public static void ShowConsole(IntPtr procHandle)
{
IntPtr allocConsoleAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), "AllocConsole");
var t = CreateRemoteThread(procHandle, IntPtr.Zero, 0, allocConsoleAddr, IntPtr.Zero, 0, IntPtr.Zero);
Native.WaitForSingleObject(t, -1);
}
private IntPtr Execute(IntPtr address, params IntPtr[] args)
{
IntPtr retValPtr = Is64Bit ? _memory.AllocateAndWrite((long)0) : _memory.AllocateAndWrite(0);
byte[] code = Assemble(address, retValPtr, args);
IntPtr alloc = _memory.AllocateAndWrite(code);
IntPtr thread = Native.CreateRemoteThread(_handle, IntPtr.Zero, 0, alloc, IntPtr.Zero, 0, out _);
if (thread == IntPtr.Zero)
{
throw new InjectorException("Failed to create a remote thread", new Win32Exception(Marshal.GetLastWin32Error()));
}
WaitResult result = Native.WaitForSingleObject(thread, -1);
if (result == WaitResult.WAIT_FAILED)
{
throw new InjectorException("Failed to wait for a remote thread", new Win32Exception(Marshal.GetLastWin32Error()));
}
IntPtr ret = Is64Bit ? (IntPtr)_memory.ReadLong(retValPtr) : (IntPtr)_memory.ReadInt(retValPtr);
if ((long)ret == 0x00000000C0000005)
{
throw new InjectorException($"An access violation occurred while executing {Exports.First(e => e.Value == address).Key}()");
}
return(ret);
}
public static void Inject(IntPtr procHandle, String dllName)
{
IntPtr loadLibraryAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), 0x3000, 4);
WriteProcessMemory(procHandle, allocMemAddress, Encoding.Default.GetBytes(dllName), (uint)((dllName.Length + 1) * Marshal.SizeOf <char>()), out UIntPtr bytesWritten);
var t = CreateRemoteThread(procHandle, IntPtr.Zero, 0, loadLibraryAddr, allocMemAddress, 0, IntPtr.Zero);
Native.WaitForSingleObject(t, -1);
}
