Lunar is a lightweight native DLL mapping library that supports mapping directly from memory.
- Imports and delay imports are resolved
- Relocations are performed
- Image sections are mapped with the correct page protection
- Exception handlers are initialised
- A security cookie is generated and initialised
- DLL entry point and TLS callbacks are called
The example below demonstrates a simple implementation of the library
var libraryMapper = new LibraryMapper(process, dllBytes);
// Map the DLL into the process
// Unmap the DLL from the process
- Provides the functionality to map a DLL from memory into a remote process
- Provides the functionality to map a DLL from disk into a remote process.
The base address of the DLL in the remote process after it has been mapped.
- Maps the DLL into the remote process
- Unmaps the DLL from the remote process
- Mapping requires the presence of a PDB for ntdll.dll, and, so, the library will automatically download the latest version of this PDB from the Microsoft symbol server and cache it in %appdata%/Lunar/Dependencies