The InjectMappedFile injects MSL file into a Windows executable. Both files have to be mapped in memory before calling this function.
DWORD InjectFile(
LPVOID lpMappedFile, // pointer to executable to inject
PDWORD lpFileSize, // pointer to size of file to inject
LPVOID lpMappedMsl, // pointer to MSL to inject into executable
DWORD dwMslSize, // size of MSL file
LPVOID lpExtraData, // pointer to extra data
DWORD dwExtraDataSize, // size of extra data
DWORD dwFlags // injection options
);
Parameters
- lpMappedFile
- Points to executable data to inject. The file has to be mapped in memory (using MapViewOfFile or by other means).
- lpFileSize
- Points to a DWORD containing the size of data pointed to by lpMappedFile. After the function returns, the DWORD will contain the size of resulting injected file.
- lpMappedMsl
- Points to MSL data to inject into executable. The file has to be mapped in memory (using MapViewOfFile or by other means).
- dwMslSize
- Contains size of MSL file pointed by lpMappedMsl.
- lpExtraData
- Pointer to a memory location containing extra data, which should be included into resulting executable. The pointer
to extra data will be passed to BeforeHandlers and AfterHandlers functions in the STUB_CONFIGURATION structure. This
parameter can be NULL to indicate that no extra data should be included.
- dwExtraDataSize
- Determines the size of extra data. If lpExtraData is NULL, the dwExtraData parameter should be zero.
- dwFlags
- Set of bit flags that specify how the executable should be processed. To configure the behavior, use one or more of
the following values:
- INJECT_FLAG_DOIMPORTS
- tells the PE-inject stub to process import table of host application. If you do not specify this
flag, you will have to process them in BeforeHandlers or AfterHandlers.
- INJECT_FLAG_JUMPTOOEP
- this will save the entry point of host executable and jump to it, after all startup operations
finished. If you do not specify it, it won't be saved, you will have to save it manually and manually perform the jump
to entrypoint.
- INJECT_FLAG_HANDLERELOC
- enables relocation handling routines. If you do not specify this, you will have to handle
relocations manually.
- INJECT_FLAG_STRIPRELOCS
- this will strip away the relocations. This is possible only for EXE files, DLL's can't have the
relocatins stripped. If specified, it will reduce resulting executable size by a few kilobytes.
- INJECT_FLAG_COMPRESSDLL
- enables the compression of injected DLL file. It will reduce resulting executable size at the
cost of several miliseconds delay while unpacking the linked DLL everytime the host application is executed.
JCALG1 compression by Jeremy Collake is being used.
- INJECT_FLAG_BACKUPTLS
- this will make a backup of Tread Local Storage. It is recommended to keep this option enabled,
unless you know what you are doing :)
Return Values
If the function succeeds, the return value is a pointer to injected executable.
If the function fails, the return value is NULL.
Remarks
For MSL creation and management routines, see libMSL (
http://www.migeel.sk).
When you no longer need the buffer returned by InjectMappedFile, use InjectFree to free the occupied memory.
