A lightweight native DLL mapping library that supports mapping directly from memory
- Control flow guard setup
- Exception handler initialisation
- Security cookie generation
- SxS dependency resolution
- TLS callback execution
- x86 and x64 support
- The latest version of the PDB for ntdll.dll is downloaded and cached on disk by the library
The example below demonstrates a basic implementation of the library
var process = Process.GetProcessesByName("")[0];
var dllFilePath = "";
var flags = MappingFlags.DiscardHeaders;
var mapper = new LibraryMapper(process, dllFilePath, flags);
mapper.MapLibrary();Provides the functionality to map a DLL from disk or memory into a process
public sealed class LibraryMapperInitialises an instance of the LibraryMapper class with the functionality to map a DLL from memory into a process
public LibraryMapper(Process, Memory<byte>, MappingFlags);Initialises an instance of the LibraryMapper class with the functionality to map a DLL from disk into a process
public LibraryMapper(Process, string, MappingFlags);The base address of the DLL in the process after it has been mapped
public IntPtr DllBaseAddress { get; }Maps the DLL into the process
public void MapLibrary();Unmaps the DLL from the process
public void UnmapLibrary();Defines actions that the mapper should take during the mapping process
[Flags]
public enum MappingFlagsDefault flag
MappingsFlags.NoneSpecifies that the header region of the DLL should not be mapped
MappingsFlags.DiscardHeaders Specifies that any TLS callbacks and DllMain should not be called
MappingsFlags.SkipInitialisationRoutines