IDA Inject plugin
This plugin allows you to inject dlls into a debugged process, either prior to process creation or when the debugger is attached. This plugin allows you to inject dlls into a debugged process, either prior to process creation or when the debugger is attached. The injected dll can then do some fancy stuff inside the debugged process. The injected dll can then do some fancy stuff inside the debugged process.
To realize dll injection before process creation, new import descriptors are added to the image import directory of the debuggee, whereas injection into an already running process is realized via shellcode injection, which in turn loads the dll in question. To realize dll injection before process creation, new import descriptors are added to the image import directory of the debuggee, whereas injection into an already running process is realized via shellcode injection, which in turn loads the dll in question.
In either case, a full path to the dll can be supplied, so it is not necessary for the dll to be in the search path. In either case, a full path to the dll can be supplied, so it is not necessary for the dll to be in the search path.
To get more info on how this works you can read my blog post or consult the accompanying source code. To get more info on how this works you can read my blog post or consult the accompanying source code.
Usage
The plugin comes with a GUI which lets you easily add dlls to be injected prior to process creation or after the debugger has been attached. The plugin comes with a GUI which lets you easily add dlls to be injected prior to process creation or after the debugger has been attached. The configuration is written to %IDA_DIR%\cfg\IDAInject.cfg, so this location must be writable by the current user for the plugin to work properly. The configuration is written to% IDA_DIR% \ cfg \ IDAInject.cfg, so this location must be writable by the current user for the plugin to work properly.
You can also control the load order of the dlls. You can also control the load order of the dlls.
Note that the dlls to be injected have to export one function with ordinal 1. Note that the dlls to be injected have to export one function with ordinal 1. This is because the FirstThunk and OriginalFirstThunk arrays must not be empty. This is because the FirstThunk and OriginalFirstThunk arrays must not be empty.
If you find bugs or have suggestions for improvement just drop me a mail . If you find bugs or have suggestions for improvement just drop me a mail.
Changelog
06/28/2008 - v1.1 06/28/2008 - v1.1
Bugfix: The dll failed to inject on process start if it wasn't in the search path Bugfix: The dll failed to inject on process start if it wasn't in the search path
05/19/2008 - v1.0 05/19/2008 - v1.0
