, WriteProcessMemory};
use winapi::um::processthreadsapi::{CreateRemoteThread, OpenProcess};
pub fn DllInject(proc_handle: *mut c_void, dll_path: &str) {
unsafe {
let remote_base = VirtualAllocEx(
proc_handle,
std::ptr::null_mut(),
dll_path.len(),
0x1000,
0x40,
);
WriteProcessMemory(
proc_handle,
remote_base,
dll_path.as_bytes().as_ptr() as *const c_void,
dll_path.len(),
std::ptr::null_mut(),
);
let dll_handle = GetModuleHandleA("kernel32.dll\0".as_ptr() as *const i8);
let func_address = GetProcAddress(dll_handle, "LoadLibraryA\0".as_ptr() as *const i8);
CreateRemoteThread(
proc_handle,
std::ptr::null_mut(),
0,
Some(std::mem::transmute(func_address)),
remote_base,
0,
std::ptr::null_mut(),
);
}
}
fn main() {
let pid: u32 = 100; // modify real process ID
let dll_path = r#"injectDLL"#; // modify real DLL
unsafe{
let proc_handle = OpenProcess(0x001FFFFF, 0, pid);
DllInject(proc_handle, dll_path);
}
}