Question: Will you do ManualMapping from a byte array? about blackbone HOT 8 CLOSED

It will require a small tweak for activation contexts. Apart from that, everything should be fine even in current implementation.
However, your byte array must represent an actual image, so the engine can parse it.

from blackbone.

If my byte array is:
ReadFile(hFile, dllBin, fSize, (LPDWORD)&nBytes, FALSE);

The DLL is dllBin in this context, would this work?

If yes, would it be possible for you to commit this small tweak as you say? I have zero knowledge of memory alteration, so I'd need a professional like you to do it =)

from blackbone.

Yes, it will work. I'll push all required changes in a couple of days.

from blackbone.

Look into TestMMapFromMem for example.
Mapping modules from memory does not support activation contexts, because it requires ridiculous amount of reversing csrss.exe and sxs.dll.
If you require Actx, you should dump image to disk and map it normally.

from blackbone.

Did you pushed everything? It seems there was a few compilations error;
http://i.imgur.com/wQKKRsm.png

from blackbone.

Yeap, I've missed a driver define. Should work now.

from blackbone.

Thanks alot =)

Little question for you:
I need to map a x86 DLL into a x86 process. The DLL only check the DLL_PROCESS_ATTACH, if yes, it simply shows a message box. At this moment, when using
if (thisProc.mmap().MapImage( buf, size, false, CreateLdrRef | RebaseProcess | NoDelayLoad ) == 0) it didn't work. So I removed RebaseProcess:
if (thisProc.mmap().MapImage( buf, size, false, CreateLdrRef | NoDelayLoad ) == 0). Now, it crashes the remote process. (And the messagebox never shows)

How can I achieve simple manual mapping DLL injection into a remote process?

Thanks alot =)

EDIT: Nvm, I fixed it. Although, it seems that the x64 process can't inject into x86 processes.

from blackbone.

Yes, it does have such restriction. That's because bitness of the assembly code generator and target process must match.

from blackbone.