xan105/node-remote-thread
NAPI Native addon for Windows DLL injection with support for Wow64 and Unicode path
About
NAPI Native addon for Windows DLL injection with support for Wow64 and Unicode path.
This is a simple injector using the classic createRemoteThread() + LoadLibrary() from Kernel32 combo.
- x64 injector
- can inject x64 DLL into x64 processes.
- can inject x86 DLL into x86 processes (Wow64).
- x86 injector
- can inject x86 DLL into x86 processes.
- ARM64 injector (Untested)
- should inject ARM64 DLL into ARM64 processes.
π¦ Scoped @xan105 packages are for my own personal use but feel free to use them.
Example
import { spawn } from "node:child_process";
import { dirname } from "node:path";
import { createRemoteThread } from "@xan105/remote-thread";
const EXECUTABLE = "G:\\foo\\bar.exe";
const ADDON = "G:\\foo\\δΊΊε.dll";
const binary = spawn(EXECUTABLE, [], {
cwd: dirname(EXECUTABLE),
stdio:[ "ignore", "ignore", "ignore" ],
detached: true
});
binary.once("error", (err) => {
console.error(err);
});
binary.once("spawn", () => {
binary.unref();
//DLL Injection
createRemoteThread(binary.pid, ADDON);
});Installation
npm install @xan105/remote-thread
π x86, x64 and ARM64 prebuilt binary provided.
Force compiling:
npm install @xan105/remote-thread --build-from-source
You will need C/C++ build tools and Python 3.x (node-gyp) to build this module.
Important
This package doesn't have any installation restrictions in its package.json file to facilitate multi-platform development; however, it is designed to work only on Windows with x86/x64 architecture. ARM64 is untested.
API
Named export
createRemoteThread(pid: string, filePath: string): void
Injects the specified DLL located at filePath into the process identified by the given pid.
β This function will throw if you are not running on Windows x86/x64.
β This function will throw on unexpected error.