Downloads, Hacking Tools

Lunar – A Lightweight Native DLL Mapping Library That Supports Mapping Directly From Memory

A lightweight native DLL mapping library that supports mapping directly from memory

Features

  • Imports and delay imports are resolved
  • Relocations are performed
  • Image sections are mapped with the correct page protection
  • Exception handlers are initialised
  • A security cookie is generated and initialised
  • DLL entry point and TLS callbacks are called

Getting started
The example below demonstrates a simple implementation of the library

var libraryMapper = new LibraryMapper(process, dllBytes); // Map the DLL into the process libraryMapper.MapLibrary(); // Unmap the DLL from the process libraryMapper.UnmapLibrary();

Constructors

LibraryMapper(Process, Memory<byte>)

Provides the functionality to map a DLL from memory into a remote process

LibraryMapper(Process, string)

Provides the functionality to map a DLL from disk into a remote process

Properties

DllBaseAddress

The base address of the DLL in the remote process after it has been mapped

Methods

MapLibrary()

Maps the DLL into the remote process

UnmapLibrary()

Unmaps the DLL from the remote process

Caveats

  • Mapping requires the presence of a PDB for ntdll.dll, and, so, the library will automatically download the latest version of this PDB from the Microsoft symbol server and cache it in %appdata%/Lunar/Dependencies

Source : KitPloit – PenTest Tools!

Previous ArticleNext Article

Send this to a friend