blob: d41bf318002445a2e5e90b677beab2430332e4d7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# Invoke-DllInjection
## SYNOPSIS
Injects a Dll into the process ID of your choosing.
PowerSploit Function: Invoke-DllInjection
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
## SYNTAX
```
Invoke-DllInjection [-ProcessID] <Int32> [-Dll] <String>
```
## DESCRIPTION
Invoke-DllInjection injects a Dll into an arbitrary process.
It does this by using VirtualAllocEx to allocate memory the size of the
DLL in the remote process, writing the names of the DLL to load into the
remote process spacing using WriteProcessMemory, and then using RtlCreateUserThread
to invoke LoadLibraryA in the context of the remote process.
## EXAMPLES
### -------------------------- EXAMPLE 1 --------------------------
```
Invoke-DllInjection -ProcessID 4274 -Dll evil.dll
```
Description
-----------
Inject 'evil.dll' into process ID 4274.
## PARAMETERS
### -ProcessID
Process ID of the process you want to inject a Dll into.
```yaml
Type: Int32
Parameter Sets: (All)
Aliases:
Required: True
Position: 1
Default value: 0
Accept pipeline input: False
Accept wildcard characters: False
```
### -Dll
Name of the dll to inject.
This can be an absolute or relative path.
```yaml
Type: String
Parameter Sets: (All)
Aliases:
Required: True
Position: 2
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
```
## INPUTS
## OUTPUTS
## NOTES
Use the '-Verbose' option to print detailed information.
## RELATED LINKS
[http://www.exploit-monday.com](http://www.exploit-monday.com)
|