吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 21545|回复: 29
收起左侧

[PEtools] Xenos注入器 支持X86 X64 支持内核注入

  [复制链接]
cmc5410 发表于 2014-8-30 19:18
本帖最后由 cmc5410 于 2014-8-30 19:19 编辑
- Supports x86 and x64 processes and modules
- Kernel mode injection
- Injection of pure managed images without proxy dll(code was partially stolen from _Mike@OC)
- Windows 7 cross-session and cross-desktop injection
- Injection into native processes (those having only ntdll loaded)
- Calling custom initialization routine after injection
- Unlinking module after injection
- Injection using thread hijacking
- Injection of x64 images into WOW64 process(read more in Additional notes section)
- Image manual mapping

Supported OS: Win7 - Win8.1 x64. Should also work on x86 OS versions but I haven't tested it much.
Additional notes:
Injector has 2 versions - x86 and x64. Apart from obvious features x86 version supports injection of x64 images into x64 processes; x64 injector supports injection of x86 and x64 images into WOW64 processes. However this is only valid for native images. If you want to inject pure managed dll - use same injector version as your target process is.

Injection of x64 images into WOW64 process is totally unpredictable. If you want to do this I would recommend to use manual mapping with manual imports option, because native loader is more buggy than my implementation in this case  (especially in windows 7).

Restrictions:
- You can't inject 32 bit image into x64 process
- Use x86 version to manually map 32 bit images and x86 version to map 64 bit images
- You can't manually map pure managed images, only native injection is supported for them
- May not work properly on x86 OS versions
- Kernel injection is only supported on x64 OSes and requires Driver Test signing mode.

内核注入 只支持x64  需要驱动测试签名模式


V1.2.0
- Kernel injection methods
- Various bug fixes


xenos_j.jpg

Injection type:
Native inject - common approach using LoadLibraryW \ LdrLoadDll in newly created or existing thread
Manual map - manual copying image data into target process memory without creating section object
Kernel(New thread) - kernel mode CreateThread into LdrLoadDll. Uses driver
kernel(APC) - kernel mode APC into LdrLoadDll. Uses driver

Process selection:
Either select existing non-protected process or select executable (by pressing 'New' button) that would be launched before injecting into it.

Command Line:
Process arguments

Image:
Full-qualified path to image you want inject. Drag'n'drop is also supported.

Init routine:
If you are injecting native (not pure IL) image, this is name of exported function that will be called after injection is done. This export is called as void ( __stdcall* )(wchar_t*) function.
If you are injecting pure managed image, this is name of public method that will be executed using ICLRRuntimeHost::ExecuteInDefaultAppDomain.

Init argument:
String that is passed into init routine

Native Loader options:
Unlink module - after injection, unlink module from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, HashLinks and LdrpModuleBaseAddressIndex.

Context thread:
New thread - LoadLibrary and init routine will be executed in new thread.
Any other selection - LoadLibrary and init routine will be executed in the context of selected thread.

Manual map options:
Add loader reference - Insert module record into InMemoryOrderModuleList/LdrpModuleBaseAddressIndex and HashLinks. Used to make module functions (e.g. GetModuleHandle, GetProcAddress) work with manually mapped image.
Manually resolve imports - Image import and delayed import dlls will be also manually mapped instead of being loaded using LdrLoadDll.
Wipe headers - Erase module header information after injection. Also affects manually mapped imports.
Ignore TLS - Don't process image static TLS data and call TLS callbacks.
No exception support - Don't create custom exception handlers that enable out-of-image exception support under DEP.

Xenos_1.2.0.7z (450.47 KB, 下载次数: 646)


免费评分

参与人数 1热心值 +1 收起 理由
吾爱扣扣 + 1 怒刷存在感!

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

头像被屏蔽
开心happy 发表于 2014-8-30 19:37
提示: 作者被禁止或删除 内容自动屏蔽
powerjiang 发表于 2015-4-2 01:08
头像被屏蔽
qxqytq 发表于 2014-8-30 19:31
ii丶BigBreast 发表于 2014-8-30 19:41
360杀了...
吾爱扣扣 发表于 2014-8-30 19:44
怒刷存在感,求理睬!

免费评分

参与人数 1热心值 +1 收起 理由
零和游戏 + 1 荔枝微博相册下载助手V2.1破解版 作者更新.

查看全部评分

纯洁的人啊 发表于 2014-8-30 20:39
有什么用
y1065403288 发表于 2014-8-30 21:19

能否汉化一下 真心看不懂啊!
renminbi 发表于 2014-8-30 22:34
这工具不错,开源的吗

点评

是开源的  发表于 2014-8-31 09:35
youxigx 发表于 2014-9-13 05:11
如果发布的是汉化版就更完美了
2314902431 发表于 2014-9-18 19:53
英文看不懂.还得找度娘翻译去~
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-12-23 19:33

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表