Example #1
0
        public static bool DoInject(
            Process pToBeInjected,
            string sDllPath,
            string sDLLPath2,
            out string sError)
        {
            IntPtr hwnd = IntPtr.Zero;

            if (!CRT(pToBeInjected, sDllPath, out sError, out hwnd)) //CreateRemoteThread
            {
                //close the handle, since the method wasn't able to get to that
                if (hwnd != (IntPtr)0)
                {
                    WINAPI.CloseHandle(hwnd);
                }
                return(false);
            }
            int wee = Marshal.GetLastWin32Error();

            if (sDLLPath2 != null && sDLLPath2 != String.Empty)
            {
                if (!CRT(pToBeInjected, sDLLPath2, out sError, out hwnd)) //CreateRemoteThread
                {
                    //close the handle, since the method wasn't able to get to that
                    if (hwnd != (IntPtr)0)
                    {
                        WINAPI.CloseHandle(hwnd);
                    }
                    return(false);
                }
                int wee2 = Marshal.GetLastWin32Error();
            }
            return(true);
        }
Example #2
0
        private void AddArchSpecificDirectory()
        {
            string archPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory,
                                           IntPtr.Size == 8 ? "x64" : "Win32");

            WINAPI.SetDllDirectory(archPath);
        }
Example #3
0
 public static void ReleaseMemory(bool removePages)
 {
     // release any unused pages
     // making the numbers look good in task manager
     // this is totally nonsense in programming
     // but good for those users who care
     // making them happier with their everyday life
     // which is part of user experience
     GC.Collect(GC.MaxGeneration);
     GC.WaitForPendingFinalizers();
     if (removePages)
     {
         // as some users have pointed out
         // removing pages from working set will cause some IO
         // which lowered user experience for another group of users
         //
         // so we do 2 more things here to satisfy them:
         // 1. only remove pages once when configuration is changed
         // 2. add more comments here to tell users that calling
         //    this function will not be more frequent than
         //    IM apps writing chat logs, or web browsers writing cache files
         //    if they're so concerned about their disk, they should
         //    uninstall all IM apps and web browsers
         //
         // please open an issue if you're worried about anything else in your computer
         // no matter it's GPU performance, monitor contrast, audio fidelity
         // or anything else in the task manager
         // we'll do as much as we can to help you
         //
         // just kidding
         WINAPI.ReleasePages(Process.GetCurrentProcess().Handle);
     }
 }
Example #4
0
            protected void SetBytes(Byte[] buffer)
            {
                Process.EnterDebugMode();

                List <IntPtr> processHandles;
                var           pointers = GetPointers(out processHandles);

                for (var i = 0; i < pointers.Count; i++)
                {
                    if (pointers[i] != IntPtr.Zero)
                    {
                        var bytesWritten = UIntPtr.Zero;
                        WINAPI.WriteProcessMemory(processHandles[i], pointers[i], buffer, (UIntPtr)buffer.Length, ref bytesWritten);
                        if (!this.IgnoreException)
                        {
                            Int32 systemErrorCode = Marshal.GetLastWin32Error();
                            if (systemErrorCode != 0)
                            {
                                throw new Win32ErrorException(systemErrorCode);
                            }
                        }
                    }
                }

                CloseHandles(processHandles);
                Process.LeaveDebugMode();
            }
Example #5
0
        /// <summary>
        /// 红外图绘制
        /// </summary>
        /// <param name="graphic"></param>
        /// <param name="w"></param>
        /// <param name="h"></param>
        /// <returns></returns>
        bool DrawImages(Graphics graphic, int w, int h)
        {
            if (!_DataDisplay.GetDevice().IsProcessingImage())
            {
                return(false);
            }

            IntPtr pIrData = IntPtr.Zero;
            IntPtr pIrInfo = IntPtr.Zero;;

            if (!_DataDisplay.GetDevice().GetOutputBMPdata(ref pIrData, ref pIrInfo))
            {
                return(false);
            }

            GroupSDK.CAMERA_INFO info = _DataDisplay.GetDevice().GetCamInfo();

            IntPtr hDC = graphic.GetHdc();

            WINAPI.SetStretchBltMode(hDC, WINAPI.StretchMode.STRETCH_HALFTONE);
            WINAPI.StretchDIBits(hDC, 0, 0, w, h, 0, 0, info.intVideoWidth,
                                 info.intVideoHeight, pIrData, pIrInfo, (uint)WINAPI.PaletteMode.DIB_RGB_COLORS,
                                 (uint)WINAPI.ExecuteOption.SRCCOPY);


            graphic.ReleaseHdc();

            return(true);
        }
Example #6
0
 /// <summary>
 /// Closes all open process handles.
 /// </summary>
 /// <param name="processHandles">A list containing the process handles.</param>
 protected void CloseHandles(List <IntPtr> processHandles)
 {
     foreach (var processHandle in processHandles)
     {
         WINAPI.CloseHandle(processHandle);
         //var systemErrorCode = Marshal.GetLastWin32Error();
         //if ((!this.IgnoreException) && (systemErrorCode != 0)) {
         //    throw new Win32ErrorException(systemErrorCode);
         //}
     }
 }
Example #7
0
        private static bool doCreateRemoteThread(Process pToBeInjected, string sDllPath, out string sError, out IntPtr hwnd)
        {
            try
            {
                sError = "";
                IntPtr hProcess = WINAPI.OpenProcess(0x43a, 1, (uint)pToBeInjected.Id);
                hwnd = hProcess;
                if (hProcess == IntPtr.Zero)
                {
                    Console.WriteLine("Error: dCRT Code: " + Marshal.GetLastWin32Error());
                    return(false);
                }
                IntPtr procAddress = WINAPI.GetProcAddress(WINAPI.GetModuleHandle("kernel32.dll"), "LoadLibraryA");
                if (procAddress == IntPtr.Zero)
                {
                    Console.WriteLine("Unable to find address of \"LoadLibraryA\".\n");
                    Console.WriteLine("Error code: " + Marshal.GetLastWin32Error());
                    return(false);
                }
                IntPtr lpBaseAddress = WINAPI.VirtualAllocEx(hProcess, IntPtr.Zero, (IntPtr)sDllPath.Length, 0x3000, 0x40);
                if ((lpBaseAddress == IntPtr.Zero) && (lpBaseAddress == IntPtr.Zero))
                {
                    Console.WriteLine("Unable to allocate memory to target process.\n");
                    Console.WriteLine("Error code: " + Marshal.GetLastWin32Error());
                    return(false);
                }
                byte[] byteLength = GetByteLength(sDllPath);
                IntPtr zero       = IntPtr.Zero;
                WINAPI.WriteProcessMemory(hProcess, lpBaseAddress, byteLength, (uint)byteLength.Length, out zero);
                //if (Marshal.GetLastWin32Error() != 0)
                //{
                //    sError = "Unable to write memory to process.";
                //    sError = sError + "Error code: " + Marshal.GetLastWin32Error();
                //    return false;
                //}
                if (WINAPI.CreateRemoteThread(hProcess, IntPtr.Zero, IntPtr.Zero, procAddress, lpBaseAddress, 0, IntPtr.Zero) == IntPtr.Zero)
                {
                    Console.WriteLine("Memoryspace Error on LOAD_DLL\n");
                    Console.WriteLine("Error code: " + Marshal.GetLastWin32Error());
                    return(false);
                }
                WINAPI.VirtualFreeEx(hProcess, IntPtr.Zero, UIntPtr.Zero, 0x8000);
                return(true);
            }
            catch (Exception exception)
            {
                sError = "";

                hwnd = IntPtr.Zero;
                Console.WriteLine(exception.ToString());
                return(false);
            }
        }
Example #8
0
        public static bool DoInject(Process pToBeInjected, string sDllPath, out string sError)
        {
            IntPtr hwnd = IntPtr.Zero;

            if (!CreateRemoteThread(pToBeInjected, sDllPath, out sError, out hwnd))
            {
                //close the handle, since the method wasn't able to get to that
                if (hwnd != (IntPtr)0)
                {
                    WINAPI.CloseHandle(hwnd);
                }
                return(false);
            }
            //int Wee = Marshal.GetLastWin32Error();
            return(true);
        }
Example #9
0
        public static bool DoInject(
            Process pToBeInjected,
            string sDllPath,
            out string sError)
        {
            IntPtr hwnd;

            if (!CRT(pToBeInjected, sDllPath, out sError, out hwnd)) //CreateRemoteThread
            {
                //close the handle, since the method wasn't able to get to that
                if (hwnd != (IntPtr)0)
                {
                    WINAPI.CloseHandle(hwnd);
                }
                return(false);
            }

            return(true);
        }
Example #10
0
            /// <summary>
            /// Opens all existing local processes with the specified name.
            /// </summary>
            /// <returns>A list with process handles for each process.</returns>
            protected List <IntPtr> GetHandles()
            {
                var processes      = Process.GetProcessesByName(this.ProcessName);
                var processHandles = new List <IntPtr>();

                foreach (var process in processes)
                {
                    var processHandle   = WINAPI.OpenProcess(this.DesiredAccess, false, process.Id);
                    var systemErrorCode = Marshal.GetLastWin32Error();
                    if ((this.IgnoreException) || (systemErrorCode == 0))
                    {
                        processHandles.Add(processHandle);
                    }
                    else
                    {
                        throw new Win32ErrorException(systemErrorCode);
                    }
                }
                return(processHandles);
            }
Example #11
0
            protected List <Byte[]> GetBytes(Int32 size, Int32 offset)
            {
                Process.EnterDebugMode();

                List <IntPtr> processHandles;
                var           bytes    = new List <Byte[]>();
                var           pointers = GetPointers(out processHandles);

                for (var i = 0; i < pointers.Count; i++)
                {
                    bytes.Add(new Byte[size]);

                    if (pointers[i] != IntPtr.Zero)
                    {
                        var buffer    = new Byte[size];
                        var bytesRead = UIntPtr.Zero;

                        WINAPI.ReadProcessMemory(processHandles[i], IntPtr.Add(pointers[i], offset), buffer, (UIntPtr)size, ref bytesRead);
                        if (!this.IgnoreException)
                        {
                            Int32 systemErrorCode = Marshal.GetLastWin32Error();
                            if (systemErrorCode != 0)
                            {
                                throw new Win32ErrorException(systemErrorCode);
                            }
                        }

                        for (var x = 0; x < buffer.Length; x++)
                        {
                            (bytes[i])[x] = buffer[x];
                        }
                    }
                }

                CloseHandles(processHandles);
                Process.LeaveDebugMode();
                return(bytes);
            }
Example #12
0
 /// <summary>
 /// 连接相机
 /// </summary>
 /// <param name="sIP"></param>
 /// <param name="intTimeOut">ms</param>
 /// <returns></returns>
 public bool LinkCamera(string sIP, uint intTimeOut)
 {
     return(LinkCamera(WINAPI.inet_addr(sIP), intTimeOut));
 }
Example #13
0
        private static bool CRT(
            Process pToBeInjected,
            string sDllPath,
            out string sError,
            out IntPtr hwnd)
        {
            sError = String.Empty; //in case we encounter no errors

            IntPtr hndProc = WINAPI.OpenProcess((0x2 | 0x8 | 0x10 | 0x20 | 0x400), 1, (uint)pToBeInjected.Id);

            hwnd = hndProc;

            if (hndProc == (IntPtr)0)
            {
                sError  = "Unable to attatch to process.\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            IntPtr lpLLAddress = WINAPI.GetProcAddress(
                WINAPI.GetModuleHandle("kernel32.dll"),
                "LoadLibraryA");

            if (lpLLAddress == (IntPtr)0)
            {
                sError  = "Unable to find address of \"LoadLibraryA\".\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            IntPtr lpAddress = WINAPI.VirtualAllocEx(
                hndProc,
                (IntPtr)null,
                (IntPtr)sDllPath.Length,
                //520 bytes should be enough
                (uint)WINAPI.VAE_Enums.AllocationType.MEM_COMMIT |
                (uint)WINAPI.VAE_Enums.AllocationType.MEM_RESERVE,
                (uint)WINAPI.VAE_Enums.ProtectionConstants.PAGE_EXECUTE_READWRITE);

            if (lpAddress == (IntPtr)0)
            {
                sError  = "Unable to allocate memory to target process.\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            byte[] bytes = CalcBytes(sDllPath);
            IntPtr ipTmp;

            WINAPI.WriteProcessMemory(
                hndProc,
                lpAddress,
                bytes,
                (uint)bytes.Length,
                out ipTmp);

            if (Marshal.GetLastWin32Error() != 0)
            {
                sError  = "Unable to write memory to process.\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            IntPtr hThread = WINAPI.CreateRemoteThread(
                hndProc,
                (IntPtr)null,
                (IntPtr)0,
                lpLLAddress,
                lpAddress,
                0,
                (IntPtr)null);

            if (hThread == (IntPtr)0)
            {
                sError  = "Unable to load dll into memory.";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            //added so it won't crash while thread is initializing
            // Time-out is 10 seconds...
            int Result = WaitForSingleObject(hThread, 10 * 1000);

            // Check whether thread timed out...
            if (Result == 0x00000080L || Result == 0x00000102L || Result == 0xFFFFFFFF)
            {
                // Make sure thread handle is valid before closing... prevents crashes.
                if (hThread != null)
                {
                    //Close thread in target process
                    WINAPI.CloseHandle(hThread);
                }

                /* Thread timed out... */
                throw new Exception("WaitForSingleObject failed!\n\n Call tech support.");
            }

            // Sleep thread for so as not to crash host
            Thread.Sleep(1000);

            // Clear up allocated space ( Allocmem )
            VirtualFreeEx(hndProc, lpAddress, (UIntPtr)0, 0x8000);

            // Make sure thread handle is valid before closing... prevents crashes.
            if (hThread != null)
            {
                //Close thread in target process
                WINAPI.CloseHandle(hThread);
            }

            Trace.TraceInformation("Injecter thinks all is OK");
            return(true);
        }
Example #14
0
        /// <summary>
        /// Injects a x86 or x64 DLL into the process
        /// </summary>
        /// <param name="pToBeInjected">Process to be injected (obtained with Process.GetProcesses() ) </param>
        /// <param name="sDllPath">Full path to the DLL to be injected</param>
        /// <param name="sError">OUT parameter with an error string</param>
        /// <returns></returns>
        public static bool DoInject(
            Process pToBeInjected,
            string sDllPath,
            out string sError)
        {
            IntPtr hwnd = IntPtr.Zero;

            sError = String.Empty; //in case we encounter no errors

            //Open the target process with read , write and execute priviledges
            IntPtr hndProc = WINAPI.OpenProcess(
                (0x000F0000   // STANDARD_RIGHTS_REQUIRED
                 | 0x00100000 // SYNCHRONIZE
                 | 0xFFFF
                ), 0, (uint)pToBeInjected.Id);

            hwnd = hndProc;

            if (hndProc == (IntPtr)0)
            {
                sError  = "Unable to attatch to process.\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }
            //Get the address of LoadLibraryA
            IntPtr lpLLAddress = WINAPI.GetProcAddress(
                WINAPI.GetModuleHandle("kernel32.dll"),
                "LoadLibraryA");

            if (lpLLAddress == (IntPtr)0)
            {
                sError  = "Unable to find address of \"LoadLibraryA\".\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }
            // Allocate space in the process for our DLL
            IntPtr lpAddress = WINAPI.VirtualAllocEx(
                hndProc,
                (IntPtr)null,
                (IntPtr)sDllPath.Length, //520 bytes should be enough
                (uint)WINAPI.VAE_Enums.AllocationType.MEM_COMMIT |
                (uint)WINAPI.VAE_Enums.AllocationType.MEM_RESERVE,
                (uint)WINAPI.VAE_Enums.ProtectionConstants.PAGE_EXECUTE_READWRITE);


            if (lpAddress == (IntPtr)0)
            {
                sError  = "Unable to allocate memory to target process.\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }


            byte[] bytes = CalcBytes(sDllPath);
            IntPtr ipTmp = IntPtr.Zero;
            // Write the string name of our DLL in the memory allocated
            int bResult = WINAPI.WriteProcessMemory(
                hndProc,
                lpAddress,
                bytes,
                (uint)bytes.Length,
                out ipTmp);

            // ERROR x64: "Unable to write memory to process. Error code: 1300"
            if (bResult == 0)
            {
                sError  = "Unable to write memory to process.";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }
            // Load our DLL
            IntPtr ipThread = WINAPI.CreateRemoteThread(
                hndProc,
                (IntPtr)null,
                (IntPtr)0,
                lpLLAddress,
                lpAddress,
                0,
                (IntPtr)null);

            if (ipThread == (IntPtr)0)
            {
                sError  = "Unable to load dll into memory.";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            WINAPI.CloseHandle(hndProc);

            return(true);
        }
Example #15
0
            protected List <IntPtr> GetPointers(out List <IntPtr> processHandles)
            {
                processHandles = GetHandles();
                List <IntPtr> pointers;

                if (this.address == null)
                {
                    pointers = this.GetModuleBaseAddress(this.moduleName);
                }
                else
                {
                    pointers = new List <IntPtr>();
                    for (var i = 0; i < processHandles.Count; i++)
                    {
                        pointers.Add((IntPtr)this.address);
                    }
                }

                for (var i = 0; i < processHandles.Count; i++)
                {
                    if (processHandles[i] == IntPtr.Zero)
                    {
                        pointers[i] = IntPtr.Zero;
                    }
                    else
                    {
                        if ((this.Offsets != null) && (this.Offsets.Length > 0))
                        {
                            var size      = UIntPtr.Size;
                            var buffer    = new Byte[size];
                            var bytesRead = UIntPtr.Zero;
                            foreach (var offset in this.Offsets)
                            {
                                WINAPI.ReadProcessMemory(processHandles[i], pointers[i], buffer, (UIntPtr)size, ref bytesRead);
                                if (!this.IgnoreException)
                                {
                                    Int32 systemErrorCode = Marshal.GetLastWin32Error();
                                    if (systemErrorCode != 0)
                                    {
                                        throw new Win32ErrorException(systemErrorCode);
                                    }
                                }

                                if (size == 8)
                                {
                                    pointers[i] = (IntPtr)(BitConverter.ToInt64(buffer, 0));
                                }
                                else
                                {
                                    pointers[i] = (IntPtr)(BitConverter.ToUInt32(buffer, 0));
                                }

                                if (pointers[i] == IntPtr.Zero)
                                {
                                    break;
                                }

                                pointers[i] = IntPtr.Add(pointers[i], offset);
                                //Debug
                                //Console.WriteLine(pointers[i]);
                            }
                        }
                    }
                }
                return(pointers);
            }
Example #16
0
        public static bool InjectDLL(IntPtr hProcess, String strDLLName)
        {
            IntPtr bytesout;

            // Length of string containing the DLL file name +1 byte padding
            Int32 LenWrite = strDLLName.Length + 1;

            // Allocate memory within the virtual address space of the target process
            IntPtr AllocMem = (IntPtr)WINAPI.VirtualAllocEx(hProcess, (IntPtr)null, (uint)LenWrite, 0x1000, 0x40);

            // Write DLL file name to allocated memory in target process
            WINAPI.WriteProcessMemory(hProcess, AllocMem, strDLLName, (UIntPtr)LenWrite, out bytesout);

            // Function pointer "Injector"
            UIntPtr Injector = (UIntPtr)WINAPI.GetProcAddress(WINAPI.GetModuleHandle("kernel32.dll"), "LoadLibraryA");

            if (Injector == null)
            {
                throw new Exception("GetProcAddress failed!\n\n Call tech support.");
            }

            // Create thread in target process, and store handle in hThread
            IntPtr hThread = (IntPtr)WINAPI.CreateRemoteThread(hProcess, (IntPtr)null, 0, Injector, AllocMem, 0, out bytesout);

            // Make sure thread handle is valid
            if (hThread == null)
            {
                //incorrect thread handle ... return failed
                throw new Exception("CreateRemoteThread failed!\n\n Call tech support.");
            }

            // Time-out is 10 seconds...
            int Result = WINAPI.WaitForSingleObject(hThread, 10 * 1000);

            // Check whether thread timed out...
            if (Result == 0x00000080L || Result == 0x00000102L || Result == 0xFFFFFFFF)
            {
                // Make sure thread handle is valid before closing... prevents crashes.
                if (hThread != null)
                {
                    //Close thread in target process
                    WINAPI.CloseHandle(hThread);
                }

                /* Thread timed out... */
                throw new Exception("WaitForSingleObject failed!\n\n Call tech support.");
            }

            // Sleep thread so as not to crash host
            Thread.Sleep(5000);

            // Clear up allocated space ( Allocmem )
            WINAPI.VirtualFreeEx(hProcess, AllocMem, (UIntPtr)0, 0x8000);

            // Make sure thread handle is valid before closing... prevents crashes.
            if (hThread != null)
            {
                //Close thread in target process
                WINAPI.CloseHandle(hThread);
            }

            return(true);
        }
Example #17
0
        private static bool CRT(
            Process pToBeInjected,
            string sDllPath,
            out string sError,
            out IntPtr hwnd)
        {
            sError = String.Empty; //in case we encounter no errors

            IntPtr hndProc = WINAPI.OpenProcess(
                (0x2 | 0x8 | 0x10 | 0x20 | 0x400), //create thread, query info, operation
                //write, and read
                1,
                (uint)pToBeInjected.Id);

            hwnd = hndProc;

            if (hndProc == (IntPtr)0)
            {
                sError  = "Unable to attatch to process.\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            IntPtr lpLLAddress = WINAPI.GetProcAddress(
                WINAPI.GetModuleHandle("kernel32.dll"),
                "LoadLibraryA");

            if (lpLLAddress == (IntPtr)0)
            {
                sError  = "Unable to find address of \"LoadLibraryA\".\n";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            IntPtr lpAddress = WINAPI.VirtualAllocEx(
                hndProc,
                (IntPtr)null,
                (IntPtr)sDllPath.Length, //520 bytes should be enough
                (uint)WINAPI.VAE_Enums.AllocationType.MEM_COMMIT |
                (uint)WINAPI.VAE_Enums.AllocationType.MEM_RESERVE,
                (uint)WINAPI.VAE_Enums.ProtectionConstants.PAGE_EXECUTE_READWRITE);

            if (lpAddress == (IntPtr)0)
            {
                if (lpAddress == (IntPtr)0)
                {
                    sError  = "Unable to allocate memory to target process.\n";
                    sError += "Error code: " + Marshal.GetLastWin32Error();
                    return(false);
                }
            }

            byte[] bytes = CalcBytes(sDllPath);
            IntPtr ipTmp = IntPtr.Zero;

            WINAPI.WriteProcessMemory(
                hndProc,
                lpAddress,
                bytes,
                (uint)bytes.Length,
                out ipTmp);

            if (Marshal.GetLastWin32Error() != 0)
            {
                sError  = "Unable to write memory to process.";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            IntPtr ipThread = WINAPI.CreateRemoteThread(
                hndProc,
                (IntPtr)null,
                (IntPtr)0,
                lpLLAddress,
                lpAddress,
                0,
                (IntPtr)null);

            if (ipThread == (IntPtr)0)
            {
                sError  = "Unable to load dll into memory.";
                sError += "Error code: " + Marshal.GetLastWin32Error();
                return(false);
            }

            return(true);
        }
Example #18
0
 public bool LinkCameraEx(string sIP, ushort shortPort, string charCloudUser, string charCloudPwd,
                          uint intCamSN, string charCamUser, string charCamPwd, uint intTimeOut)
 {
     return(LinkCameraEx(WINAPI.inet_addr(sIP), shortPort, charCloudUser, charCloudPwd,
                         intCamSN, charCamUser, charCamPwd, intTimeOut));
 }