• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
    Rust
  • License
    MIT License
  • Created over 3 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A windows dll injection library written in rust.

dll-syringe

CI crates.io Documentation dependency status MIT

A windows dll injection library written in Rust.

Supported scenarios

Injector Process Target Process Supported?
32-bit 32-bit Yes
32-bit 64-bit No
64-bit 32-bit Yes (requires feature into-x86-from-x64)
64-bit 64-bit Yes

Usage

Inject & Eject

This crate allows you to inject and eject a DLL into a target process. The example below will inject and then eject injection_payload.dll into the process called "ExampleProcess".

use dll_syringe::{Syringe, process::OwnedProcess};

// find target process by name
let target_process = OwnedProcess::find_first_by_name("ExampleProcess").unwrap();

// create a new syringe for the target process
let syringe = Syringe::for_process(target_process);

// inject the payload into the target process
let injected_payload = syringe.inject("injection_payload.dll").unwrap();

// do something else

// eject the payload from the target (optional)
syringe.eject(injected_payload).unwrap();

Remote Procedure Calls (RPC)

This crate supports two mechanisms for rpc. Both only work one-way for calling exported functions in the target process and are only intended for one-time initialization usage. For extended communication a dedicated rpc library should be used.

RemotePayloadProcedure RemoteRawProcedure
Feature rpc-payload rpc-raw
Argument and Return Requirements Serialize + DeserializeOwned Copy, Argument size has to be smaller than usize in target process
Function Definition Using macro payload_procedure! Any extern "system" or extern "C" with #[no_mangle]

RemotePayloadProcedure

A rpc mechanism based on bincode. The target procedure must be defined using the payload_procedure! macro (requires the payload-utils feature).

The definition of an exported add function could look like this:

dll_syringe::payload_procedure! {
    fn add(a: f64, b: f64) -> f64 {
        a + b
    }
}

The code of the injector/caller could looks like this:

use dll_syringe::{Syringe, process::OwnedProcess};

// find target process by name
let target_process = OwnedProcess::find_first_by_name("ExampleProcess").unwrap();

// create a new syringe for the target process
let syringe = Syringe::for_process(target_process);

// inject the payload into the target process
let injected_payload = syringe.inject("injection_payload.dll").unwrap();

let remote_add = unsafe { syringe.get_payload_procedure::<fn(f64, f64) -> f64>(injected_payload, "add") }.unwrap().unwrap();
let result = remote_add.call(&2.0, &4.0).unwrap();
println!("{}", result); // prints 6

// eject the payload from the target (optional)
syringe.eject(injected_payload).unwrap();

RemoteRawProcedure

This mechanism is based on dynamically generated assembly code. The target procedure can be any exported function as long as it uses either the system or C calling convention. This means that even Win32 functions can be called directly.

The definition of an exported add function could look like this:

#[no_mangle]
extern "system" fn add(a: f64, b: f64) -> f64 {
    a + b
}

The code of the injector/caller could looks like this:

use dll_syringe::{Syringe, process::OwnedProcess};

// find target process by name
let target_process = OwnedProcess::find_first_by_name("ExampleProcess").unwrap();

// create a new syringe for the target process
let syringe = Syringe::for_process(target_process);

// inject the payload into the target process
let injected_payload = syringe.inject("injection_payload.dll").unwrap();

let remote_add = unsafe { syringe.get_raw_procedure::<extern "system" fn(f64, f64) -> f64>(injected_payload, "add") }.unwrap().unwrap();
let result = remote_add.call(2.0, 4.0).unwrap();
println!("{}", result); // prints 6

// eject the payload from the target (optional)
syringe.eject(injected_payload).unwrap();

License

Licensed under MIT license (LICENSE or http://opensource.org/licenses/MIT)

Attribution

Inspired by Reloaded.Injector from Sewer.

More Repositories

1

burnt-sushi

Spotify AdBlocker for Windows
Rust
177
star
2

netcorehost

A .NET Core hosting library written in Rust with included bindings for nethost and hostfxr.
Rust
78
star
3

SourceScraper

Simple library which helps you to retrieve the source of various video streaming sites.
TypeScript
65
star
4

BurntSushi

A spotify ad blocker for windows that works via dll injection and function hooking.
C#
37
star
5

EZBlocker3

EZBlocker 3 - Ad Spotify muter/blocker for Windows
C#
32
star
6

ModernWpf.MessageBox

A drop-in replacement for System.Windows.MessageBox using a modern WPF UI.
C#
29
star
7

wineventhook-rs

A rusty wrapper over SetWinEventHook and UnhookWinEvent.
Rust
11
star
8

WinEventHook

A managed wrapper over SetWinEventHook and UnhookWinEvent.
C#
10
star
9

SpotifyRecorder

Record your favourite songs from Spotify.
C#
9
star
10

doi2bib

Generate a bibtex entry from a doi.
Rust
5
star
11

SciHub-Scraper-CLI

CLI utility to scrap paper informations from sci-hub.
Rust
5
star
12

metalink

A Metalink parser for versions 4.0 and 3.0.
Rust
4
star
13

SciHub-Scraper

Scraps paper pdf urls from sci-hub.
Rust
4
star
14

u16cstr

A macro for creating c-style u16 wide strings at compile time.
Rust
4
star
15

transparent

A rust crate for running processes on a virtual desktop / virtual X server environment.
Rust
4
star
16

hostfxr-sys

FFI bindings for hostfxr.
Rust
3
star
17

pancakestack

Rust implementation of the Pancake Stack esoteric programming language.
Rust
3
star
18

Flare.Tcp

A basic multi-client message-based tcp server (and client).
C#
3
star
19

build-target

A crate that provides programmatic access to information about the current build target inside build.rs.
Rust
3
star
20

deadpool-fantoccini

Dead simple async session pool for fantoccini.
Rust
2
star
21

MasterAnime-API

An api interface for MasterAnime.
TypeScript
2
star
22

get-last-error

An error wrapper over Win32 API errors.
Rust
2
star
23

Userscripts

JavaScript
2
star
24

nethost-sys

FFI bindings for nethost.
Rust
2
star
25

Sharp.Inject

A dll injector for injecting managed .NET Core assemblies.
C#
2
star
26

processes

A utility library for accessing processes and modules on windows.
Rust
2
star
27

DynamicServices

C#
2
star
28

async-file-dl

A simple asynchronous file downloader based on axios.
TypeScript
1
star
29

Memowned

A bunch of utilities related to memory ownership.
C#
1
star
30

dll-syringe-payload-utils

Utilities for building payloads for dll-syringe.
Rust
1
star
31

Object.Dump

Provides simple .Dump() methods to easily print objects in full to the console.
C#
1
star
32

OfficeFight

Visual Basic
1
star
33

PySnake-OPB

A simple snake game written in python.
Python
1
star
34

StrictIPParser

A strict alternative to the builtin IP parsing methods.
C#
1
star