/// <summary>
/// Installs the services, which will keep running as long as the calling thread is alive.
/// </summary>
public static void InstallServices()
{
ServiceMgmt.Install();
if (IsX64System)
{
WOW64Bypass.Install();
}
}
internal static void InjectEx(
Int32 InHostPID,
Int32 InTargetPID,
Int32 InWakeUpTID,
Int32 InNativeOptions,
String InLibraryPath_x86,
String InLibraryPath_x64,
Boolean InCanBypassWOW64,
Boolean InCanCreateService,
params Object[] InPassThruArgs)
{
MemoryStream PassThru = new MemoryStream();
ManagedRemoteInfo RemoteInfo = new ManagedRemoteInfo();
BinaryFormatter Format = new BinaryFormatter();
Int32 NtStatus;
HelperServiceInterface.BeginInjection(InTargetPID);
try
{
RemoteInfo = new ManagedRemoteInfo();
RemoteInfo.HostPID = InHostPID;
RemoteInfo.UserParams = InPassThruArgs;
GCHandle hPassThru = PrepareInjection(
RemoteInfo,
ref InLibraryPath_x86,
ref InLibraryPath_x64,
PassThru);
/*
* Inject library...
*/
try
{
switch (NtStatus = NativeAPI.RhInjectLibraryEx(
InTargetPID,
InWakeUpTID,
NativeAPI.EASYHOOK_INJECT_MANAGED | InNativeOptions,
typeof(Config).Assembly.Location,
typeof(Config).Assembly.Location,
hPassThru.AddrOfPinnedObject(),
(int)PassThru.Length))
{
case NativeAPI.STATUS_WOW_ASSERTION:
{
// Use helper application to bypass WOW64...
if (InCanBypassWOW64)
{
WOW64Bypass.Inject(
InHostPID,
InTargetPID,
InWakeUpTID,
InNativeOptions,
InLibraryPath_x86,
InLibraryPath_x64,
InPassThruArgs);
}
else
{
throw new AccessViolationException("Unable to inject library into target process.");
}
} break;
case NativeAPI.STATUS_ACCESS_DENIED:
{
// Use service and try again...
if (InCanCreateService)
{
ServiceMgmt.Inject(
InHostPID,
InTargetPID,
InWakeUpTID,
InNativeOptions,
InLibraryPath_x86,
InLibraryPath_x64,
InPassThruArgs);
}
else
{
NativeAPI.Force(NtStatus);
}
} break;
case NativeAPI.STATUS_SUCCESS:
{
// wait for injection completion
HelperServiceInterface.WaitForInjection(InTargetPID);
} break;
default:
{
NativeAPI.Force(NtStatus);
} break;
}
}
finally
{
hPassThru.Free();
}
}
finally
{
HelperServiceInterface.EndInjection(InTargetPID);
}
}
internal static void InjectEx(
Int32 InHostPID,
Int32 InTargetPID,
Int32 InWakeUpTID,
Int32 InNativeOptions,
String InLibraryPath_x86,
String InLibraryPath_x64,
Boolean InCanBypassWOW64,
Boolean InCanCreateService,
Boolean InRequireStrongName,
params Object[] InPassThruArgs)
{
var PassThru = new MemoryStream();
HelperServiceInterface.BeginInjection(InTargetPID);
try
{
var RemoteInfo = new ManagedRemoteInfo();
RemoteInfo.HostPID = InHostPID;
// We first serialise parameters so that they can be deserialised AFTER the UserLibrary is loaded
var format = new BinaryFormatter();
var args = new List <object>();
if (InPassThruArgs != null)
{
foreach (var arg in InPassThruArgs)
{
using (var ms = new MemoryStream())
{
format.Serialize(ms, arg);
args.Add(ms.ToArray());
}
}
}
RemoteInfo.UserParams = args.ToArray();
RemoteInfo.RequireStrongName = InRequireStrongName;
var hPassThru = PrepareInjection(
RemoteInfo,
ref InLibraryPath_x86,
ref InLibraryPath_x64,
PassThru);
/*
* Inject library...
*/
try
{
Int32 NtStatus;
switch (NtStatus = NativeAPI.RhInjectLibraryEx(
InTargetPID,
InWakeUpTID,
NativeAPI.EASYHOOK_INJECT_MANAGED | InNativeOptions,
typeof(Config).Assembly.Location,
typeof(Config).Assembly.Location,
hPassThru.AddrOfPinnedObject(),
(int)PassThru.Length))
{
case NativeAPI.STATUS_WOW_ASSERTION:
{
// Use helper application to bypass WOW64...
if (InCanBypassWOW64)
{
WOW64Bypass.Inject(
InHostPID,
InTargetPID,
InWakeUpTID,
InNativeOptions,
InLibraryPath_x86,
InLibraryPath_x64,
InRequireStrongName,
InPassThruArgs);
}
else
{
throw new AccessViolationException("Unable to inject library into target process.");
}
}
break;
case NativeAPI.STATUS_ACCESS_DENIED:
{
// Use service and try again...
if (InCanCreateService)
{
ServiceMgmt.Inject(
InHostPID,
InTargetPID,
InWakeUpTID,
InNativeOptions,
InLibraryPath_x86,
InLibraryPath_x64,
InRequireStrongName,
InPassThruArgs);
}
else
{
NativeAPI.Force(NtStatus);
}
}
break;
case NativeAPI.STATUS_SUCCESS:
{
// wait for injection completion
HelperServiceInterface.WaitForInjection(InTargetPID);
}
break;
default:
{
NativeAPI.Force(NtStatus);
}
break;
}
}
finally
{
hPassThru.Free();
}
}
finally
{
HelperServiceInterface.EndInjection(InTargetPID);
}
}