SHARE
Lunar : A Lightweight Native DLL Mapping Library

Lunar is a lightweight native DLL mapping library that supports mapping directly from memory.

Features

  • Imports and delay imports are resolved
  • Relocations are performed
  • Image sections are mapped with the correct page protection
  • Exception handlers are initialised
  • A security cookie is generated and initialised
  • DLL entry point and TLS callbacks are called

Getting Started

The example below demonstrates a simple implementation of the library

var libraryMapper = new LibraryMapper(process, dllBytes);
// Map the DLL into the process
libraryMapper.MapLibrary();
// Unmap the DLL from the process
libraryMapper.UnmapLibrary();

Also Read – Sandcastle : A Python Script For AWS S3 Bucket Enumeration

Constructors

LibraryMapper(Process, Memory<byte>)

  • Provides the functionality to map a DLL from memory into a remote process

LibraryMapper(Process, string)

  • Provides the functionality to map a DLL from disk into a remote process.

Properties

DllBaseAddress

The base address of the DLL in the remote process after it has been mapped.

Methods

MapLibrary()

  • Maps the DLL into the remote process

UnmapLibrary()

  • Unmaps the DLL from the remote process

Caveats

  • Mapping requires the presence of a PDB for ntdll.dll, and, so, the library will automatically download the latest version of this PDB from the Microsoft symbol server and cache it in %appdata%/Lunar/Dependencies