private static void Main(string[] args)
{
Process notepadpp = Process.GetProcessesByName("notepad++").FirstOrDefault();
if (notepadpp == null)
{
// The process we are injecting into.
notepadpp = Process.Start("notepad++");
notepadpp.WaitForInputIdle();
}
GameSharpProcess gameSharp = new GameSharpProcess(notepadpp);
if (gameSharp == null)
{
throw new Exception("Process not found.");
}
string pathToDll = Path.Combine(Environment.CurrentDirectory, "GameSharp.Notepadpp.dll");
// My remote thread injector, you can replace this with any injector.
IInjection injector = new RemoteThreadInjection(gameSharp);
injector.InjectAndExecute(new Injectable(pathToDll, "Main"), attach: true, launchConsole: true);
}
protected override Delegate ToCallDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
IMemoryModule kernel32 = process.Modules["kernel32.dll"];
IMemoryAddress IsDebuggerPresentPtr = kernel32.GetProcAddress("IsDebuggerPresent");
return(IsDebuggerPresentPtr.ToDelegate <IsDebuggerPresentDelegate>());
}
protected override Delegate InitializeDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer ntdll = process.Modules["ntdll.dll"];
IMemoryPointer ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess");
return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>());
}
public static void SafeAttach(GameSharpProcess process)
{
DebugHelper debugHelper = new DebugHelper(process);
debugHelper.ValidateDbgBreakPoint();
debugHelper.AttachManagedDebugger();
debugHelper.HideDebugger();
debugHelper.DisposeOfPatches();
}
protected override Delegate ToCallDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
IMemoryModule user32dll = process.Modules["user32.dll"];
IMemoryAddress messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>());
}
public override Delegate GetHookDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer user32dll = process.Modules["user32.dll"];
IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <HookMessageBoxWDelegate>());
}
protected override Delegate ToCallDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
IMemoryModule ntdll = process.Modules["ntdll.dll"];
IMemoryAddress ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess");
return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>());
}
protected override Delegate InitializeDelegate()
{
GameSharpProcess process = GameSharpProcess.Instance;
ModulePointer user32dll = process.Modules["user32.dll"];
IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW");
return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>());
}
private static void Main(string[] args)
{
// The process we are injecting into.
GameSharpProcess process = new GameSharpProcess(Process.GetProcessesByName("notepad++").FirstOrDefault());
if (process == null)
{
throw new Exception("Process not found.");
}
// A simple RemoteThreadInjector.
IInjection injector = new RemoteThreadInjection(process);
// Inject the DLL and executes the entrypoint.
string pathToDll = Path.Combine(Environment.CurrentDirectory, "GameSharp.Notepadpp.dll");
injector.InjectAndExecute(new Injectable(pathToDll, "Main"), attach: false);
}
/// <summary>
/// Wrapper for the NtQueryInformationProcess delegate, this will make the code more readable.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="process"></param>
/// <param name="pic"></param>
/// <returns></returns>
public static T NtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct
{
T returnResult = default;
uint ntResult = NtQueryInformationProcessWrapper.Call(process.NativeHandle, pic, out IMemoryPointer returnPtr, Marshal.SizeOf <T>(), out IMemoryPointer _);
// https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55
if (ntResult == 0)
{
returnResult = returnPtr.Read <T>();
}
//else
//{
// LoggingService.Error(
// $"Flag: {pic.ToString()}" +
// $", Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}" +
// $", Return value of NtQueryInformationProcess function is 0x{ntResult.ToString("X")}");
//}
return(returnResult);
}
/// <summary>
/// Wrapper for the defautl WinApi NtQueryInformationProcess, makes the code more readable.
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="process"></param>
/// <param name="pic"></param>
/// <returns></returns>
public static T WinApiNtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct
{
T returnResult = default;
IMemoryPointer ntResult = process.AllocateManagedMemory(Marshal.SizeOf <T>());
uint result = Ntdll.NtQueryInformationProcess(process.NativeHandle, pic, ntResult.Address, Marshal.SizeOf <T>(), out int _);
if (result == 0)
{
returnResult = ntResult.Read <T>();
}
else
{
LoggingService.Error(
$"Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}, " +
$"Return value of NtQueryInformationProcess function is 0x{result.ToString("X")}.");
}
return(returnResult);
}
public InjectionBase(GameSharpProcess process)
{
Process = process ?? throw new NullReferenceException();
}
public MemoryAddress(GameSharpProcess process, IntPtr address)
{
Address = address;
Process = process as IProcess;
}
public ThreadHijackInjection(GameSharpProcess process) : base(process)
{
}
public MemoryModule(GameSharpProcess process, ProcessModule processModule) : base(processModule)
{
GameSharpProcess = process;
MemoryAddress = new MemoryAddress(GameSharpProcess, processModule.BaseAddress);
}
public ExternalModulePointer(GameSharpProcess process, ProcessModule processModule) : base(processModule)
{
GameSharpProcess = process;
MemoryPointer = new ExternalMemoryPointer(GameSharpProcess, processModule.BaseAddress);
}
private DebugHelper(GameSharpProcess process)
{
Process = process;
}
public RemoteThreadInjection(GameSharpProcess process) : base(process)
{
}
public ExternalMemoryPointer(GameSharpProcess process, IntPtr address)
{
Address = address;
GameSharpProcess = process as IProcess;
}
