D
DioProcess

DLL Injection

DioProcess provides 7 different DLL injection methods, each with unique characteristics and evasion capabilities.

Security Research Only

DLL injection techniques should only be used for authorized security research, malware analysis, and testing on systems you own or have permission to test.

Available Methods

Each method is implemented in its own file under crates/misc/src/injection/

1. LoadLibrary

Classic

The classic injection method using CreateRemoteThread + WriteProcessMemory + LoadLibraryW.

File: loadlibrary.rs
Function: inject_dll()

2. Thread Hijack

Stealthy

Suspend an existing thread, alter its RIP/PC to point to shellcode, then resume. No new thread creation required.

File: thread_hijack.rs
Function: inject_dll_thread_hijack()

3. APC Queue

Alertable Wait

Queue an APC (Asynchronous Procedure Call) with LoadLibraryW on all threads. Fires when a thread enters an alertable wait state.

File: apc_queue.rs
Function: inject_dll_apc_queue()

4. EarlyBird

Guaranteed Execution

Create a suspended remote thread, queue an APC before the thread runs. APC fires during LdrInitializeThunk, guaranteeing execution.

File: earlybird.rs
Function: inject_dll_earlybird()

5. Remote Mapping

No VirtualAllocEx

Use CreateFileMappingW + MapViewOfFile locally, then NtMapViewOfSection remotely. Avoids VirtualAllocEx/WriteProcessMemory entirely.

File: remote_mapping.rs
Function: inject_dll_remote_mapping()

6. Function Stomping

No New Memory

Overwrite a sacrificial function (default: setupapi.dll!SetupScanFileQueueA) in the remote process with LoadLibraryW shellcode. Avoids new executable memory allocation.

File: function_stomping.rs
Function: inject_dll_function_stomping()

7. Manual Mapping

Advanced

Full PE parsing, section mapping, import resolution, per-section memory protections,FlushInstructionCache, and call DllMain. No LoadLibrary call — DLL won't appear in module lists.

File: manual_map.rs
Function: inject_dll_manual_map()
Features:
  • • PE header parsing (DOS → NT → Section Headers)
  • • Section-by-section memory mapping
  • • Import resolution with LoadLibraryA fallback
  • • Per-section protections (PAGE_EXECUTE_READ for .text, PAGE_READWRITE for .data)
  • • Base relocation processing

Usage

Access DLL injection via the UI:

  1. Right-click on a process in the Process tab
  2. Navigate to Miscellaneous → DLL Injection
  3. Select the injection method
  4. Browse for the DLL file to inject
  5. Click Inject

Method Comparison

MethodNew ThreadVirtualAllocExIn Module List
LoadLibraryYesYesYes
Thread HijackNoYesYes
APC QueueNoYesYes
EarlyBirdYesYesYes
Remote MappingYesNoYes
Function StompingYesNoYes
Manual MappingYesYesNo