Example #1
0
 private void bInject_Click(object sender, EventArgs e)
 {
     if (!openNew)
     {
         if (activeProcess != null)
         {
             var res = i.inject(activeProcess.Process.Id, tbDllResult.Text);
             if (res.ErrorCode == 0)
             {
                 activeProcess.InjectedList.Add(res);
                 updateSelected();
             }
             else
             {
                 msg("Injection failed");
             }
         }
         else
         {
             msg("No process selected");
         }
     }
     else
     {
         if (File.Exists(activeExe))
         {
             if (File.Exists(tbDllResult.Text))
             {
                 try
                 {
                     DLLInformation dll = i.inject(activeExe, tbDllResult.Text);
                     if (dll.ErrorCode == 0)
                     {
                         activeProcess = new ProcessWrapper(Process.GetProcessById(dll.ProcID));
                         activeProcess.InjectedList.Add(dll);
                         openNew = false;
                         updateSelected();
                     }
                     else
                     {
                         msg("Injection failed");
                     }
                 }
                 catch
                 {
                     msg("Injection failed");
                 }
             }
             else
             {
                 msg("No DLL found to inject");
             }
         }
         else
         {
             msg("No executable to launch");
         }
     }
 }
Example #2
0
 public DLLInformation inject(int pid, string dllPath)
 {
     DLLInformation d = new DLLInformation();
     d.ProcID = pid;
     IntPtr hProcess = OpenProcess((int)(0x000F0000L | 0x00100000L | 0xFFF), false, pid);
     d.ErrorCode = commonInject(hProcess, dllPath, ref d);
     return d;
 }
Example #3
0
        public DLLInformation inject(int pid, string dllPath)
        {
            DLLInformation d = new DLLInformation();

            d.ProcID = pid;
            IntPtr hProcess = OpenProcess((int)(0x000F0000L | 0x00100000L | 0xFFF), false, pid);

            d.ErrorCode = commonInject(hProcess, dllPath, ref d);
            return(d);
        }
Example #4
0
 private int commonInject(IntPtr hProcess, string dllPath, ref DLLInformation d)
 {
     try
     {
         if (d == null)
         {
             d = new DLLInformation();
         }
         d.DllPath = dllPath;
         if (hProcess == null || hProcess.ToInt32() == -1)
         {
             return(1);
         }
         IntPtr memory = VirtualAllocEx(hProcess, new IntPtr(0), (uint)dllPath.Length, AllocationType.Commit, MemoryProtection.ReadWrite);
         if (memory == null || memory.ToInt32() == 0)
         {
             return(2);
         }
         UIntPtr p;
         byte[]  data = Encoding.ASCII.GetBytes(dllPath);
         if (!WriteProcessMemory(hProcess, memory, data, (uint)dllPath.Length, out p))
         {
             return(3);
         }
         uint   x       = 0;
         IntPtr loc     = new IntPtr(GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "LoadLibraryA").ToUInt32());
         IntPtr hThread = CreateRemoteThread(hProcess, new IntPtr(0), 0, loc, memory, 0, out x);
         if (hThread == null || hThread.ToInt32() == -1)
         {
             return(4);
         }
         WaitForSingleObject(hThread, uint.MaxValue);
         uint exitCode;
         if (!GetExitCodeThread(hThread, out exitCode))
         {
             return(5);
         }
         d.DllHandle = exitCode;
         CloseHandle(hThread);
         VirtualFreeEx(hProcess, memory, dllPath.Length + 1, FreeType.Release);
         d.IsInjected = true;
         return(0);
     }
     catch
     {
         return(-1);
     }
 }
Example #5
0
 public DLLInformation inject(string exePath, string dllPath)
 {
     DLLInformation d = new DLLInformation();
     STARTUPINFO lpStartupInfo = new STARTUPINFO();
     PROCESS_INFORMATION lpProcessInfo = new PROCESS_INFORMATION();
     SECURITY_ATTRIBUTES lpSecurityAttributes1 = new SECURITY_ATTRIBUTES();
     SECURITY_ATTRIBUTES lpSecurityAttributes2 = new SECURITY_ATTRIBUTES();
     lpSecurityAttributes1.nLength = Marshal.SizeOf(lpSecurityAttributes1);
     lpSecurityAttributes2.nLength = Marshal.SizeOf(lpSecurityAttributes2);
     IntPtr hProcess;
     CreateProcess(exePath, "", ref lpSecurityAttributes1, ref lpSecurityAttributes2, false, 0x0020, IntPtr.Zero, null, ref lpStartupInfo, out lpProcessInfo);
     hProcess = OpenProcess((int)(0x000F0000L | 0x00100000L | 0xFFF), false, lpProcessInfo.dwProcessId);
     d.ProcID = lpProcessInfo.dwProcessId;
     d.ErrorCode = commonInject(hProcess, dllPath, ref d);
     return d;
 }
Example #6
0
        public DLLInformation inject(string exePath, string dllPath)
        {
            DLLInformation      d                     = new DLLInformation();
            STARTUPINFO         lpStartupInfo         = new STARTUPINFO();
            PROCESS_INFORMATION lpProcessInfo         = new PROCESS_INFORMATION();
            SECURITY_ATTRIBUTES lpSecurityAttributes1 = new SECURITY_ATTRIBUTES();
            SECURITY_ATTRIBUTES lpSecurityAttributes2 = new SECURITY_ATTRIBUTES();

            lpSecurityAttributes1.nLength = Marshal.SizeOf(lpSecurityAttributes1);
            lpSecurityAttributes2.nLength = Marshal.SizeOf(lpSecurityAttributes2);
            IntPtr hProcess;

            CreateProcess(exePath, "", ref lpSecurityAttributes1, ref lpSecurityAttributes2, false, 0x0020, IntPtr.Zero, null, ref lpStartupInfo, out lpProcessInfo);
            hProcess    = OpenProcess((int)(0x000F0000L | 0x00100000L | 0xFFF), false, lpProcessInfo.dwProcessId);
            d.ProcID    = lpProcessInfo.dwProcessId;
            d.ErrorCode = commonInject(hProcess, dllPath, ref d);
            return(d);
        }
Example #7
0
 public int unject(DLLInformation d)
 {
     try
     {
         if (!d.IsInjected)
         {
             return(-2);
         }
         IntPtr hProcess = OpenProcess((int)(0x000F0000L | 0x00100000L | 0xFFF), false, d.ProcID);
         if (hProcess == null || hProcess.ToInt32() == -1)
         {
             return(1);
         }
         uint   x       = 0;
         IntPtr loc     = new IntPtr(GetProcAddress(GetModuleHandle("KERNEL32.dll"), "FreeLibrary").ToUInt32());
         IntPtr hThread = CreateRemoteThread(hProcess, new IntPtr(0), 0, loc, new IntPtr(d.DllHandle), 0, out x);
         if (hThread == null || hThread.ToInt32() == -1)
         {
             return(2);
         }
         WaitForSingleObject(hThread, uint.MaxValue);
         uint exitCode;
         if (!GetExitCodeThread(hThread, out exitCode))
         {
             return(3);
         }
         CloseHandle(hThread);
         CloseHandle(hProcess);
         d.IsInjected = false;
         return(0);
     }
     catch
     {
         return(-1);
     }
 }
Example #8
0
 public int unject(DLLInformation d)
 {
     try
     {
         if (!d.IsInjected)
         {
             return -2;
         }
         IntPtr hProcess = OpenProcess((int)(0x000F0000L | 0x00100000L | 0xFFF), false, d.ProcID);
         if (hProcess == null || hProcess.ToInt32() == -1)
         {
             return 1;
         }
         uint x = 0;
         IntPtr loc = new IntPtr(GetProcAddress(GetModuleHandle("KERNEL32.dll"), "FreeLibrary").ToUInt32());
         IntPtr hThread = CreateRemoteThread(hProcess, new IntPtr(0), 0, loc, new IntPtr(d.DllHandle), 0, out x);
         if (hThread == null || hThread.ToInt32() == -1)
         {
             return 2;
         }
         WaitForSingleObject(hThread, uint.MaxValue);
         uint exitCode;
         if (!GetExitCodeThread(hThread, out exitCode))
         {
             return 3;
         }
         CloseHandle(hThread);
         CloseHandle(hProcess);
         d.IsInjected = false;
         return 0;
     }
     catch
     {
         return -1;
     }
 }
Example #9
0
 private int commonInject(IntPtr hProcess, string dllPath, ref DLLInformation d)
 {
     try
     {
         if (d == null)
             d = new DLLInformation();
         d.DllPath = dllPath;
         if (hProcess == null || hProcess.ToInt32() == -1)
         {
             return 1;
         }
         IntPtr memory = VirtualAllocEx(hProcess, new IntPtr(0), (uint)dllPath.Length, AllocationType.Commit, MemoryProtection.ReadWrite);
         if (memory == null || memory.ToInt32() == 0)
         {
             return 2;
         }
         UIntPtr p;
         byte[] data = Encoding.ASCII.GetBytes(dllPath);
         if (!WriteProcessMemory(hProcess, memory, data, (uint)dllPath.Length, out p))
         {
             return 3;
         }
         uint x = 0;
         IntPtr loc = new IntPtr(GetProcAddress(GetModuleHandle("KERNEL32.DLL"), "LoadLibraryA").ToUInt32());
         IntPtr hThread = CreateRemoteThread(hProcess, new IntPtr(0), 0, loc, memory, 0, out x);
         if (hThread == null || hThread.ToInt32() == -1)
         {
             return 4;
         }
         WaitForSingleObject(hThread, uint.MaxValue);
         uint exitCode;
         if (!GetExitCodeThread(hThread, out exitCode))
         {
             return 5;
         }
         d.DllHandle = exitCode;
         CloseHandle(hThread);
         VirtualFreeEx(hProcess, memory, dllPath.Length + 1, FreeType.Release);
         d.IsInjected = true;
         return 0;
     }
     catch
     {
         return -1;
     }
 }