private static void Load(Process process, string dllPath) { var loadLibraryFn = NativeExtensions.GetModuleFunction("kernel32.dll", "LoadLibraryA"); var rawLoaderPath = Encoding.Default.GetBytes(dllPath); var allocatedLoaderPath = process.AllocateAndWrite(rawLoaderPath, Native.AllocationType.Commit | Native.AllocationType.Reserve, Native.MemoryProtection.ReadWrite); var loadLibraryHandle = Native.CreateRemoteThread(process.Handle, 0, 0, loadLibraryFn, allocatedLoaderPath, 0, out ulong _); NativeExtensions.WaitForThread(loadLibraryHandle); }
private static void Call(Process process, string moduleName, string functionName, string args) { var modules = process.Modules.OfType <ProcessModule>(); var module = modules.FirstOrDefault(m => m.ModuleName == moduleName); if (module == null) { throw new ApplicationException($"Unable to find module with name "); } var moduleFileName = module.FileName; var moduleHandle = process.GetModuleByName(moduleName); var localModuleHandle = Native.LoadLibrary(moduleFileName); var localFn = NativeExtensions.GetModuleFunction(moduleName, functionName); if (localFn == 0) { throw new ApplicationException($"Unable to fine function in module '{moduleName}' with name '{functionName}'"); } var fnOffset = localFn - localModuleHandle; var rawArgs = Encoding.Unicode.GetBytes(args); var allocatedArgs = process.AllocateAndWrite(rawArgs, Native.AllocationType.Commit | Native.AllocationType.Reserve, Native.MemoryProtection.ReadWrite); var fn = moduleHandle + fnOffset; var fnHandle = Native.CreateRemoteThread(process.Handle, 0, 0, fn, allocatedArgs, 0, out ulong _); NativeExtensions.WaitForThread(fnHandle); }