/Lunar

A lightweight native DLL mapping library that supports mapping directly from memory

Primary LanguageC#MIT LicenseMIT

Lunar

A lightweight native DLL mapping library that supports mapping directly from memory

Features

  • x86 and x64 support
  • Direct memory mapping
  • Manual exception handler initialisation
  • Randomised security cookie generation
  • TLS callback execution

Caveats

  • A PDB for ntdll.dll is downloaded and cached on disk by the library

Getting started

The example below demonstrates a basic implementation of the library

var process = Process.GetProcessesByName("")[0];

var dllFilePath = "";

var flags = MappingFlags.DiscardHeaders;

var mapper = new LibraryMapper(process, dllFilePath, flags);

mapper.MapLibrary();

LibraryMapper Class

Provides the functionality to map a DLL from disk or memory into a process

public sealed class LibraryMapper

Constructors

Provides the functionality to map a DLL from memory into a process

LibraryMapper(Process, Memory<byte>, MappingFlags)

Provides the functionality to map a DLL from disk into a process

LibraryMapper(Process, string, MappingFlags)

Properties

The base address of the DLL in the process after it has been mapped

DllBaseAddress

Methods

Maps the DLL into the process

MapLibrary()

Unmaps the DLL from the process

UnmapLibrary()

MappingFlags Enum

Defines actions that the mapper should take during mapping

[Flags]
public enum MappingFlags

Fields

Default flag

MappingsFlags.None

Specifies that the header region of the DLL should not be mapped

MappingsFlags.DiscardHeaders

Specifies that TLS callbacks and DllMain should not be called

MappingsFlags.SkipInitialisationRoutines