Skip to content
/ GhostInjector Public

Stealthy DLL injector using thread hijacking and remote gadgets — no OpenProcess or CreateRemoteThread.

License

MIT license
5 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

woldann/GhostInjector

BranchesTags

Repository files navigation

GhostInjector

GhostInjector is a stealthy DLL injector that avoids traditional APIs like OpenProcess, CreateRemoteThread, or WriteProcessMemory. Instead, it uses thread hijacking combined with pre-existing gadgets in the target process to call LoadLibraryA. Powered by the woldann/NThread library.

Features

  • ❌ No OpenProcess
  • ❌ No CreateRemoteThread
  • ✅ Thread hijacking with LoadLibraryA call
  • ✅ Uses existing remote gadgets (e.g., malloc, memset, fread)
  • ✅ Injects DLL path using target’s own memory management functions
  • ✅ Highly stealthy — avoids common injection detection vectors

How It Works

  1. Identifies a thread in the target process (either specified directly or found by scanning).
  2. Finds the address of LoadLibraryA within the remote process.
  3. Allocates memory for the DLL path using msvcrt.dll!malloc inside the target.
  4. Writes the DLL path using existing functions like memset or fread.
  5. Hijacks the target thread to call LoadLibraryA with the injected DLL path.
  6. If a thread ID is provided, it attempts direct hijack. If it's a process ID, it enumerates threads and selects the first responsive one.

Usage

ghostinjector.exe <thread_id:DWORD or process_id:DWORD> <dll_path:string>

About

Stealthy DLL injector using thread hijacking and remote gadgets — no OpenProcess or CreateRemoteThread.

Topics

windows game-hacking silent dll-hijacking hacking-tools dllinjector injector-x64

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v1.0.2 Latest
May 28, 2025
+ 1 release

Languages