Some option explanations:
Injection type:
Native inject - common approach using LoadLibraryW LdrLoadDll in newly created or existing thread
Manual map - manual copying image data into target process memory without creating section object
Kernel(New thread) - kernel mode CreateThread into LdrLoadDll. Uses driver
Kernel(APC) - kernel mode APC into LdrLoadDll. Uses driver
Kernel driver manual map - manual mapping of the driver into system space
Process selection:
Either select existing non-protected process or select executable (by pressing 'New' button) that would be launched before injecting into it.
Command Line:
Process arguments
Image:
Full-qualified path to image you want inject. Drag'n'drop is also supported.
Init routine:
If you are injecting native (not pure IL) image, this is name of exported function that will be called after injection is done. This export is called as void ( __stdcall* )(wchar_t*) function.
If you are injecting pure managed image, this is name of public method that will be executed using ICLRRuntimeHost::ExecuteInDefaultAppDomain.
Init argument:
String that is passed into init routine
Close after injection:
Close injector after successful injection
Native Loader options:
Unlink module - after injection, unlink module from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, HashLinks and LdrpModuleBaseAddressIndex.
Context thread:
New thread - LoadLibrary and init routine will be executed in new thread.
Any other selection - LoadLibrary and init routine will be executed in the context of selected thread.
Manual map options:
Add loader reference - Insert module record into InMemoryOrderModuleList/LdrpModuleBaseAddressIndex and HashLinks. Used to make module functions (e.g. GetModuleHandle, GetProcAddress) work with manually mapped image.
Manually resolve imports - Image import and delayed import dlls will be also manually mapped instead of being loaded using LdrLoadDll.
Wipe headers - Erase module header information after injection. Also affects manually mapped imports.
Ignore TLS - Don't process image static TLS data and call TLS callbacks.
No exception support - Don't create custom exception handlers that enable out-of-image exception support under DEP.
Conceal memory - Make image memory visible as PAGE_NO_ACESS to memory query functions
Kernel injection methods require system running in Test mode.
Some option explanations:Injection type: Native inject - common approach using LoadLibraryW LdrLoadDll in newly created or existing thread Manual map - manual copying image data into target process memory without creating section object Kernel(New thread) - kernel mode CreateThread into LdrLoadDll. Uses driver Kernel(APC) - kernel mode APC into LdrLoadDll. Uses driver Kernel driver manual map - manual mapping of the driver into system space Process selection: Either select existing non-protected process or select executable (by pressing 'New' button) that would be launched before injecting into it. Command Line: Process argumentsImage: Full-qualified path to image you want inject. Drag'n'drop is also supported. Init routine: If you are injecting native (not pure IL) image, this is name of exported function that will be called after injection is done. This export is called as void ( __stdcall* )(wchar_t*) function. If you are injecting pure managed image, this is name of public method that will be executed using ICLRRuntimeHost::ExecuteInDefaultAppDomain.Init argument: String that is passed into init routineClose after injection: Close injector after successful injection Native Loader options: Unlink module - after injection, unlink module from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, HashLinks and LdrpModuleBaseAddressIndex. Context thread: New thread - LoadLibrary and init routine will be executed in new thread. Any other selection - LoadLibrary and init routine will be executed in the context of selected thread. Manual map options: Add loader reference - Insert module record into InMemoryOrderModuleList/LdrpModuleBaseAddressIndex and HashLinks. Used to make module functions (e.g. GetModuleHandle, GetProcAddress) work with manually mapped image. Manually resolve imports - Image import and delayed import dlls will be also manually mapped instead of being loaded using LdrLoadDll. Wipe headers - Erase module header information after injection. Also affects manually mapped imports. Ignore TLS - Don't process image static TLS data and call TLS callbacks. No exception support - Don't create custom exception handlers that enable out-of-image exception support under DEP. Conceal memory - Make image memory visible as PAGE_NO_ACESS to memory query functionsKernel injection methods require system running in Test mode.
การแปล กรุณารอสักครู่..