private void InitialiseDetour(MethodInfo originalFunctionInfo, MethodInfo targetFunctionInfo) { // Ensure the operating system is valid ValidateOperatingSystem.Validate(); // Ensure the functions are JIT compiled RuntimeHelpers.PrepareMethod(originalFunctionInfo.MethodHandle); RuntimeHelpers.PrepareMethod(targetFunctionInfo.MethodHandle); // Get a pointer to the original function _originalFunctionAddress = originalFunctionInfo.MethodHandle.GetFunctionPointer(); // Get a pointer to the target function var targetFunctionAddress = targetFunctionInfo.MethodHandle.GetFunctionPointer(); // Create shellcode to perform a function detour var shellcode = Environment.Is64BitProcess ? Shellcode.JumpToFunctionX64(targetFunctionAddress) : Shellcode.JumpToFunctionX86(targetFunctionAddress); // Save the bytes of the original function _originalBytes = new byte[shellcode.Length]; Marshal.Copy(_originalFunctionAddress, _originalBytes, 0, shellcode.Length); // Save the bytes used to detour the original function to the target function _detourBytes = shellcode; }
internal MethodWrapper(int processId, byte[] dllBytes) { // Ensure the operating system is valid ValidateOperatingSystem.Validate(); // Ensure the arguments passed in are valid if (processId <= 0 || dllBytes is null || dllBytes.Length == 0) { throw new ArgumentException("One or more of the arguments provided was invalid"); } // Convert the dll bytes to a temporary file on disk var temporaryDllPath = Path.Combine(Path.GetTempPath(), "Bleak.dll"); if (File.Exists(temporaryDllPath)) { File.Delete(temporaryDllPath); File.WriteAllBytes(temporaryDllPath, dllBytes); } else { File.WriteAllBytes(temporaryDllPath, dllBytes); } // Get an instance of the remote process Process process; try { process = Process.GetProcessById(processId); } catch (ArgumentException) { // The process isn't currently running throw new ArgumentException($"No process with id {processId} is currently running"); } // Ensure the process architecture matches the dll architecture ValidateArchitecture.Validate(process, temporaryDllPath); // Store the values _process = process; _dllPath = temporaryDllPath; }
internal ExtensionWrapper(string processName, byte[] dllBytes) { // Ensure the operating system is valid ValidateOperatingSystem.Validate(); // Ensure the arguments passed in are valid if (string.IsNullOrWhiteSpace(processName) || dllBytes is null || dllBytes.Length == 0) { throw new ArgumentException("One or more of the arguments provided was invalid"); } // Convert the dll bytes to a temporary file on disk var temporaryDllPath = Path.Combine(Path.GetTempPath(), "Bleak.dll"); if (File.Exists(temporaryDllPath)) { File.Delete(temporaryDllPath); File.WriteAllBytes(temporaryDllPath, dllBytes); } else { File.WriteAllBytes(temporaryDllPath, dllBytes); } // Get an instance of the remote process Process process; try { process = Process.GetProcessesByName(processName)[0]; } catch (IndexOutOfRangeException) { // The remote process isn't currently running throw new ArgumentException($"No process with name {processName} is currently running"); } // Ensure the remote process architecture matches the dll architecture ValidateArchitecture.Validate(process, temporaryDllPath); // Store the values _process = process; _dllPath = temporaryDllPath; }
internal MethodWrapper(int processId, string dllPath) { // Ensure the operating system is valid ValidateOperatingSystem.Validate(); // Ensure the arguments passed in are valid if (processId <= 0 || string.IsNullOrWhiteSpace(dllPath)) { throw new ArgumentException("One or more of the arguments provided was invalid"); } // Ensure the dll exists if (!File.Exists(dllPath)) { throw new FileNotFoundException("No file exists at the provided location"); } // Get an instance of the process Process process; try { process = Process.GetProcessById(processId); } catch (ArgumentException) { // The process isn't currently running throw new ArgumentException($"No process with id {processId} is currently running"); } // Ensure the process architecture matches the dll architecture ValidateArchitecture.Validate(process, dllPath); // Store the values _process = process; _dllPath = dllPath; }
internal ExtensionWrapper(string processName, string dllPath) { // Ensure the operating system is valid ValidateOperatingSystem.Validate(); // Ensure the arguments passed in are valid if (string.IsNullOrWhiteSpace(processName) || string.IsNullOrWhiteSpace(dllPath)) { throw new ArgumentException("One or more of the arguments provided was invalid"); } // Ensure the dll exists if (!File.Exists(dllPath)) { throw new FileNotFoundException("No file exists at the provided location"); } // Get an instance of the remote process Process process; try { process = Process.GetProcessesByName(processName)[0]; } catch (IndexOutOfRangeException) { // The remote process isn't currently running throw new ArgumentException($"No process with name {processName} is currently running"); } // Ensure the remote process architecture matches the dll architecture ValidateArchitecture.Validate(process, dllPath); // Store the values _process = process; _dllPath = dllPath; }
internal MethodWrapper(int processId, byte[] dllBytes) { // Ensure the operating system is valid ValidateOperatingSystem.Validate(); // Ensure the arguments passed in are valid if (processId <= 0 || dllBytes is null || dllBytes.Length == 0) { throw new ArgumentException("One or more of the arguments provided was invalid"); } // Ensure the temporary directory exists on disk var temporaryDllFolderPath = Path.Combine(Path.GetTempPath(), "Bleak"); var temporaryDirectoryInfo = Directory.CreateDirectory(temporaryDllFolderPath); // Clear the temporary directory if necessary foreach (var file in temporaryDirectoryInfo.GetFiles()) { try { file.Delete(); } catch (Exception) { // The file is open in a process - Ignore } } // Create a temporary dll name for the dll using a hash of its bytes var temporaryDllName = Tools.ComputeHash(dllBytes).Substring(0, 14) + ".dll"; // Convert the dll bytes to a temporary file on disk var temporaryDllPath = Path.Combine(temporaryDllFolderPath, temporaryDllName); try { File.WriteAllBytes(temporaryDllPath, dllBytes); } catch (Exception) { // The file is open in a process - Ignore } // Get an instance of the remote process Process process; try { process = Process.GetProcessById(processId); } catch (ArgumentException) { // The process isn't currently running throw new ArgumentException($"No process with id {processId} is currently running"); } // Ensure the process architecture matches the dll architecture ValidateArchitecture.Validate(process, temporaryDllPath); // Store the values _process = process; _dllPath = temporaryDllPath; }