Exemple #1
0
        /// <summary>
        /// Inject .NET Assembly into Remote Process using Process Name as Parameter. One Single Process Name can result in Several Process with Same Name, but, different PIDs
        /// </summary>
        /// <param name="targetProcessName">The process Name of the process to inject. EX: notepad++</param>
        /// <returns></returns>
        public List <InjectorResult> InjectWithProcessName(String targetProcessName)
        {
            // Return Object
            List <InjectorResult> hResult = new List <InjectorResult>();

            // Get Possible Process
            Process[] targetProcessList = Process.GetProcessesByName(targetProcessName);

            // Check if Process Exists
            if (targetProcessList == null || targetProcessList.Length == 0)
            {
                hResult.Add(
                    new InjectorResult()
                {
                    TargetProcessName = targetProcessName,
                    Status            = InjectorResultStatus.TARGET_PROCESS_NOT_FOUND
                }
                    );
            }
            else
            {
                foreach (Process process in targetProcessList)
                {
                    InjectorResult result = this.DoInject(process.Id);
                    hResult.Add(result);

                    if (result.Status == InjectorResultStatus.OK)
                    {
                        break;
                    }
                }
            }

            return(hResult);
        }
Exemple #2
0
        /// <summary>
        /// Execute using Process Id List
        /// </summary>
        /// <param name="hResult"></param>
        /// <returns></returns>
        private List <InjectorResult> ExecuteForProcessIds()
        {
            List <InjectorResult> hResult = new List <InjectorResult>();

            foreach (Int32 processId in this.configuration.TargetProcessIds)
            {
                InjectorResult result = this.DoInject(processId);
                hResult.Add(result);

                if (result.Status == InjectorResultStatus.OK)
                {
                    break;
                }
            }

            return(hResult);
        }
Exemple #3
0
        /// <summary>
        /// Try to Inject on Every Running Process
        /// </summary>
        /// <returns></returns>
        private List <InjectorResult> RunForBruteForce()
        {
            List <InjectorResult> hResult = new List <InjectorResult>();

            foreach (Process process in Process.GetProcesses())
            {
                InjectorResult result = this.DoInject(process.Id);
                hResult.Add(result);

                if (result.Status == InjectorResultStatus.OK)
                {
                    //break;
                }
            }

            return(hResult);
        }
Exemple #4
0
        /// <summary>
        /// Inject .NET Assembly into Remote Process
        /// </summary>
        /// <returns></returns>
        private InjectorResult DoInject(Int32 targetProcessId)
        {
            // Create Result Object
            InjectorResult hResult = new InjectorResult()
            {
                TargetProcessId = targetProcessId
            };

            try
            {
                // Copy DNCIClrLoader.dll into Temporary Folder with Random Name
                String dnciLoaderLibraryPath = WriteLoaderToDisk();

                // Open and get handle of the process - with required privileges
                IntPtr targetProcessHandle = NativeExecution.OpenProcess(
                    NativeConstants.PROCESS_ALL_ACCESS,
                    false,
                    targetProcessId
                    );

                // Check Process Handle
                if (targetProcessHandle == null || targetProcessHandle == IntPtr.Zero)
                {
                    hResult.Status = InjectorResultStatus.UNABLE_TO_GET_PROCESS_HANDLE;
                    return(hResult);
                }

                // Get Process Name
                hResult.TargetProcessName = Process.GetProcessById(targetProcessId).ProcessName;


                // Find the LoadDNA Function Point into Remote Process Memory
                IntPtr dnciModuleHandle = DNCIClrLoader(targetProcessHandle, dnciLoaderLibraryPath, Path.GetFileName(dnciLoaderLibraryPath));

                // Check Injector Handle
                if (dnciModuleHandle == null || dnciModuleHandle == IntPtr.Zero)
                {
                    hResult.Status = InjectorResultStatus.UNABLE_TO_FIND_INJECTOR_HANDLE;
                    return(hResult);
                }

                // Inject Managed Assembly
                LoadManagedAssemblyOnRemoteProcess(targetProcessHandle, dnciModuleHandle, this.configuration.MethodName, this.configuration.AssemblyFileLocation, this.configuration.TypeName, this.configuration.ArgumentString, dnciLoaderLibraryPath);

                // Erase Modules from Target Process
                EraseRemoteModules(targetProcessHandle, dnciModuleHandle);

                // Close Remote Process Handle
                NativeExecution.CloseHandle(targetProcessHandle);

                // Remove Temporary File
                try
                {
                    File.Delete(dnciLoaderLibraryPath);
                }
                catch { }

                hResult.Status = InjectorResultStatus.OK;
            }
            catch
            {
                hResult.Status = InjectorResultStatus.MASTER_ERROR;
            }
            return(hResult);
        }