吾爱破解 - LCG - LSG |安卓破解|病毒分析|www.52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 41465|回复: 38
收起左侧

[PEtools] Xenos注入器2.2.0汉化版 支持X86 X64 支持内核注入

  [复制链接]
Pizza 发表于 2015-9-26 15:43
Redesigned GUI and some more features

Quote:
- Supports x86 and x64 processes and modules
- Kernel-mode injection feature (driver required)
- Manual map of kernel drivers (driver required)
- Injection of pure managed images without proxy dll
- Windows 7 cross-session and cross-desktop injection
- Injection into native processes (those having only ntdll loaded)
- Calling custom initialization routine after injection
- Unlinking module after injection
- Injection using thread hijacking
- Injection of x64 images into WOW64 process
- Image manual mapping
- Injection profiles

Manual map features:
- Relocations, import, delayed import, bound import
- Static TLS and TLS callbacks
- Security cookie
- Image manifests and SxS
- Make module visible to GetModuleHandle, GetProcAddress, etc.
- Support for exceptions in private memory under DEP
- C++/CLI images are supported (use 'Add loader reference' in this case)

Kernel manual map features are mostly identical to user-mode with few exceptions:
- No C++ exception handling support for x64 images (only SEH)
- No static TLS
- No native loader compatibility
- Limited dependency path resolving. Only API set schema, SxS, target executable directory and system directory

Supported OS: Win7 - Win10 x64



Additional notes:
Injector has 2 versions - x86 and x64. Apart from obvious features x86 version supports injection of x64 images into x64 processes; x64 injector supports injection of x86 and x64 images into WOW64 processes. However this is only valid for native images. If you want to inject pure managed dll - use same injector version as your target process is.


Injection of x64 images into WOW64 process is totally unpredictable. If you want to do this I would recommend to use manual mapping with manual imports option, because native loader is more buggy than my implementation in this case (especially in windows 7).


Restrictions:
- You can't inject 32 bit image into x64 process
- Use x86 version to manually map 32 bit images and x86 version to map 64 bit images
- You can't manually map pure managed images, only native injection is supported for them
- May not work properly on x86 OS versions
- Kernel injection is only supported on x64 OSes and requires Driver Test signing mode.


Changelog

V2.2.0
- Command line options
- Separate x86/x64 profiles
- Pure IL exe manual mapping

V2.1.4
- VS 2015 runtime
- Win10 RTM support

V2.1.3
- Win10 build 9926 support
- Win8.1 bug fixes

V2.1.2
- Fixed BSOD under win7 and win8.1 systems
- Major kernel manual map bug fixes
- Kernel logs

V2.1.1
- Some logging

V2.1.0
- Kernel manual map for user-mode dlls
- Process handle access rights escalation

V2.0.0
- New GUI
- Injection image list
- Auto-injection
- Injection profiles
- Injection delay timers
- Kernel injection improvements - module unlinking and init routine invocation
- Win10 tech preview support

V1.2.1
- ManuapMap: 'Hide mapped memory region' flag
- Manual map of system drivers
- Self-protection option (Tools -> Protect self)
- Improved injection into suspended process
- 'Close after injection' flag

V1.2.0
- Kernel injection methods
- Various bug fixes

V1.1.2
- Save/load last programm configuration
- Added command line for process launcher
- ManualMap: Discardable sections aren't mapped now (e.g. ".reloc")

V1.1.0
- Added module view
- Module unloading

V1.0.1:
- Fixed bug with remote memory deallocation after manual mapping
- Exception handler aren't created now if process has DEP turned off.


QQ截图20150926152629.png
Readme:
Some option explanations:

Process selection:
    Existing - select existing process from the list
    New - new process will be launched before injection
    Manual launch - after pressing 'Inject' button, injector will wait for target process startup
      
Images:
    List of images you want inject
    Add - add new image to the list. Drag'n'drop is also supported
    Remove - remove selected image
    Clear - clear image list
      
Advanced options:

    Injection type:
        Native inject - common approach using LoadLibraryW \ LdrLoadDll in newly created or existing thread
        Manual map - manual copying image data into target process memory without creating section object
        Kernel(New thread) - kernel mode ZwCreateThreadEx into LdrLoadDll. Uses driver
        Kernel(APC) - kernel mode APC into LdrLoadDll. Uses driver
        Kernel(Manual map) - kernel manual mapping. Uses driver
        
    Native Loader options:
        Unlink module - after injection, unlink module from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, HashLinks and LdrpModuleBaseAddressIndex.
        Erase PE - after injection, erase PE headers
        Use existing thread - LoadLibrary and init routine will be executed in the context of random non-suspended thread.
            
    Manual map options:
        Add loader reference - Insert module record into InMemoryOrderModuleList/LdrpModuleBaseAddressIndex and HashLinks. Used to make module functions (e.g. GetModuleHandle, GetProcAddress) work with manually mapped image.
        Manually resolve imports - Image import and delayed import dlls will be also manually mapped instead of being loaded using LdrLoadDll.
        Wipe headers - Erase module header information after injection. Also affects manually mapped imports.
        Ignore TLS - Don't process image static TLS data and call TLS callbacks.
        No exception support - Don't create custom exception handlers that enable out-of-image exception support under DEP.
        Conceal memory - Make image memory visible as PAGE_NO_ACESS to memory query functions
        
    Command Line:
        Process command line arguments

    Init routine:
        If you are injecting native (not pure IL) image, this is name of exported function that will be called after injection is done. This export is called as void ( __stdcall* )(wchar_t*) function.
        If you are injecting pure managed image, this is name of public method that will be executed using ICLRRuntimeHost::ExecuteInDefaultAppDomain.

    Init argument:
        String that is passed into init routine
         
    Close after injection:
        Close injector after successful injection
        
    Inject delay:
        Delay before injection start
        
    Inject interval:
        Delay between each image
   
    Escalate handle access:
        Bypass handle acess filters. Driver is required
        
Menu options:
   
    Profiles->Load - load injection profile
    Profiles->Save - save current settings into profile
   
    Tools->Eject modules - open module ejection dialog
    Tools->Protect self - make injector process protected (driver required)
        
Command line options:
        --load <profile_path> - start injector and load target profile specified by <profile_path>
        --run <profile_path> - imeddiately execute profile specified by <profile_path> without GUI
               
Kernel injection methods require system running in Test mode.
Comon problems:
1. Access denied
Quote:
Failed to load BlackBone driver:

{Access Denied}

A process has requested access to an object, but has not been granted those access rights.
If you are using account with admin rights - run program as Administrator. If you are using restricted user account - enable UAC and then run as Administrator.

2. Injection failed with error code 0xC0000225. Injector failed to resolve one or more dll dependencies. Make sure you have all required dlls and proper CRT libraries. In case of kernel manual mapping, dependencies should be placed near target process executable or in system32 (SysWOW64 for 32bit processes) folder.


Credits:
_Mike@OC for his managed dll injection using AsmJit code
Petr Kobalicek - AsmJit project


Source code https://github.com/DarthTon/Xenos
Download link Xenos_2.2.0汉化版.7z (671.38 KB, 下载次数: 4813)

点评

Update version (v2.3.0) has been released. Please see my queto at belows page.  发表于 2017-10-21 15:12
这注入器有点问题 不能强制注入  发表于 2015-9-26 16:13

免费评分

参与人数 10吾爱币 +1 热心值 +10 收起 理由
a1421527169 + 1 + 1 收下了,感谢楼主!!
shenhuawd + 1 谢谢@Thanks!
Hmily + 1 感谢发布原创作品,吾爱破解论坛因你更精彩.
574261766 + 1 谢谢@Thanks!
飘零未忍 + 1 果断下载,期待楼主跟进后续版本汉化,谢谢.
蚯蚓翔龙 + 1 谢谢@Thanks!
Cizel + 1 感谢发布原创作品,吾爱破解论坛因你更精彩.
苏紫方璇 + 1 感谢发布原创作品,吾爱破解论坛因你更精彩.
山顶的一棵草 + 1 不做伸手党~
yypE + 1 速度支持

查看全部评分

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

yoza 发表于 2017-10-21 14:58
Thank you _BaZzi.......

@_BaZzi
Update Version (v2.3.0) has been released on 26 August 2017. And formerly posted by DarthTon itself at UnknownCheat Forum.
Posted link here :
https://www.unknowncheats.me/for ... njector-v2-0-a.html

Changelog :
- Win10 Creators Update support
- Unified injection and manual mapping (injector -> target) : x86->x86, x64->x64, x86->x64, x64->x86
- Bug fixes, stability improvements

More detail, you can refers to the contents of packed binaries format (Xenos_2.3.0_[unknowncheats.me]_.7z)

Binaries :
Xenos_2.3.0_[unknowncheats.me] ...

Sources code :
Xenos-master.zip

Enjoy....

Best regards,
yoza

Xenos_2.3.0_[unknowncheats.me]_.7z

699.1 KB, 下载次数: 341, 下载积分: 吾爱币 -1 CB

Xenos-master.zip

124.81 KB, 下载次数: 112, 下载积分: 吾爱币 -1 CB

免费评分

参与人数 3吾爱币 +7 热心值 +3 收起 理由
610100 + 3 + 1 谢谢@Thanks!
苏紫方璇 + 1 + 1 鼓励转贴优秀软件安全工具和文档!
xjun + 3 + 1 我很赞同!

查看全部评分

龟仔龟龟 发表于 2018-2-14 20:11
welcome yoza come back!!!Hope you have  every nice day in 52pojie.
                                                                                                                Best wishes!
2317909768 发表于 2015-9-26 15:50
苏紫方璇 发表于 2015-9-26 16:11
前排支持大牛,求翻译工具介绍
Cizel 发表于 2015-9-26 16:18

前排支持大牛,求翻译工具介绍
灰色 发表于 2015-9-26 16:21
前排占楼,看不懂
 楼主| Pizza 发表于 2015-9-26 16:45
@Apocalypse 强制注入是指什么
蚯蚓翔龙 发表于 2015-9-26 16:52
前排支持大牛 z
这个是有源码的吗,能不能弄成支持XP的,我系统打不开。。
黑龍 发表于 2015-9-26 17:07
后排支持大牛,求翻译工具介绍
 楼主| Pizza 发表于 2015-9-26 17:32
蚯蚓翔龙 发表于 2015-9-26 16:52
前排支持大牛 z
这个是有源码的吗,能不能弄成支持XP的,我系统打不开。。

源码中没有XP的驱动 编译了作用也不大
Apocalypse 发表于 2015-9-26 20:41
_BaZzi 发表于 2015-9-26 16:45
@Apocalypse 强制注入是指什么

如果 dll是32位的 同时支持64位 这个注入器会提示无法注入
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则 警告:本版块禁止灌水或回复与主题无关内容,违者重罚!

快速回复 收藏帖子 返回列表 搜索

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-3-29 17:56

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表