A lightweight native DLL mapping library that supports mapping directly from memory
- x86 and x64 support
- Direct memory mapping
- Manual exception handler initialisation
- Randomised security cookie generation
- TLS callback execution
- A PDB for ntdll.dll is downloaded and cached on disk by the library
The example below demonstrates a basic implementation of the library
var process = Process.GetProcessesByName("")[0];
var dllFilePath = "";
var flags = MappingFlags.DiscardHeaders;
var mapper = new LibraryMapper(process, dllFilePath, flags);
mapper.MapLibrary();
Provides the functionality to map a DLL from disk or memory into a process
public sealed class LibraryMapper
Provides the functionality to map a DLL from memory into a process
LibraryMapper(Process, Memory<byte>, MappingFlags)
Provides the functionality to map a DLL from disk into a process
LibraryMapper(Process, string, MappingFlags)
The base address of the DLL in the process after it has been mapped
DllBaseAddress
Maps the DLL into the process
MapLibrary()
Unmaps the DLL from the process
UnmapLibrary()
Defines actions that the mapper should take during mapping
[Flags]
public enum MappingFlags
Default flag
MappingsFlags.None
Specifies that the header region of the DLL should not be mapped
MappingsFlags.DiscardHeaders
Specifies that TLS callbacks and DllMain should not be called
MappingsFlags.SkipInitialisationRoutines