/// <summary>
/// Removes from Target Process Memory the DNCIClrLoader
/// </summary>
/// <param name="targetProcessHandle">Target Process Handle</param>
/// <param name="dnciModuleHandle">DNCIClrLoader Module Handle</param>
private void EraseRemoteModules(IntPtr targetProcessHandle, IntPtr dnciModuleHandle)
{
// Resolve FreeLibrary function pointer into kernel32 address space
IntPtr freeLibraryHandle = NativeExecution.GetProcAddress(NativeExecution.GetModuleHandle("Kernel32"), "FreeLibrary");
// Unload DNCIClrLoader.dll from Remote Process
NativeExecution.CreateRemoteThread(targetProcessHandle, IntPtr.Zero, 0, freeLibraryHandle, dnciModuleHandle, 0, IntPtr.Zero);
}
/// <summary>
/// Inject the DNCLClrLoader.dll into Target Process Memory
/// </summary>
/// <param name="targetProcessHandle">Target Process Handle</param>
/// <param name="injectorLibraryFilePath">DNCIClrLoader.dll File Path</param>
/// <param name="moduleName">Name of Module (usually, FILE_NAME.dll)</param>
/// <returns></returns>
private IntPtr DNCIClrLoader(IntPtr targetProcessHandle, String injectorLibraryFilePath, String moduleName)
{
// Resolve LoadLibraryW function pointer into Kernel32 address space
IntPtr loadLibraryWAddr = NativeExecution.GetProcAddress(
NativeExecution.GetModuleHandle("kernel32.dll"),
"LoadLibraryW"
);
// Inject DNCIClrLoader into Remote Process
Inject(targetProcessHandle, loadLibraryWAddr, injectorLibraryFilePath);
// Find the LoadDNA Function Point into Remote Process Memory
return(FindRemoteModuleHandle(targetProcessHandle, moduleName));
}