/// <summary>
/// Executes a function that was exported by the injected module
/// </summary>
/// <param name="functionName">Name of the function that shall be executed</param>
/// <param name="parameters">Address of parameters that are passed to the functions</param>
/// <returns></returns>
public virtual int ExecuteRemoteFunction(string functionName, IntPtr parameters)
{
if (this.ExportedFunctions == null)
{
this.ReadExportedFunctions();
}
if (ExportedFunctions.Count(x => x.Item1 == functionName) == 0)
{
throw new Exception(string.Format("Unknown function \"{0}\"", functionName));
}
RemoteThreadResult result = ExecuteRemoteThread((IntPtr)(hModule.ToInt64() + ExportedFunctions.First(x => x.Item1 == functionName).Item2), parameters);
return((int)result.ReturnValue);
}
/// <summary>
/// Unloads the library from RAM
/// -> Subclasses may need to override this method in case they cloak the module
/// </summary>
/// <returns></returns>
public virtual bool UnloadLibrary()
{
IntPtr lpFreeLibrary = WinAPI.GetProcAddress(WinAPI.GetModuleHandle("Kernel32"), "FreeLibrary");
RemoteThreadResult result = ExecuteRemoteThread(lpFreeLibrary, hModule);
if (!result.Success)
{
return(false);
}
else
{
return(result.ReturnValue == 1);
}
}
