/// <summary>
/// Inject and load the CoreHook hooking module <paramref name="injectionLibrary"/>
/// in the existing created process referenced by <paramref name="processId"/>.
/// </summary>
/// <param name="processId">The target process ID to inject and load plugin into.</param>
/// <param name="injectionLibrary">The path of the plugin that is loaded into the target process.</param>
/// <param name="injectionPipeName">The pipe name which receives messages during the plugin initialization stage.</param>
private static void InjectDllIntoTarget(
int processId,
string injectionLibrary,
string injectionPipeName = InjectionPipeName)
{
ValidateFilePath(injectionLibrary);
if (Examples.Common.ModulesPathHelper.GetCoreLoadPaths(
ProcessHelper.GetProcessById(processId).Is64Bit(),
out NativeModulesConfiguration nativeConfig) &&
Examples.Common.ModulesPathHelper.GetCoreLoadModulePath(
out string coreLoadLibrary))
{
RemoteInjector.Inject(
processId,
new RemoteInjectorConfiguration(nativeConfig)
{
InjectionPipeName = injectionPipeName,
ClrBootstrapLibrary = coreLoadLibrary,
PayloadLibrary = injectionLibrary,
VerboseLog = HostVerboseLog
},
PipePlatform,
CoreHookPipeName);
}
}
/// <summary>
/// Start the application at <paramref name="exePath"/>
/// and then inject and load the CoreHook hooking module <paramref name="injectionLibrary"/>
/// in the newly created process.
/// </summary>
/// <param name="exePath">The path to the application to be launched.</param>
/// <param name="injectionLibrary">The path of the plugin to be loaded in the target process.</param>
/// <param name="injectionPipeName">The pipe name which receives messages during the plugin initialization stage.</param>
private static void CreateAndInjectDll(
string exePath,
string injectionLibrary,
string injectionPipeName = InjectionPipeName)
{
ValidateFilePath(injectionLibrary);
if (Examples.Common.ModulesPathHelper.GetCoreLoadPaths(
false, out NativeModulesConfiguration config32) &&
Examples.Common.ModulesPathHelper.GetCoreLoadPaths(
true, out NativeModulesConfiguration config64) &&
Examples.Common.ModulesPathHelper.GetCoreLoadModulePath(
out string coreLoadLibrary))
{
RemoteInjector.CreateAndInject(
new ProcessCreationConfiguration
{
ExecutablePath = exePath,
CommandLine = null,
ProcessCreationFlags = 0x00
},
config32,
config64,
new RemoteInjectorConfiguration
{
ClrBootstrapLibrary = coreLoadLibrary,
InjectionPipeName = injectionPipeName,
PayloadLibrary = injectionLibrary,
VerboseLog = HostVerboseLog
},
PipePlatform,
out _,
CoreHookPipeName);
}
}
internal static void InjectDllIntoTarget(
Process target,
string injectionLibrary,
string injectionPipeName,
params object[] remoteArguments
)
{
if (Examples.Common.ModulesPathHelper.GetCoreLoadPaths(
target.Is64Bit(), out NativeModulesConfiguration nativeConfig) &&
Examples.Common.ModulesPathHelper.GetCoreLoadModulePath(
out string coreLoadLibrary))
{
RemoteInjector.Inject(
target.Id,
new RemoteInjectorConfiguration(nativeConfig)
{
InjectionPipeName = injectionPipeName,
ClrBootstrapLibrary = coreLoadLibrary,
PayloadLibrary = injectionLibrary,
VerboseLog = false
},
new PipePlatformBase(),
remoteArguments);
}
}
/// <summary>
/// Inject and load the CoreHook hooking module <paramref name="injectionLibrary"/>
/// in the existing created process referenced by <paramref name="processId"/>.
/// </summary>
/// <param name="processId">The target process ID to inject and load plugin into.</param>
/// <param name="injectionLibrary">The path of the plugin that is loaded into the target process.</param>
/// <param name="injectionPipeName">The pipe name which receives messages during the plugin initialization stage.</param>
private static void InjectDllIntoTarget(
int processId,
string injectionLibrary,
string injectionPipeName = InjectionPipeName)
{
if (Examples.Common.ModulesPathHelper.GetCoreLoadPaths(
ProcessHelper.GetProcessById(processId).Is64Bit(),
out NativeModulesConfiguration nativeConfig) &&
Examples.Common.ModulesPathHelper.GetCoreLoadModulePath(
out string coreLoadLibrary))
{
// Make sure the native dll modules can be accessed by the UWP application
GrantAllAppPackagesAccessToFile(nativeConfig.HostLibrary);
GrantAllAppPackagesAccessToFile(nativeConfig.DetourLibrary);
RemoteInjector.Inject(
processId,
new RemoteInjectorConfiguration(nativeConfig)
{
InjectionPipeName = injectionPipeName,
ClrBootstrapLibrary = coreLoadLibrary,
PayloadLibrary = injectionLibrary,
VerboseLog = HostVerboseLog
},
PipePlatform,
CoreHookPipeName);
}
}
public static void Main(string[] args)
{
int targetPid;
string targetExe;
ConsoleAsker.GetTargetExeOrPid(args, out targetExe, out targetPid);
try
{
var dllToInject = "CreateFileHookLib.dll";
var notifyClient = new NotifyClient();
var formattableString = RemoteInjector.InjectDll(dllToInject, targetExe, ref targetPid, out _channelName, notifyClient);
if (!string.IsNullOrEmpty(formattableString))
{
Console.WriteLine(formattableString);
}
Console.WriteLine("<Press any key to exit>");
Console.ReadKey();
}
catch (Exception extInfo)
{
Console.WriteLine("There was an error while connecting to target:\r\n{0}", extInfo);
Console.WriteLine("<Press any key to exit>");
Console.ReadKey();
}
}
public static void CreateProcessWHooker_ProcessCreated(object sender, HookedEventArgs e)
{
var processId = Convert.ToInt32(e.Entries["DwProcessId"]);
Console.WriteLine($"Process ID (PID): {processId}");
Console.WriteLine($"Process Handle: {e.Entries["HProcess"]}");
Console.WriteLine("Process Thread : " + e.Entries["HThread"]);
IntPtr threadHandle = (IntPtr)e.Entries["HThread"];
var dllToInject = _dllWithHook;
var notifyClient = new NotifyClient();
string channelName;
var formattableString =
RemoteInjector.InjectDll(dllToInject, "", ref processId, out channelName, notifyClient);
if (!string.IsNullOrEmpty(formattableString))
{
Console.WriteLine(formattableString);
}
}
