public void UnloadAndCloseAssembly(InjectionConfig config, string method)
{
if (!string.IsNullOrEmpty(method))
{
IntPtr image, klass, imethod;
if ((image = GetImageFromAssembly(config.AssemblyPointer)) == IntPtr.Zero)
{
OnError("GetImageFromAssembly returned 0");
}
else
{
if ((klass = GetClassFromName(image, config.Namespace, config.Class)) == IntPtr.Zero)
{
OnError("GetClassFromName returned 0");
}
else
{
if ((imethod = GetMethodFromName(klass, method)) == IntPtr.Zero)
{
OnError("GetMethodFromName returned 0");
}
else
{
if (RuntimeInvoke(imethod) != 0)
{
OnError($"Execution of {method} failed");
}
}
}
}
}
CloseAssembly(config);
}
private void btnEject_Click(object sender, EventArgs e)
{
InjectionConfig config = (InjectionConfig)lstInjected.SelectedItem;
if (config != null)
{
string unloadMethod = txtUnload.Text;
Injector.Instance.UnloadAndCloseAssembly(
config, unloadMethod != "Unload method name" ? unloadMethod : null);
lstInjected.Items.Remove(config);
}
}
private void OnError(string msg, InjectionConfig cfg = null)
{
/* If an injection attempt fails after the assembly was loaded,
* it needs to be closed. Otherwise the next injection will cause
* a crash since the assembly is already loaded */
if (cfg != null && cfg.AssemblyPointer != IntPtr.Zero)
{
CloseAssembly(cfg);
}
Error?.Invoke(msg);
}
private void CloseAssembly(InjectionConfig config)
{
IntPtr addr = target.ModuleFactory["mono.dll"]["mono_assembly_close"].BaseAddress;
if (addr != IntPtr.Zero)
{
factory.Execute(addr, CallingConventions.Cdecl, config.AssemblyPointer);
SuccessfulEjection?.Invoke(config);
return;
}
OnError("Could not find mono_assembly_close");
}
private void OnSuccessfulEjection(InjectionConfig config)
{
lstInjected.Items.Remove(config);
}
private void OnSuccessfulInjection(InjectionConfig config)
{
lstInjected.Items.Add(config);
}
public void Inject(InjectionConfig config)
{
Setup(config.Process);
threadAttach = target.ModuleFactory["mono.dll"]["mono_thread_attach"].BaseAddress;
if (threadAttach == IntPtr.Zero)
{
OnError("Could not find mono_thread_attach");
return;
}
IntPtr rawImage, image, iklass, imethod;
if ((rootDomain = GetRootDomain()) == IntPtr.Zero)
{
OnError("GetRootDomain returned 0");
return;
}
if ((rawImage = OpenImageFromData(config.Assembly)) == IntPtr.Zero)
{
OnError("OpenImageFromData returned 0");
return;
}
/* From this point on, the threads created by AssemblyFactory.Execute
* will have to be registered with the Mono runtime since we
* are accessing Mono objects. Otherwise the target process crashes. */
attach = true;
if ((config.AssemblyPointer = OpenAssemblyFromImage(rawImage)) == IntPtr.Zero)
{
OnError("OpenAssemblyFromImage returned 0", config);
return;
}
if ((image = GetImageFromAssembly(config.AssemblyPointer)) == IntPtr.Zero)
{
OnError("GetImageFromAssembly returned 0", config);
return;
}
if ((iklass = GetClassFromName(image, config.Namespace, config.Class)) == IntPtr.Zero)
{
OnError("GetClassFromName returned 0", config);
return;
}
if ((imethod = GetMethodFromName(iklass, config.Method)) == IntPtr.Zero)
{
OnError("GetMethodFromName returned 0", config);
return;
}
if (RuntimeInvoke(imethod) == 0)
{
SuccessfulInjection?.Invoke(config);
}
else
{
OnError($"Execution of {config.Method} failed", config);
}
}
