Skip to content

Latest commit

 

History

History
77 lines (55 loc) · 1.95 KB

README.md

File metadata and controls

77 lines (55 loc) · 1.95 KB

About

NAPI Native addon for Windows DLL injection with support for Wow64 and Unicode path.

This is a simple injector using the classic createRemoteThread() + LoadLibrary() from Kernel32 combo.

  • x64 injector
    • can inject x64 DLL into x64 processes.
    • can inject x86 DLL into x86 processes (Wow64).
  • x86 injector
    • can inject x86 DLL into x86 processes.
  • ARM64 injector (Untested)
    • should inject ARM64 DLL into ARM64 processes.

📦 Scoped @xan105 packages are for my own personal use but feel free to use them.

Example

import { spawn } from "node:child_process";
import { dirname } from "node:path";
import { createRemoteThread } from "@xan105/remote-thread";

const EXECUTABLE = "G:\\foo\\bar.exe";
const ADDON = "G:\\foo\\人名.dll";

const binary = spawn(EXECUTABLE, [], {
  cwd: dirname(EXECUTABLE),
  stdio:[ "ignore", "ignore", "ignore" ], 
  detached: true
});

binary.once("error", (err) => {
  console.error(err);
});

binary.once("spawn", () => {
  binary.unref();
  //DLL Injection
  createRemoteThread(binary.pid, ADDON);
});

Installation

npm install @xan105/remote-thread

🚀 x86, x64 and ARM64 prebuilt binary provided.

Force compiling:

npm install @xan105/remote-thread --build-from-source

You will need C/C++ build tools and Python 3.x (node-gyp) to build this module.

Important

This package doesn't have any installation restrictions in its package.json file to facilitate multi-platform development; however, it is designed to work only on Windows with x86/x64 architecture. ARM64 is untested.

API

⚠️ This module is only available as an ECMAScript module (ESM).

Named export

createRemoteThread(pid: string, filePath: string): void

Injects the specified DLL located at filePath into the process identified by the given pid.

❌ This function will throw if you are not running on Windows x86/x64.
❌ This function will throw on unexpected error.