dll-syringe

dll-syringe copied to clipboard

This PR builds on:

• https://github.com/OpenByteDev/dll-syringe/pull/19

So please address that first, as changes from that PR will show as a diff here otherwise.

---

This PR adds support for injecting code into suspended processes.

This is done by adding the API

pub fn for_suspended_process(process: OwnedProcess) -> Result<Self, io::Error> 

For more details, see the code included, but the tl;dr is; we write a dummy function and execute a thread there; this allows for the process to fully initialize (without starting its main thread); allowing us to then perform operations such as listing modules etc.

Also submitted WINE Bug #56362: Using CreateRemoteThread on x86 child from an x86_64 parent fails if a lpParameter is specified..

For some reason, the tests still pass, so they don't hit that bug. But I found it while writing this patch, and it definitively exists. Maybe it has to do with writing the shellcode/payload manually, vs pointing it at an existing loaded DLL.