Osiris: dll injector

Created on 5 May 2020  路  10Comments  路  Source: danielkrupinski/Osiris

What injector do you guys use? At the moment, i use Process Hacker 2 but I dunno if it's a good injection method

picture bogdancstrike

All 10 comments

You can use either Extreme Injector or Xenos Injector (what I use).

I haven't used Process Hacker 2's injector but it might be ok.

SleekZ picture SleekZ on 5 May 2020

There are also a ton of others out there

SleekZ picture SleekZ on 5 May 2020

I highly recomend Daniel's Curium Injector (https://github.com/danielkrupinski/curiuminjector-csgo)
its very easy to use, the only thing, is you have to change the name of you .dll to "curium.dll" for it to work.
On the Cheater Fun website they have some injectors too, if you wanna check em out (https://cheater.fun/injectors/)

Vadenez picture Vadenez on 5 May 2020 
/*
Written by: SaEeD
Description: Injecting DLL to Target process using Process Id or Process name
*/
#include <iostream>
#include <string>
#include <ctype.h>
#include <Windows.h>
#include <tlhelp32.h>
#include <Shlwapi.h>
//Library needed by Linker to check file existance
#pragma comment(lib, "Shlwapi.lib")

using namespace std;

int getProcID(const string& p_name);
bool InjectDLL(const int &pid, const string &DLL_Path);
void usage();

int main(int argc, char ** argv)
{
    if (argc != 3)
    {
        usage();
        return EXIT_FAILURE;
    }
    if (PathFileExists(argv[2]) == FALSE)
    {
        cerr << "[!]DLL file does NOT exist!" << endl;
        return EXIT_FAILURE;
    }

    if (isdigit(argv[1][0]))
    {
        cout << "[+]Input Process ID: " << atoi(argv[1]) << endl;
        InjectDLL(atoi(argv[1]), argv[2]);
    }
    else {
        InjectDLL(getProcID(argv[1]), argv[2]);
    }


    return EXIT_SUCCESS;
}
//-----------------------------------------------------------
// Get Process ID by its name
//-----------------------------------------------------------
int getProcID(const string& p_name)
{
    HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    PROCESSENTRY32 structprocsnapshot = { 0 };

    structprocsnapshot.dwSize = sizeof(PROCESSENTRY32);

    if (snapshot == INVALID_HANDLE_VALUE)return 0;
    if (Process32First(snapshot, &structprocsnapshot) == FALSE)return 0;

    while (Process32Next(snapshot, &structprocsnapshot))
    {
        if (!strcmp(structprocsnapshot.szExeFile, p_name.c_str()))
        {
            CloseHandle(snapshot);
            cout << "[+]Process name is: " << p_name << "\n[+]Process ID: " << structprocsnapshot.th32ProcessID << endl;
            return structprocsnapshot.th32ProcessID;
        }
    }
    CloseHandle(snapshot);
    cerr << "[!]Unable to find Process ID" << endl;
    return 0;

}
//-----------------------------------------------------------
// Inject DLL to target process
//-----------------------------------------------------------
bool InjectDLL(const int &pid, const string &DLL_Path)
{
    long dll_size = DLL_Path.length() + 1;
    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);

    if (hProc == NULL)
    {
        cerr << "[!]Fail to open target process!" << endl;
        return false;
    }
    cout << "[+]Opening Target Process..." << endl;

    LPVOID MyAlloc = VirtualAllocEx(hProc, NULL, dll_size, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    if (MyAlloc == NULL)
    {
        cerr << "[!]Fail to allocate memory in Target Process." << endl;
        return false;
    }

    cout << "[+]Allocating memory in Targer Process." << endl;
    int IsWriteOK = WriteProcessMemory(hProc , MyAlloc, DLL_Path.c_str() , dll_size, 0);
    if (IsWriteOK == 0)
    {
        cerr << "[!]Fail to write in Target Process memory." << endl;
        return false;
    }
    cout << "[+]Creating Remote Thread in Target Process" << endl;

    DWORD dWord;
    LPTHREAD_START_ROUTINE addrLoadLibrary = (LPTHREAD_START_ROUTINE)GetProcAddress(LoadLibrary("kernel32"), "LoadLibraryA");
    HANDLE ThreadReturn = CreateRemoteThread(hProc, NULL, 0, addrLoadLibrary, MyAlloc, 0, &dWord);
    if (ThreadReturn == NULL)
    {
        cerr << "[!]Fail to create Remote Thread" << endl;
        return false;
    }

    if ((hProc != NULL) && (MyAlloc != NULL) && (IsWriteOK != ERROR_INVALID_HANDLE) && (ThreadReturn != NULL))
    {
        cout << "[+]DLL Successfully Injected :)" << endl;
        return true;
    }

    return false;
}
//-----------------------------------------------------------
// Usage help
//-----------------------------------------------------------
void usage()
{
    cout << "Usage: DLL_Injector.exe <Process name | Process ID> <DLL Path to Inject>" << endl;
}
0xE232FE picture 0xE232FE on 5 May 2020
👎1 👍1

@0xE232FE this causes VAC ban, if you don't use daniel's VAC bypass.

djsall picture djsall on 6 May 2020

you will get utrusted from xenos

bambusboy picture bambusboy on 10 May 2020
👍1

^^ This is true, from my use of Xenos.

Vadenez picture Vadenez on 11 May 2020

Not Osiris problem, close the issue.

hyperxpro picture hyperxpro on 12 May 2020

Seriously,Ive got VAC banned by Xenos and Curium. Untill now I still didnt find any good injector.
Help plzzzzzzzzzzzzzzz

Archifall picture Archifall on 30 May 2020

you can use daniel's Inflame injector or Process Hacker 2 neither of which are detected from my testing.

also when you are doing contractions use ' (left of the enter key) instead of ` (left of the 1 key) because markdown uses the tilde for formating.

xAkiraMiura picture xAkiraMiura on 30 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TauCSGO picture TauCSGO  路  3Comments
hvhdark picture hvhdark  路  3Comments
bruhmoment21 picture bruhmoment21  路  3Comments
HeiDaShuai666 picture HeiDaShuai666  路  3Comments
chovss picture chovss  路  4Comments