Xenos Injector v2.0 – DLL Injector x86/x64

Xenos Injector v2.0 is a DLL Injector, which will insert into memory which ever dll game hack you have, for which ever game. The nice thing about using a DLL Injector, instead of a stand-alone game hack, is being able to inject it on demand, and even to alternative programs such as notepad, yet still have it change the memory offsets of a game you are running. ūüėČ

Xenos Injector v2.0 Features

  • Xenos Injector v2.0Supports x86 and x64 processes and modules
  • Kernel-mode injection feature (driver required)
  • Manual map of kernel drivers (driver required)
  • Injection of pure managed images without proxy dll
  • Windows 7 cross-session and cross-desktop injection
  • Injection into native processes (those having only ntdll loaded)
  • Calling custom initialization routine after injection
  • Unlinking module after injection
  • Injection using thread hijacking
  • Injection of x64 images into WOW64 process
  • Image manual mapping
  • Injection profiles

Manual map features:

  • Relocations, import, delayed import, bound import
  • Static TLS and TLS callbacks
  • Security cookie
  • Image manifests and SxS
  • Make module visible to GetModuleHandle, GetProcAddress, etc.
  • Support for exceptions in private memory under DEP
  • C++/CLI images are supported (use 'Add loader reference' in this case)

Kernel manual map features are mostly identical to user-mode with few exceptions:

  • No C++ exception handling support for x64 images (only SEH)
  • No static TLS
  • No native loader compatibility
  • Limited dependency path resolving. Only API set schema, SxS, target executable directory and system directory
  • Supported OS: Win7 - Win10 x64

Additional notes for Xenos Injector v2.0:

Xenos Injector v2.0 has 2 versions - x86 and x64. Apart from obvious features x86 version supports injection of x64 images into x64 processes; x64 injector supports injection of x86 and x64 images into WOW64 processes. However this is only valid for native images. If you want to inject pure managed dll - use same injector version as your target process is.

Injection of x64 images into WOW64 process is totally unpredictable. If you want to do this I would recommend to use manual mapping with manual imports option, because native loader is more buggy than my implementation in this case (especially in windows 7).

Xenos Injector v2.0 Restrictions:

  • You can't inject 32 bit image into x64 process
  • Use x86 version to manually map 32 bit images and x86 version to map 64 bit images
  • You can't manually map pure managed images, only native injection is supported for them
  • May not work properly on x86 OS versions
  • Kernel injection is only supported on x64 OSes and requires Driver Test signing mode.

Xenos Injector v2.0 Download

NOTE: Press  SKIP AD  at the top of the link, to get to the download page. We use adf.ly to mask all links and prevent bots from issuing automatic DMCA removal requests (and it works surprisingly well).


Xenos Injector v2.0 Overview

Process selection:
Existing - select existing process from the list
New - new process will be launched before injection
Manual launch - after pressing 'Inject' button, injector will wait for target process startup

List of images you want inject
Add - add new image to the list. Drag'n'drop is also supported
Remove - remove selected image
Clear - clear image list

Xenos Injector v2.0 Advanced options:

Injection type:
Native inject - common approach using LoadLibraryW \ LdrLoadDll in newly created or existing thread
Manual map - manual copying image data into target process memory without creating section object
Kernel(New thread) - kernel mode ZwCreateThreadEx into LdrLoadDll. Uses driver
Kernel(APC) - kernel mode APC into LdrLoadDll. Uses driver
Kernel(Manual map) - kernel manual mapping. Uses driver

Native Loader options:
Unlink module - after injection, unlink module from InLoadOrderModuleList, InMemoryOrderModuleList, InInitializationOrderModuleList, HashLinks and LdrpModuleBaseAddressIndex.
Erase PE - after injection, erase PE headers
Use existing thread - LoadLibrary and init routine will be executed in the context of random non-suspended thread.

Manual map options:
Add loader reference - Insert module record into InMemoryOrderModuleList/LdrpModuleBaseAddressIndex and HashLinks. Used to make module functions (e.g. GetModuleHandle, GetProcAddress) work with manually mapped image.
Manually resolve imports - Image import and delayed import dlls will be also manually mapped instead of being loaded using LdrLoadDll.
Wipe headers - Erase module header information after injection. Also affects manually mapped imports.
Ignore TLS - Don't process image static TLS data and call TLS callbacks.
No exception support - Don't create custom exception handlers that enable out-of-image exception support under DEP.
Conceal memory - Make image memory visible as PAGE_NO_ACESS to memory query functions

Command Line:
Process command line arguments

Init routine:
If you are injecting native (not pure IL) image, this is name of exported function that will be called after injection is done. This export is called as void ( __stdcall* )(wchar_t*) function.
If you are injecting pure managed image, this is name of public method that will be executed using ICLRRuntimeHost::ExecuteInDefaultAppDomain.

Init argument:
String that is passed into init routine

Close after injection:
Close injector after successful injection

Inject delay:
Delay before injection start

Inject interval:
Delay between each image

Xenos Injector v2.0 Menu options:

Profiles->Load - load injection profile
Profiles->Save - save current settings into profile

Tools->Eject modules - open module ejection dialog
Tools->Protect self - make injector process protected (driver required)

Command line options:
--load <profile_path> - start injector and load target profile specified by <profile_path>
--run <profile_path> - imeddiately execute profile specified by <profile_path> without GUI

Kernel injection methods require system running in Test mode.

Common problems with Xenos Injector v2.0:
1. Access denied

Failed to load BlackBone driver:
{Access Denied}
A process has requested access to an object, but has not been granted those access rights.

Solution: If you are using account with admin rights - run program as Administrator. If you are using restricted user account - enable UAC and then run as Administrator.

2. Injection failed with error code 0xC0000225

Injector failed to resolve one or more dll dependencies.

Solution: Make sure you have all required dlls and proper CRT libraries. In case of kernel manual mapping, dependencies should be placed near target process executable or in system32 (SysWOW64 for 32bit processes) folder.

If you found this Xenos Injector v2.0 helpful, please share this post with others, or leave a comment for the author, DarthTon. Credit also to _Mike@OC for his managed dll injection using AsmJit code, and Petr Kobalicek - AsmJit project.

Leave a Reply

Your email address will not be published. Required fields are marked *