private static IntPtr WriteMachineCode(IntPtr processHandle, string clrVersion, string assemblyPath, string typeName, string methodName, string argument)
{
bool is64Bit;
byte[] machineCode;
IntPtr pEnvironment;
IntPtr pCorBindToRuntimeEx;
IntPtr pCLRCreateInstance;
if (!NativeProcess.Is64BitProcessInternal(processHandle, out is64Bit))
{
return(IntPtr.Zero);
}
machineCode = GetMachineCodeTemplate(clrVersion, assemblyPath, typeName, methodName, argument);
pEnvironment = NativeProcess.AllocMemoryInternal(processHandle, 0x1000 + (argument == null ? 0 : (uint)argument.Length * 2 + 2), MemoryProtection.ExecuteReadWrite);
if (pEnvironment == IntPtr.Zero)
{
return(IntPtr.Zero);
}
try
{
fixed(byte *p = machineCode)
{
switch (clrVersion)
{
case "v2.0.50727":
pCorBindToRuntimeEx = NativeModule.GetFunctionAddressInternal(processHandle, "mscoree.dll", "CorBindToRuntimeEx");
if (pCorBindToRuntimeEx == IntPtr.Zero)
{
return(IntPtr.Zero);
}
if (is64Bit)
{
SetMachineCode64v2(p, (ulong)pEnvironment, (ulong)pCorBindToRuntimeEx);
}
else
{
SetMachineCode32v2(p, (uint)pEnvironment, (uint)pCorBindToRuntimeEx);
}
break;
case "v4.0.30319":
pCLRCreateInstance = NativeModule.GetFunctionAddressInternal(processHandle, "mscoree.dll", "CLRCreateInstance");
if (pCLRCreateInstance == IntPtr.Zero)
{
return(IntPtr.Zero);
}
if (is64Bit)
{
SetMachineCode64v4(p, (ulong)pEnvironment, (ulong)pCLRCreateInstance);
}
else
{
SetMachineCode32v4(p, (uint)pEnvironment, (uint)pCLRCreateInstance);
}
break;
default:
return(IntPtr.Zero);
}
}
if (!NativeProcess.WriteBytesInternal(processHandle, pEnvironment, machineCode))
{
return(IntPtr.Zero);
}
}
catch {
NativeProcess.FreeMemoryInternal(processHandle, pEnvironment);
return(IntPtr.Zero);
}
return(pEnvironment);
}
private static void *WriteMachineCode(void *processHandle, InjectionClrVersion clrVersion, string assemblyPath, string typeName, string methodName, string argument)
{
bool is64Bit;
string clrVersionString;
byte[] machineCode;
void * pEnvironment;
void * pCorBindToRuntimeEx;
void * pCLRCreateInstance;
if (!NativeProcess.Is64BitProcessInternal(processHandle, out is64Bit))
{
return(null);
}
switch (clrVersion)
{
case InjectionClrVersion.V2:
clrVersionString = CLR_V2;
break;
case InjectionClrVersion.V4:
clrVersionString = CLR_V4;
break;
default:
throw new ArgumentOutOfRangeException(nameof(clrVersion));
}
machineCode = GetMachineCodeTemplate(clrVersionString, assemblyPath, typeName, methodName, argument);
pEnvironment = NativeProcess.AllocMemoryInternal(processHandle, 0x1000 + (argument is null ? 0 : (uint)argument.Length * 2 + 2), MemoryProtection.ExecuteReadWrite);
if (pEnvironment is null)
{
return(null);
}
try
{
fixed(byte *p = machineCode)
switch (clrVersion)
{
case InjectionClrVersion.V2:
pCorBindToRuntimeEx = NativeModule.GetFunctionAddressInternal(processHandle, "mscoree.dll", "CorBindToRuntimeEx");
if (pCorBindToRuntimeEx is null)
{
return(null);
}
if (is64Bit)
{
WriteMachineCode64v2(p, (ulong)pEnvironment, (ulong)pCorBindToRuntimeEx);
}
else
{
WriteMachineCode32v2(p, (uint)pEnvironment, (uint)pCorBindToRuntimeEx);
}
break;
case InjectionClrVersion.V4:
pCLRCreateInstance = NativeModule.GetFunctionAddressInternal(processHandle, "mscoree.dll", "CLRCreateInstance");
if (pCLRCreateInstance is null)
{
return(null);
}
if (is64Bit)
{
WriteMachineCode64v4(p, (ulong)pEnvironment, (ulong)pCLRCreateInstance);
}
else
{
WriteMachineCode32v4(p, (uint)pEnvironment, (uint)pCLRCreateInstance);
}
break;
}
if (!NativeProcess.WriteBytesInternal(processHandle, pEnvironment, machineCode))
{
return(null);
}
}
catch {
NativeProcess.FreeMemoryInternal(processHandle, pEnvironment);
return(null);
}
return(pEnvironment);
}
/// <summary>
/// 构造器
/// </summary>
/// <param name="process">Win32进程</param>
/// <param name="handle">模块句柄</param>
public NativeModule(NativeProcess process, IntPtr handle) : this(process, (void *)handle)
{
}