/// <summary>
/// Obtains a pointer to the specified exported function.
/// </summary>
/// <param name="exportName">Name of the export.</param>
/// <returns></returns>
/// <exception cref="InjectionException">
/// Couldn't LoadLibrary into local thread to obtain export pointer!
/// or
/// Couldn't obtain function pointer for the specified export!
/// </exception>
public IntPtr GetExportPointer(string exportName)
{
// Fairly certain this method was first implemented by Cypher aka RaptorFactor, so kudos to him.
IntPtr exportPtr;
// Call LoadLibraryExW without resolving DLL references - if at all possible we don't want to run any remote code
// on "our" thread - all we need to do is resolve an export.
using (var lib = SafeLibraryHandle.LoadLibraryEx(Module.FileName, (uint)LoadLibraryExOptions.DontResolveDllReferences)
)
{
if (lib == null)
{
throw new InjectionException("Couldn't LoadLibrary into local thread to obtain export pointer!");
}
var funcPtr = UnsafeNativeMethods.GetProcAddress(lib.DangerousGetHandle(), exportName);
if (funcPtr == IntPtr.Zero)
{
throw new InjectionException("Couldn't obtain function pointer for the specified export!");
}
// abs - base = ptr
exportPtr = funcPtr - Module.BaseAddress.ToInt32();
}
return(exportPtr);
}
private InjectedModule InjectLibraryInternal(string libraryPath)
{
// It's hardly "injecting" when we're in-process, but for the sake of keeping the API uniform we'll go with it.
// All we have to do is call LoadLibrary on the local process and wrap it in an InjectedModule type.
var lib = SafeLibraryHandle.LoadLibraryEx(libraryPath);
if (lib == null)
{
throw new InjectionException("LoadLibrary failed in local process!");
}
var module = Process.GetCurrentProcess().Modules.Cast <ProcessModule>().FirstOrDefault(s => s.FileName == libraryPath);
if (module == null)
{
throw new InjectionException("The injected library couldn't be found in the Process' module list!");
}
return(new InjectedModule(module, _memory));
}
