injectdll v1.01 - dll injection tool
copyright (c) bytepointer.com 2007-2015
syntax:
injectdll [options] <dllpath>
<dllpath> is the full pathname to the DLL being injected, ejected or invoked.
[options]:
/pid:<#> - target is a currently running process specified by
the process identifier (0 for this process).
/pn:<name> - target is a currently running process specified by
the process' module name (e.g. iexplore.exe).
/launch:<cmdline> - ** target is a new process to be launched using the
specified command line by this utility.
/inject - inject the DLL VIA CreateRemoteThread/LoadLibrary;
may be used alone or in combination with /eject
/eject - eject the DLL VIA CreateRemoteThread/FreeLibrary;
may be used alone or in combination with /inject
/invoke:<name> - **** invoke a ThreadProc-compatible function in existing
DLL loaded into target process.
/invokeparam:<#> - specify custom DWORD value to function to be invoked
by /invoke (default=0).
/injectdelay:<#> - ** impose msec delay before injection with /inject.
/ejectdelay:<#> - impose msec delay before ejection with /eject.
/invokedelay:<#> - impose msec delay before function specified by /invoke
is executed.
/maxwaitstart:<#> - max time to wait for remote thread to start.
applies to /inject, /eject, and /invoke (default=INFINITE).
/maxwaitret:<#> - max time to wait for remote thread to return.
applies to /inject, /eject, and /invoke (default=INFINITE).
/nopathcheck - skip the check to verify DLL exists before job runs.
only applicable with /invoke.
/elevate - elevate this utility to SE_DEBUG_NAME privelege prior to job.
useful for system process targets or when denied access.
/unicode - use LoadLibraryW instead of LoadLibraryA (applies to /inject).
** When the /launch switch is used, a process is started by default in
suspended mode, followed by injection, then resumed when /inject is
specified. To override this behavior, use /injectdelay and the process
will not be started suspended and the specified delay will commence
prior to injection.
*** When using /inject, the full path to the DLL should generally be used
because a relative DLL path in the target process might not resolve
as intended because the current directory will likely not be the current
directory of this utility. Use /nopathcheck to skip path checks if a
relative path is desired.
When using /eject by itself (without /inject), the path to the DLL is not
required as you may instead use the name of the DLL with or without
the extension.
**** The /invoke flag may be used alone, although generally paired with
/inject. When paired with /inject, the invocation if specified function
name occurs after injection has taken place. Function must have stdcall
calling convention, return 32 bits and take 32 bits as an argument, just
like the THREADPROC as defined in Win32 documentation.
NOTES: Take care when using /launch and /eject without specifying /ejectdelay.
DLLs usually aren't loaded in a new process immediately after it is
launched.