The GH Injector is the Best DLL Injector ever made 
Injection Methods:
Requirements
Windows 10 1809 or above
Description
Since GH Injector V3.0 the actual injector has been converted in to a library
To use it in your applications you can either use InjectA (ansi) or InjectW (unicode) which are the two functions exported by the "GH Injector - x86.dll" and "GH Injector - x64.dll".
These functions take a pointer to a INJECTIONDATAA/INJECTIONDATAW structure. For more the struct definition / enums / flags check "Injection.h".
How To Use GH DLL Injector & Source Code Review:
Frequently Asked Questions & Known Issues
GH Injector is detected by antivirus as malware, but it is not malware. It's 100% clean and safe to use. These are called false positives. It uses functions commonly used by malware and it uses a AutoIt GUI, antiviruses using heuristics will classify this as malware, but it is not.
DO NOT USE ADVANCED SETTINGS IF YOU ARE A NEWB - YOU WILL ONLY SCREW IT UP
Anything below Windows 10 1809 is not compatible
0.05% of DLLs are not compatible with GH Injector, we don't know why. If GH Injector fails you, try: Download - Extreme Injector v3.6.1 Download
If you have problem with opening the GH injector:
You cannot eject a DLL with FreeLibraryAndExitThread() if you used special options such as ManualMap and others
If the GUI disappears and you can't find it, delete the "GH Injector Config.ini" or reset MAINGUIX & MAINGUIY to 0 in the ini file and re-open it.
GH DLL Injector Error Codes
If injection fails it gives you 2 error codes and it may also log the errors. Read the log file. To debug the problem all you need to do is read the error numbers, they are posted below.
If you can't solve the injection problem with this guide, it is possible that your DLL is not compatible with GH Injector. Our injector has a problem with 0.5% of DLLs, should be fixed in the next release hopefully. In the case, use Download - Extreme Injector v3.6.1 Download
Injection Error
Start Routine Errors
File Errors
SWHEX Errors
Injection Methods:
- LoadLibrary
- LdrLoadDll Stub
- Manual Mapping
- NtCreateThreadEx
- Thread Hijacking
- SetWindowsHookEx
- QueueUserAPC
The zip password is "guidedhacking"
Download the GH injector via the "Download" link on the top right of the page, you must login first.
GH Injector is only compatible with Windows 10 latest version, if your version is less than 1809 it will not work
USE DEFAULT SETTINGS. DO NOT USE ADVANCED SETTINGS AND THEN ASK US WHY IT DOESN'T WORK IF YOU HAVE NO IDEA WHAT YOU'RE DOING
Requirements
Windows 10 1809 or above
Description
- Compatible with both 32-bit and 64-bit programs
- Settings of the GUI are saved to a local ini file
- Processes can be selected by name or process ID and by the fancy process picker.
Since GH Injector V3.0 the actual injector has been converted in to a library
To use it in your applications you can either use InjectA (ansi) or InjectW (unicode) which are the two functions exported by the "GH Injector - x86.dll" and "GH Injector - x64.dll".
These functions take a pointer to a INJECTIONDATAA/INJECTIONDATAW structure. For more the struct definition / enums / flags check "Injection.h".
How To Use GH DLL Injector & Source Code Review:
Frequently Asked Questions & Known Issues
GH Injector is detected by antivirus as malware, but it is not malware. It's 100% clean and safe to use. These are called false positives. It uses functions commonly used by malware and it uses a AutoIt GUI, antiviruses using heuristics will classify this as malware, but it is not.
DO NOT USE ADVANCED SETTINGS IF YOU ARE A NEWB - YOU WILL ONLY SCREW IT UP
Anything below Windows 10 1809 is not compatible
0.05% of DLLs are not compatible with GH Injector, we don't know why. If GH Injector fails you, try: Download - Extreme Injector v3.6.1 Download
If you have problem with opening the GH injector:
- Check antivirus logs
- Turn off your antivirus
- Turn off Safe Browsing & other features in your browser
- Create a folder for the injector and other hacking tools
- Add this folder as an exception in your antivirus
- Antivirus often have multiple modules, add an exception in all of them
- Download it again
You cannot eject a DLL with FreeLibraryAndExitThread() if you used special options such as ManualMap and others
If the GUI disappears and you can't find it, delete the "GH Injector Config.ini" or reset MAINGUIX & MAINGUIY to 0 in the ini file and re-open it.
GH DLL Injector Error Codes
If injection fails it gives you 2 error codes and it may also log the errors. Read the log file. To debug the problem all you need to do is read the error numbers, they are posted below.
If you can't solve the injection problem with this guide, it is possible that your DLL is not compatible with GH Injector. Our injector has a problem with 0.5% of DLLs, should be fixed in the next release hopefully. In the case, use Download - Extreme Injector v3.6.1 Download
Injection Error
C++:
#define INJ_ERR_INVALID_PROC_HANDLE 0x00000001 //GetHandleInformation : win32 error
#define INJ_ERR_FILE_DOESNT_EXIST 0x00000002 //GetFileAttributesW : win32 error
#define INJ_ERR_OUT_OF_MEMORY_EXT 0x00000003 //VirtualAllocEx : win32 error
#define INJ_ERR_OUT_OF_MEMORY_INT 0x00000004 //VirtualAlloc : win32 error
#define INJ_ERR_IMAGE_CANT_RELOC 0x00000005 //internal error : base relocation directory empty
#define INJ_ERR_LDRLOADDLL_MISSING 0x00000006 //GetProcAddressEx : can't find pointer to LdrLoadDll
#define INJ_ERR_REMOTEFUNC_MISSING 0x00000007 //LoadFunctionPointer : can't find remote function
#define INJ_ERR_CANT_FIND_MOD_PEB 0x00000008 //internal error : module not linked to PEB
#define INJ_ERR_WPM_FAIL 0x00000009 //WriteProcessMemory : win32 error
#define INJ_ERR_CANT_ACCESS_PEB 0x0000000A //ReadProcessMemory : win32 error
#define INJ_ERR_CANT_ACCESS_PEB_LDR 0x0000000B //ReadProcessMemory : win32 error
#define INJ_ERR_VPE_FAIL 0x0000000C //VirtualProtectEx : win32 error
#define INJ_ERR_CANT_ALLOC_MEM 0x0000000D //VirtualAllocEx : win32 error
#define INJ_ERR_CT32S_FAIL 0x0000000E //CreateToolhelp32Snapshot : win32 error
#define INJ_ERR_RPM_FAIL 0x0000000F //ReadProcessMemory : win32 error
#define INJ_ERR_INVALID_PID 0x00000010 //internal error : process id is 0
#define INJ_ERR_INVALID_FILEPATH 0x00000011 //internal error : INJECTIONDATA::szDllPath is nullptr
#define INJ_ERR_CANT_OPEN_PROCESS 0x00000012 //OpenProcess : win32 error
#define INJ_ERR_PLATFORM_MISMATCH 0x00000013 //internal error : file error (0x20000001 - 0x20000003, check below)
#define INJ_ERR_NO_HANDLES 0x00000014 //internal error : no process handle to hijack
#define INJ_ERR_HIJACK_NO_NATIVE_HANDLE 0x00000015 //internal error : no compatible process handle to hijack
#define INJ_ERR_HIJACK_INJ_FAILED 0x00000016 //internal error : injecting injection module into handle owner process failed, additional errolog(s) created
#define INJ_ERR_HIJACK_CANT_ALLOC 0x00000017 //VirtualAllocEx : win32 error
#define INJ_ERR_HIJACK_CANT_WPM 0x00000018 //WriteProcessMemory : win32 error
#define INJ_ERR_HIJACK_INJMOD_MISSING 0x00000019 //internal error : can't find remote injection module
#define INJ_ERR_HIJACK_INJECTW_MISSING 0x0000001A //internal error : can't find remote injection function
#define INJ_ERR_GET_MODULE_HANDLE_FAIL 0x0000001B //GetModuleHandleA : win32 error
#define INJ_ERR_OUT_OF_MEMORY_NEW 0x0000001C //operator new : internal memory allocation failed
#define INJ_ERR_REMOTE_CODE_FAILED 0x0000001D //internal error : the remote code wasn't able to load the module
C++:
///////////////////
///NtCreateThreadEx
//Source : error description
#define SR_NTCTE_ERR_NTCTE_MISSING 0x10100001 //GetProcAddress : win32 error
#define SR_NTCTE_ERR_CANT_ALLOC_MEM 0x10100002 //VirtualAllocEx : win32 error
#define SR_NTCTE_ERR_WPM_FAIL 0x10100003 //WriteProcessMemory : win32 error
#define SR_NTCTE_ERR_NTCTE_FAIL 0x10100004 //NtCreateThreadEx : NTSTATUS
#define SR_NTCTE_ERR_GET_CONTEXT_FAIL 0x10100005 //(Wow64)GetThreadContext : win32 error
#define SR_NTCTE_ERR_SET_CONTEXT_FAIL 0x10100006 //(Wow64)SetThreadContext : win32 error
#define SR_NTCTE_ERR_RESUME_FAIL 0x10100007 //ResumeThread : win32 error
#define SR_NTCTE_ERR_RPM_FAIL 0x10100008 //ReadProcessMemory : win32 error
#define SR_NTCTE_ERR_TIMEOUT 0x10100009 //WaitForSingleObject : win32 error
#define SR_NTCTE_ERR_GECT_FAIL 0x1010000A //GetExitCodeThread : win32 error
#define SR_NTCTE_ERR_GET_MODULE_HANDLE_FAIL 0x1010000B //GetModuleHandle : win32 error
///////////////
///HijackThread
//Source : error description
#define SR_HT_ERR_PROC_INFO_FAIL 0x10200001 //internal error : can't grab process information
#define SR_HT_ERR_NO_THREADS 0x10200002 //internal error : no thread to hijack
#define SR_HT_ERR_OPEN_THREAD_FAIL 0x10200003 //OpenThread : win32 error
#define SR_HT_ERR_CANT_ALLOC_MEM 0x10200004 //VirtualAllocEx : win32 error
#define SR_HT_ERR_SUSPEND_FAIL 0x10200005 //SuspendThread : win32 error
#define SR_HT_ERR_GET_CONTEXT_FAIL 0x10200006 //(Wow64)GetThreadContext : win32 error
#define SR_HT_ERR_WPM_FAIL 0x10200007 //WriteProcessMemory : win32 error
#define SR_HT_ERR_SET_CONTEXT_FAIL 0x10200008 //(Wow64)SetThreadContext : win32 error
#define SR_HT_ERR_RESUME_FAIL 0x10200009 //ResumeThread : win32 error
#define SR_HT_ERR_TIMEOUT 0x1020000A //internal error : execution time exceeded SR_REMOTE_TIMEOUT
////////////////////
///SetWindowsHookEx
//Source : error description
#define SR_SWHEX_ERR_CANT_QUERY_INFO_PATH 0x10300001 //internal error : can't resolve own module filepath
#define SR_SWHEX_ERR_CANT_OPEN_INFO_TXT 0x10300002 //internal error : can't open swhex info file
#define SR_SWHEX_ERR_VAE_FAIL 0x10300003 //VirtualAllocEx : win32 error
#define SR_SWHEX_ERR_CNHEX_MISSING 0x10300004 //GetProcAddressEx : can't find pointer to CallNextHookEx
#define SR_SWHEX_ERR_WPM_FAIL 0x10300005 //WriteProcessMemory : win32 error
#define SR_SWHEX_ERR_WTSQUERY_FAIL 0x10300006 //WTSQueryUserToken : win32 error
#define SR_SWHEX_ERR_DUP_TOKEN_FAIL 0x10300007 //DuplicateTokenEx : win32 error
#define SR_SWHEX_ERR_GET_ADMIN_TOKEN_FAIL 0x10300008 //GetTokenInformation : win32 error
#define SR_SWHEX_ERR_CANT_CREATE_PROCESS 0x10300009 //CreateProcessAsUserW : win32 error
//CreateProcessW
#define SR_SWHEX_ERR_SWHEX_TIMEOUT 0x1030000A //WaitForSingleObject : win32 error
#define SR_SWHEX_ERR_REMOTE_TIMEOUT 0x1030000B //internal error : execution time exceeded SR_REMOTE_TIMEOUT
///////////////
///QueueUserAPC
//Source : error description
#define SR_QUAPC_ERR_RTLQAW64_MISSING 0x10400001 //GetProcAddress : win32 error
#define SR_QUAPC_ERR_CANT_ALLOC_MEM 0x10400001 //VirtualAllocEx : win32 error
#define SR_QUAPC_ERR_WPM_FAIL 0x10400002 //WriteProcessMemory : win32 error
#define SR_QUAPC_ERR_TH32_FAIL 0x10400003 //CreateToolhelp32Snapshot : win32 error
#define SR_QUAPC_ERR_T32FIRST_FAIL 0x10400004 //Thread32First : win32 error
#define SR_QUAPC_ERR_NO_APC_THREAD 0x10400005 //QueueUserAPC : win32 error
#define SR_QUAPC_ERR_TIMEOUT 0x10400006 //internal error : execution time exceeded SR_REMOTE_TIMEOUT
#define SR_QUAPC_ERR_GET_MODULE_HANDLE_FAIL 0x10100007 //GetModuleHandle : win32 error
C++:
//File errors:
#define FILE_ERR_SUCCESS 0x00000000
//Source : error description
#define FILE_ERR_CANT_OPEN_FILE 0x20000001 //std::ifstream::good : openening the file failed
#define FILE_ERR_INVALID_FILE_SIZE 0x20000002 //internal error : file isn't a valid PE
#define FILE_ERR_INVALID_FILE 0x20000003 //internal error : PE isn't compatible with the injection settings
C++:
//SWHEX - XX.exe errors:
#define SWHEX_ERR_SUCCESS 0x00000000
//Source : error description
#define SWHEX_ERR_INVALID_PATH 0x30000001 //StringCchLengthW : path exceeds MAX_PATH * 2 chars
#define SWHEX_ERR_CANT_OPEN_FILE 0x30000002 //std::ifstream::good : openening the file failed
#define SWHEX_ERR_EMPTY_FILE 0x30000003 //internal error : file is empty
#define SWHEX_ERR_INVALID_INFO 0x30000004 //internal error : provided info is wrong / invalid
#define SWHEX_ERR_ENUM_WINDOWS_FAIL 0x30000005 //EnumWindows : API fail
#define SWHEX_ERR_NO_WINDOWS 0x30000006 //internal error : no compatible window found[/CODE
[B]How to Build from Source[/B]
Compile "GH Injector Library\GH Injector Library.sln" with these steps:
[LIST=1]
[*]Open the project
[*]Click "Build" in the menubar
[*]Click "Batch Build"
[*]Tick all 4 release builds (Configuration = Release)
[*]Click "Build"
[*]Done
[/LIST]
Install AutoIt - It is Required to compile GUI - [URL='https://www.autoitscript.com/site/autoit/downloads/']AutoIt Downloads - AutoIt[/URL]
Run CompileAndMerge.bat
It will compile the AutoIt files and merge all the required files into "GH Injector".
To run the GH Injector simply open "GH Injector\GH Injector.exe".
[B]What is a DLL Injector?[/B]
In computer programming, DLL injection is a technique used for running code within the address space of another process by forcing it to load a dynamic-link library. DLL injection is often used by external programs to influence the behavior of another program in a way its authors did not anticipate or intend. For example, the injected code could hook system function calls, or read the contents of password textboxes, which cannot be done the usual way. A program used to inject arbitrary code into arbitrary processes is called a DLL [URL='https://guidedhacking.com/resources/guided-hacking-dll-injector.4/']injector[/URL].
If you're making an internal hack you must use a DLL injector to inject it.
[B]Credits[/B]
For the Manual Mapping a lot of credits go to [URL='https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/']Joachim Bauch[/URL]. I highly recommend you to go there and take a look if you're interested in Manual Mapping and the PE format itself.
The windows structures I use for the unlinking process are mostly inspired by [URL='https://sandsprite.com/CodeStuff/Understanding_the_Peb_Loader_Data_List.html']this site[/URL] which is also a very interesting read.
I also want to credit Anton Bruckner and Dmitri Shostakovich because most of the time coding this I listened to their fantastic music which is probably one of the reasons why this took me way too long.
Last but not least credits go to Rake's mom for keeping me motivated during hard times (no pun intended).
Also checkout the loader made by Traxin which utilized the GH Injector:[URL='https://guidedhacking.com/showthread.php?9803-GHLoader-v2-0-(Source-Included)'] Release - GHLoader v2.0 (Source Included)[/URL]
