Example #1
0
        private void btInject_Click(object sender, EventArgs e)
        {
            if (!File.Exists(_assemblyPath))
            {
                return;
            }
            if (cmbEntryPoint.SelectedItem is null)
            {
                return;
            }

            string typeName = _entryPoint.FullName.Substring(_entryPoint.FullName.IndexOf(' ') + 1);

            typeName = typeName.Substring(0, typeName.IndexOf(':'));
            if (chkWaitReturn.Checked)
            {
                btInject.Enabled = false;
                Text            += _resources.GetString("StrWaiting");
                new Thread(() => {
                    if (_process.InjectManaged(_assemblyPath, typeName, _entryPoint.Name, _argument, out int ret))
                    {
                        Invoke((Action)(() => MessageBoxStub.Show($"{_resources.GetString("StrInjectSuccessfully")}\n{_resources.GetString("StrReturnValue")} {ret}", MessageBoxIcon.Information)));
                    }
                    else
                    {
                        Invoke((Action)(() => MessageBoxStub.Show(_resources.GetString("StrFailToInject"), MessageBoxIcon.Error)));
                    }
                    Invoke((Action)(() => {
                        btInject.Enabled = true;
                        Text = Text.Substring(0, Text.Length - 6);
                    }));
                })
                {
                    IsBackground = true
                }.Start();
Example #2
0
        private void DumpModule(IntPtr moduleHandle, string filePath)
        {
            bool result;

            result = DumperFactory.GetDumper(_processId, _dumperCore.Value).DumpModule(moduleHandle, filePath);
            MessageBoxStub.Show(result ? $"{_resources.GetString("StrDumpModuleSuccessfully")}{Environment.NewLine}{filePath}" : _resources.GetString("StrFailToDumpModule"), result ? MessageBoxIcon.Information : MessageBoxIcon.Error);
        }
Example #3
0
        private void mnuViewModules_Click(object sender, EventArgs e)
        {
            if (lvwProcesses.SelectedIndices.Count == 0)
            {
                return;
            }

            ListViewItem.ListViewSubItem processNameItem;

            processNameItem = lvwProcesses.GetFirstSelectedSubItem(chProcessName.Index);
            if (Environment.Is64BitProcess && processNameItem.BackColor == Cache.DotNetColor && processNameItem.Text.EndsWith(_resources.GetString("Str32Bit"), StringComparison.Ordinal))
            {
                MessageBoxStub.Show(_resources.GetString("StrViewModulesSwitchTo32Bit"), MessageBoxIcon.Error);
            }
            else
            {
                ModulesForm modulesForm;

#pragma warning disable IDE0067
                modulesForm = new ModulesForm(uint.Parse(lvwProcesses.GetFirstSelectedSubItem(chProcessId.Index).Text), processNameItem.Text, processNameItem.BackColor == Cache.DotNetColor, _dumperType);
#pragma warning restore IDE0067
                modulesForm.FormClosed += (v1, v2) => modulesForm.Dispose();
                modulesForm.Show();
            }
        }
Example #4
0
        private void DumpModule(IntPtr moduleHandle, string filePath)
        {
            bool result;

            result = DumperFactory.GetDumper(_processId, _dumperCore.Value).DumpModule(moduleHandle, filePath);
            MessageBoxStub.Show(result ? $"成功!文件被转储在:{Environment.NewLine}{filePath}" : "失败!", result ? MessageBoxIcon.Information : MessageBoxIcon.Error);
        }
Example #5
0
        private void DumpModule(IntPtr moduleHandle, ImageLayout imageLayout, string filePath)
        {
            using var dumper = DumperFactory.GetDumper(_process.Id, _dumperType.Value);
            bool result = dumper.DumpModule(moduleHandle, imageLayout, filePath);

            MessageBoxStub.Show(result ? $"Dump module successfully. Image was saved in:{Environment.NewLine}{filePath}" : "Fail to dump module.", result ? MessageBoxIcon.Information : MessageBoxIcon.Error);
        }
Example #6
0
        private void DumpModule(IntPtr moduleHandle, ImageLayout imageLayout, string filePath)
        {
            bool result;

            using (IDumper dumper = DumperFactory.GetDumper(_process.Id, _dumperType.Value))
                result = dumper.DumpModule(moduleHandle, imageLayout, filePath);
            MessageBoxStub.Show(result ? $"{_resources.GetString("StrDumpModuleSuccessfully")}{Environment.NewLine}{filePath}" : _resources.GetString("StrFailToDumpModule"), result ? MessageBoxIcon.Information : MessageBoxIcon.Error);
        }
Example #7
0
 private void DumpProcess(uint processId, string directoryPath)
 {
     if (!Directory.Exists(directoryPath))
     {
         Directory.CreateDirectory(directoryPath);
     }
     using (var dumper = DumperFactory.GetDumper(processId, _dumperType))
         MessageBoxStub.Show($"{dumper.DumpProcess(directoryPath)} {_resources.GetString("StrDumpFilesSuccess")}{Environment.NewLine}{directoryPath}", MessageBoxIcon.Information);
 }
        private static void ShowDetailException(Exception ex)
        {
            StringBuilder message;

            message = new StringBuilder();
            message.AppendLine("Message:\n" + ex.Message);
            message.AppendLine("Source:\n" + ex.Source);
            message.AppendLine("StackTrace:\n" + ex.StackTrace);
            message.AppendLine("TargetSite:\n" + ex.TargetSite.ToString());
            MessageBoxStub.Show(message.ToString(), MessageBoxIcon.Error);
        }
Example #9
0
        private void btInject_Click(object sender, EventArgs e)
        {
            string typeName;

            if (!File.Exists(_assemblyPath))
            {
                return;
            }
            if (cmbEntryPoint.SelectedItem == null)
            {
                return;
            }
            if (chkWaitReturn.Checked)
            {
                btInject.Enabled = false;
                Text            += "等待中...";
                new Thread(() =>
                {
                    int ret;

                    typeName = _entryPoint.FullName.Substring(_entryPoint.FullName.IndexOf(' ') + 1);
                    typeName = typeName.Substring(0, typeName.IndexOf(':'));
                    if (Injector.InjectManaged(_processId, _assemblyPath, typeName, _entryPoint.Name, _argument, out ret))
                    {
                        Invoke((Action)(() => MessageBoxStub.Show($"注入成功\n返回值: {ret.ToString()}", MessageBoxIcon.Information)));
                    }
                    else
                    {
                        Invoke((Action)(() => MessageBoxStub.Show("注入失败", MessageBoxIcon.Error)));
                    }
                    Invoke((Action)(() =>
                    {
                        btInject.Enabled = true;
                        Text = Text.Substring(0, Text.Length - 6);
                    }));
                })
                {
                    IsBackground = true
                }.Start();
            }
            else
            {
                typeName = _entryPoint.FullName.Substring(_entryPoint.FullName.IndexOf(' '));
                typeName = typeName.Substring(0, typeName.IndexOf(':'));
                if (Injector.InjectManaged(_processId, _assemblyPath, typeName, _entryPoint.Name, _argument))
                {
                    MessageBoxStub.Show($"注入成功", MessageBoxIcon.Information);
                }
                else
                {
                    MessageBoxStub.Show("注入失败", MessageBoxIcon.Error);
                }
            }
        }
Example #10
0
        private void mnuViewModules_Click(object sender, EventArgs e)
        {
            if (lvwProcesses.SelectedIndices.Count == 0)
            {
                return;
            }

            if (Environment.Is64BitProcess && lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor && lvwProcesses.SelectedItems[0].Text.EndsWith(_resources.GetString("Str32Bit"), StringComparison.Ordinal))
            {
                MessageBoxStub.Show(_resources.GetString("StrViewModulesSwitchTo32Bit"), MessageBoxIcon.Error);
            }
            else
            {
                new ModulesForm(uint.Parse(lvwProcesses.SelectedItems[0].SubItems[1].Text), lvwProcesses.SelectedItems[0].Text, lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor, _dumperCore).Show();
            }
        }
Example #11
0
        private void mnuViewModules_Click(object sender, EventArgs e)
        {
            if (lvwProcesses.SelectedIndices.Count == 0)
            {
                return;
            }

            if (Environment.Is64BitProcess && lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor && lvwProcesses.SelectedItems[0].Text.EndsWith("(32 位)", StringComparison.Ordinal))
            {
                MessageBoxStub.Show("要查看32位.Net进程的模块请切换到32位模式", MessageBoxIcon.Error);
            }
            else
            {
                new ModulesForm(uint.Parse(lvwProcesses.SelectedItems[0].SubItems[1].Text), lvwProcesses.SelectedItems[0].Text, lvwProcesses.SelectedItems[0].BackColor == Cache.DotNetColor, _dumperCore).Show();
            }
        }
Example #12
0
        private void mnuViewModules_Click(object sender, EventArgs e)
        {
            if (lvwProcesses.SelectedIndices.Count == 0)
            {
                return;
            }

            var processNameItem = lvwProcesses.GetFirstSelectedSubItem(chProcessName.Index);

            if (Environment.Is64BitProcess && processNameItem.BackColor == Cache.DotNetColor && processNameItem.Text.EndsWith(_resources.GetString("Str32Bit"), StringComparison.Ordinal))
            {
                MessageBoxStub.Show(_resources.GetString("StrViewModulesSwitchTo32Bit"), MessageBoxIcon.Error);
            }
            else
            {
                var modulesForm = new ModulesForm(uint.Parse(lvwProcesses.GetFirstSelectedSubItem(chProcessId.Index).Text), processNameItem.Text, processNameItem.BackColor == Cache.DotNetColor, _dumperType);
                modulesForm.Show();
            }
        }
Example #13
0
 private void mnuDebugPrivilege_Click(object sender, EventArgs e)
 {
     if (!_isAdministrator)
     {
         MessageBoxStub.Show("请以管理员模式启动" + Application.ProductName, MessageBoxIcon.Error);
         return;
     }
     if (FastWin32Settings.EnableDebugPrivilege())
     {
         mnuDebugPrivilege.Checked = true;
         mnuDebugPrivilege.Enabled = false;
         Text = Text.Substring(0, Text.Length - 1) + ", SeDebugPrivilege)";
         MessageBoxStub.Show("成功", MessageBoxIcon.Information);
     }
     else
     {
         MessageBoxStub.Show("失败,请关闭杀软后重试", MessageBoxIcon.Error);
     }
 }
Example #14
0
 private void mnuDebugPrivilege_Click(object sender, EventArgs e)
 {
     if (!_isAdministrator)
     {
         MessageBoxStub.Show(_resources.GetString("StrRunAsAdmin") + Application.ProductName, MessageBoxIcon.Error);
         return;
     }
     if (FastWin32Settings.EnableDebugPrivilege())
     {
         mnuDebugPrivilege.Checked = true;
         mnuDebugPrivilege.Enabled = false;
         Text = Text.Substring(0, Text.Length - 1) + ", SeDebugPrivilege)";
         MessageBoxStub.Show(_resources.GetString("StrSuccess"), MessageBoxIcon.Information);
     }
     else
     {
         MessageBoxStub.Show(_resources.GetString("StrFailed"), MessageBoxIcon.Error);
     }
 }
Example #15
0
        private void LoadAssembly()
        {
            MethodSig methodSig;

            try {
                _manifestModule = ModuleDefMD.Load(_assemblyPath);
            }
            catch {
                MessageBoxStub.Show(_resources.GetString("StrInvalidAssembly"), MessageBoxIcon.Error);
                _manifestModule = null;
                return;
            }
            cmbEntryPoint.Items.Clear();
            foreach (TypeDef typeDef in _manifestModule.GetTypes())
            {
                foreach (MethodDef methodDef in typeDef.Methods)
                {
                    if (!methodDef.IsStatic)
                    {
                        continue;
                    }
                    if (methodDef.IsGetter || methodDef.IsSetter)
                    {
                        continue;
                    }
                    methodSig = (MethodSig)methodDef.Signature;
                    if (methodSig.Params.Count != 1 || methodSig.Params[0].FullName != "System.String")
                    {
                        continue;
                    }
                    if (methodSig.RetType.FullName != "System.Int32")
                    {
                        continue;
                    }
                    cmbEntryPoint.Items.Add(methodDef);
                }
            }
            if (cmbEntryPoint.Items.Count == 1)
            {
                cmbEntryPoint.SelectedIndex = 0;
            }
        }
Example #16
0
        private void mnuGotoLocation_Click(object sender, EventArgs e)
        {
            if (lvwModules.SelectedIndices.Count == 0)
            {
                return;
            }

            string filePath = lvwModules.SelectedItems[0].SubItems[3].Text;

            if (filePath == "模块仅在内存中")
            {
                MessageBoxStub.Show("模块仅在内存中,可以在转储之后查看", MessageBoxIcon.Error);
            }
            else
            {
                if (!Environment.Is64BitProcess && Cache.Is64BitOperatingSystem)
                {
                    MessageBoxStub.Show("文件位置被重定向,资源管理器中显示的不一定是真实位置", MessageBoxIcon.Information);
                }
                Process.Start("explorer.exe", @"/select, " + filePath);
            }
        }
Example #17
0
        private void mnuDebugPrivilege_Click(object sender, EventArgs e)
        {
            if (_hasSeDebugPrivilege)
            {
                return;
            }

            if (!IsAdministrator)
            {
                MessageBoxStub.Show(_resources.GetString("StrRunAsAdmin") + Application.ProductName, MessageBoxIcon.Error);
                return;
            }
            try {
                Process.EnterDebugMode();
                _hasSeDebugPrivilege      = true;
                mnuDebugPrivilege.Checked = true;
                mnuDebugPrivilege.Enabled = false;
                Text = Text.Substring(0, Text.Length - 1) + ", SeDebugPrivilege)";
                MessageBoxStub.Show(_resources.GetString("StrSuccess"), MessageBoxIcon.Information);
            }
            catch {
                MessageBoxStub.Show(_resources.GetString("StrFailed"), MessageBoxIcon.Error);
            }
        }
Example #18
0
        private void RefreshModuleList()
        {
            lvwModules.Items.Clear();
            ListViewItem listViewItem;

            if (!mnuOnlyDotNetModule.Checked)
            {
                var moduleEntry32  = MODULEENTRY32.Default;
                var snapshotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, _process.Id);
                if (snapshotHandle == INVALID_HANDLE_VALUE)
                {
                    return;
                }
                if (!Module32First(snapshotHandle, ref moduleEntry32))
                {
                    return;
                }
                do
                {
                    listViewItem = new ListViewItem(moduleEntry32.szModule);
                    // Name
                    listViewItem.SubItems.Add(string.Empty);
                    // Domain Name
                    listViewItem.SubItems.Add(string.Empty);
                    // CLR Version
                    listViewItem.SubItems.Add(Utils.FormatPointer(moduleEntry32.modBaseAddr));
                    // BaseAddress
                    listViewItem.SubItems.Add(Utils.FormatHex(moduleEntry32.modBaseSize));
                    // Size
                    listViewItem.SubItems.Add(moduleEntry32.szExePath);
                    // Path
                    lvwModules.Items.Add(listViewItem);
                } while (Module32Next(snapshotHandle, ref moduleEntry32));
            }
            if (_isDotNetProcess)
            {
                try {
                    using var dataTarget = DataTarget.AttachToProcess((int)_process.Id, false);
                    foreach (var clrModule in dataTarget.ClrVersions.Select(t => t.CreateRuntime()).SelectMany(t => t.AppDomains).SelectMany(t => t.Modules))
                    {
                        if (clrModule.ImageBase == 0)
                        {
                            continue;
                        }

                        string name = clrModule.Name;
                        bool   inMemory;
                        if (!string.IsNullOrEmpty(name))
                        {
                            inMemory = name.Contains(",");
                        }
                        else
                        {
                            name     = "<<EmptyName>>";
                            inMemory = true;
                        }
                        string moduleName = !inMemory?Path.GetFileName(name) : name.Split(',')[0];

                        listViewItem = new ListViewItem(moduleName);
                        // Name
                        listViewItem.SubItems.Add(clrModule.AppDomain.Name);
                        // Domain Name
                        listViewItem.SubItems.Add($"v{clrModule.AppDomain.Runtime.ClrInfo.Version}");
                        // CLR Version
                        listViewItem.SubItems.Add(Utils.FormatPointer(clrModule.ImageBase));
                        // BaseAddress
                        listViewItem.SubItems.Add(Utils.FormatHex((uint)clrModule.Size));
                        // Size
                        listViewItem.SubItems.Add(!inMemory ? name : "InMemory");
                        // Path
                        listViewItem.BackColor = Utils.DotNetColor;
                        lvwModules.Items.Add(listViewItem);
                    }
                }
                catch {
                    MessageBoxStub.Show("Fail to get .NET modules", MessageBoxIcon.Error);
                }
            }
            lvwModules.AutoResizeColumns(false);
        }
Example #19
0
 private void DumpProcess(uint processId, string directoryPath) => MessageBoxStub.Show($"{DumperFactory.GetDumper(processId, _dumperCore.Value).DumpProcess(directoryPath).ToString()} 个文件被转储在:{Environment.NewLine}{directoryPath}", MessageBoxIcon.Information);
Example #20
0
        private void RefreshModuleList()
        {
            lvwModules.Items.Clear();
            ListViewItem listViewItem;

            if (!mnuOnlyDotNetModule.Checked)
            {
                var moduleEntry32  = MODULEENTRY32.Default;
                var snapshotHandle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, _process.Id);
                if (snapshotHandle == INVALID_HANDLE_VALUE)
                {
                    return;
                }
                if (!Module32First(snapshotHandle, ref moduleEntry32))
                {
                    return;
                }
                do
                {
                    listViewItem = new ListViewItem(moduleEntry32.szModule);
                    // Name
                    listViewItem.SubItems.Add(string.Empty);
                    // Domain Name
                    listViewItem.SubItems.Add(string.Empty);
                    // CLR Version
                    listViewItem.SubItems.Add("0x" + moduleEntry32.modBaseAddr.ToString(Cache.Is64BitProcess ? "X16" : "X8"));
                    // BaseAddress
                    listViewItem.SubItems.Add("0x" + moduleEntry32.modBaseSize.ToString("X8"));
                    // Size
                    listViewItem.SubItems.Add(moduleEntry32.szExePath);
                    // Path
                    lvwModules.Items.Add(listViewItem);
                } while (Module32Next(snapshotHandle, ref moduleEntry32));
            }
            if (_isDotNetProcess)
            {
                try {
                    using (var dataTarget = DataTarget.AttachToProcess((int)_process.Id, 1000, AttachFlag.Passive)) {
                        dataTarget.SymbolLocator = DummySymbolLocator.Instance;
                        foreach (var clrModule in dataTarget.ClrVersions.Select(t => t.CreateRuntime()).SelectMany(t => t.AppDomains).SelectMany(t => t.Modules))
                        {
                            string name = clrModule.Name;
                            bool   inMemory;
                            if (!string.IsNullOrEmpty(name))
                            {
                                inMemory = name.Contains(",");
                            }
                            else
                            {
                                name     = "EmptyName";
                                inMemory = true;
                            }
                            string moduleName = !inMemory?Path.GetFileName(name) : name.Split(',')[0];

                            listViewItem = new ListViewItem(moduleName);
                            // Name
                            listViewItem.SubItems.Add(string.Join(", ", clrModule.AppDomains.Select(t => t.Name)));
                            // Domain Name
                            listViewItem.SubItems.Add(clrModule.Runtime.ClrInfo.Version.ToString());
                            // CLR Version
                            listViewItem.SubItems.Add("0x" + clrModule.ImageBase.ToString(Cache.Is64BitProcess ? "X16" : "X8"));
                            // BaseAddress
                            listViewItem.SubItems.Add("0x" + clrModule.Size.ToString("X8"));
                            // Size
                            listViewItem.SubItems.Add(!inMemory ? name : "InMemory");
                            // Path
                            listViewItem.BackColor = Cache.DotNetColor;
                            lvwModules.Items.Add(listViewItem);
                        }
                    }
                }
                catch {
                    MessageBoxStub.Show(_resources.GetString("StrFailToGetDotNetModules"), MessageBoxIcon.Error);
                }
            }
            lvwModules.AutoResizeColumns(false);
        }
Example #21
0
 private void DumpProcess(uint processId, string directoryPath)
 {
     using (IDumper dumper = DumperFactory.GetDumper(processId, _dumperType.Value))
         MessageBoxStub.Show($"{dumper.DumpProcess(directoryPath).ToString()} {_resources.GetString("StrDumpFilesSuccess")}{Environment.NewLine}{directoryPath}", MessageBoxIcon.Information);
 }