Advanced DLL injection tool with multiple injection techniques for Windows processes.
TrueInjector is a powerful DLL injection tool designed for security researchers, reverse engineers, and developers who need to inject DLLs into running processes on Windows systems. It offers multiple injection techniques to bypass various anti-cheat and security mechanisms.
The tool provides a clean, intuitive graphical interface built with Guna UI2 and MetroSuite, allowing users to easily select target processes, choose injection methods, and customize injection parameters.
- Multiple Injection Techniques: Supports Standard Injection, Manual Mapping, and Thread Hijacking
- Process Enumeration: Lists all running processes with their PID and names
- Process Filtering: Search for specific processes by name or PID
- Architecture Validation: Automatically checks DLL and process architecture compatibility
- Customizable Injection Parameters: Fine-tune injection with various API combinations
- Real-time Process Monitoring: Continuously updates the process list
- Modern UI: Clean, dark-themed interface with smooth animations
The traditional DLL injection method using Windows API functions. This technique allocates memory in the target process, writes the DLL path to that memory, and creates a remote thread to execute LoadLibrary.
-
Load Library Function:
LoadLibraryA: ANSI version of LoadLibraryLoadLibraryW: Unicode version of LoadLibrary
-
Thread Creation Method:
CreateRemoteThread: Standard Windows APIRtlCreateUserThread: Native NT APINtCreateThreadEx: Low-level NT APINtQueueApcThread: Asynchronous procedure call injectionNtQueueApcThreadEx: Extended APC injection
-
Memory Writing Method:
WriteProcessMemory: Standard Windows APINtWriteVirtualMemory: Native NT APIZwWriteVirtualMemory: Wrapper for NtWriteVirtualMemoryNtCreateSection + NtMapViewOfSection: Section object mappingCreateFileMapping + MapViewOfFile + NtMapViewOfSection: File mapping approach
-
Memory Allocation Method:
VirtualAllocEx: Standard memory allocationNtAllocateVirtualMemory: Native NT API allocationNtCreateSection: Section-based allocationCreateFileMapping: File mapping allocationVirtualAlloc2: Extended allocation API
-
Process Handle Management:
OpenProcess + CloseHandle: Standard Windows APINtOpenProcess + NtClose: Native NT API
Also known as "Reflective DLL Injection," this advanced technique manually loads a DLL into a target process without using LoadLibrary. It parses the PE headers, resolves imports, handles relocations, and executes the DLL entry point directly.
- ManualMapper.dll: C++ library implementing the manual mapping algorithm
- PE Parsing: Reads and interprets Portable Executable headers
- Import Resolution: Resolves DLL dependencies using LoadLibrary and GetProcAddress
- Relocation Handling: Adjusts addresses based on the actual load location
- TLS Callback Support: Handles Thread Local Storage callbacks
- SEH Support: Structured Exception Handling support for x64
- Shellcode Execution: Uses custom shellcode to initialize the injected DLL
This technique hijacks an existing thread in the target process and redirects its execution to load the DLL. It suspends a thread, modifies its context to point to our shellcode, and resumes it.
- ThreadHijacker.dll: C++ library implementing the thread hijacking algorithm
- Thread Enumeration: Finds threads in the target process
- Context Manipulation: Modifies thread register state
- Shellcode Generation: Creates assembly code to load the DLL
- Stealth Injection: Less detectable than creating new threads
- Clone or download the repository
- Ensure you have the required dependencies installed:
- .NET Framework 4.8.1
- Visual Studio with C# and C++ support
- Restore NuGet packages:
nuget restore TrueInjector.sln - Build the solution:
msbuild TrueInjector.sln /p:Configuration=Release
- Launch TrueInjector.exe
- Select a target process from the process list:
- Use the search box to filter processes by name or PID
- Click "Refresh processes" to update the list
- Load a DLL file:
- Click "Load DLL file..." and select your DLL
- Or enter the full path in the DLL file path textbox
- Choose an injection method:
- Standard Injection: Traditional LoadLibrary injection
- Manual Mapping: Advanced reflective injection
- Thread Hijacking: Thread redirection technique
- Configure injection parameters (for Standard Injection):
- Select appropriate APIs for your target process
- Click "Inject DLL file into selected process"
- Check for success or error messages
TrueInjector consists of three main components:
-
Main Application (C#):
- Graphical user interface
- Process enumeration and selection
- Injection parameter configuration
- Integration with native DLLs
-
ManualMapper.dll (C++):
- Implements manual mapping injection
- PE parsing and manipulation
- Memory management using NT APIs
-
ThreadHijacker.dll (C++):
- Implements thread hijacking injection
- Thread manipulation and context switching
- Assembly shellcode generation
- TrueInjector is intended for legitimate purposes such as:
- Software testing and debugging
- Security research
- Educational purposes
- Reverse engineering
- Use responsibly and only on software you own or have explicit permission to analyze
- Some antivirus software may flag injection tools as suspicious - this is normal
- Guna.UI2: Modern Windows Forms controls
- MetroSuite: Custom form styling library
- PeNet: PE file analysis library
- Costura.Fody: Embedding assemblies into executables
- Native Windows APIs: kernel32.dll, ntdll.dll
- Operating System: Windows 7 or higher (x64 recommended)
- Runtime: .NET Framework 4.8.1
- Architecture: x64 (compatible with both x86 and x64 target processes)
- Privileges: Administrator rights recommended for injecting into system processes
This project is licensed under the MIT License - see the LICENSE file for details.
Note: This tool is for educational and legitimate security research purposes only. The developers are not responsible for any misuse or damage caused by this tool.