Maybe some theorie first, so everybody can understand it:
There's a Windows Function called LoadLibrary, which allows you to inject Dynamic Linked Librarys (.dlls) into a target Process, so you can let a specific process run your own code without having access to the source code. Also you can hook, rewrite and call functions...
Since LoadLibrary is a WindowsAPI Function every Process could hook this function. So basicly what Anti-Cheat Systems do here is:
IF LoadLibrary is called they check into which process it is loaded, if it is loaded into the Process the Anticheat tries to prevent from beeing injected, it bans you.
ManualMapping is a way to Inject Librarys without calling LoadLibary. Since the Anticheat doesn't exactly know which process/function is doing the injecting part, it cannot be hooked...
ManualMapping was developed by a talented individual called Darawk to prevent Warden from detecting his DLL's in Diablo2
Is it still detectable:
YES the original method is detectable by taking a look @image_sections_table.
But you can prevent your dll from beeing detected by not sending the PE-Header for example...
Basically the Steps to inject your dll undetectable are:
1. Allocate space for the module in the remote process
2. fix imports
3. fix relocs
4. Map the sections into the remote process
5. call entry point of your DLL
Here is some code I threw together really quickly (still sending the PE-HEader and such stuff):
It does Inject a basic library without any problems, but there's a problem with the imports/relocs... So you cannot inject a DirectX dll... I don't know what I'm doing wrong... I tested it using this dll included in this post (test_module.dll (it shows a messageBox saying Injected if the dll was injected successfully).
Personally I think it would be a great thing if you posted the video, it would help a lot of people, who cares about your accent, as long as its understandable, it doesn't matter. Your doing this to help people out, so if they dont listen to it, its their loss.