/// <summary> /// Inject .NET Assembly into Remote Process using Process Name as Parameter. One Single Process Name can result in Several Process with Same Name, but, different PIDs /// </summary> /// <param name="targetProcessName">The process Name of the process to inject. EX: notepad++</param> /// <returns></returns> public List <InjectorResult> InjectWithProcessName(String targetProcessName) { // Return Object List <InjectorResult> hResult = new List <InjectorResult>(); // Get Possible Process Process[] targetProcessList = Process.GetProcessesByName(targetProcessName); // Check if Process Exists if (targetProcessList == null || targetProcessList.Length == 0) { hResult.Add( new InjectorResult() { TargetProcessName = targetProcessName, Status = InjectorResultStatus.TARGET_PROCESS_NOT_FOUND } ); } else { foreach (Process process in targetProcessList) { InjectorResult result = this.DoInject(process.Id); hResult.Add(result); if (result.Status == InjectorResultStatus.OK) { break; } } } return(hResult); }
/// <summary> /// Execute using Process Id List /// </summary> /// <param name="hResult"></param> /// <returns></returns> private List <InjectorResult> ExecuteForProcessIds() { List <InjectorResult> hResult = new List <InjectorResult>(); foreach (Int32 processId in this.configuration.TargetProcessIds) { InjectorResult result = this.DoInject(processId); hResult.Add(result); if (result.Status == InjectorResultStatus.OK) { break; } } return(hResult); }
/// <summary> /// Try to Inject on Every Running Process /// </summary> /// <returns></returns> private List <InjectorResult> RunForBruteForce() { List <InjectorResult> hResult = new List <InjectorResult>(); foreach (Process process in Process.GetProcesses()) { InjectorResult result = this.DoInject(process.Id); hResult.Add(result); if (result.Status == InjectorResultStatus.OK) { //break; } } return(hResult); }
/// <summary> /// Inject .NET Assembly into Remote Process /// </summary> /// <returns></returns> private InjectorResult DoInject(Int32 targetProcessId) { // Create Result Object InjectorResult hResult = new InjectorResult() { TargetProcessId = targetProcessId }; try { // Copy DNCIClrLoader.dll into Temporary Folder with Random Name String dnciLoaderLibraryPath = WriteLoaderToDisk(); // Open and get handle of the process - with required privileges IntPtr targetProcessHandle = NativeExecution.OpenProcess( NativeConstants.PROCESS_ALL_ACCESS, false, targetProcessId ); // Check Process Handle if (targetProcessHandle == null || targetProcessHandle == IntPtr.Zero) { hResult.Status = InjectorResultStatus.UNABLE_TO_GET_PROCESS_HANDLE; return(hResult); } // Get Process Name hResult.TargetProcessName = Process.GetProcessById(targetProcessId).ProcessName; // Find the LoadDNA Function Point into Remote Process Memory IntPtr dnciModuleHandle = DNCIClrLoader(targetProcessHandle, dnciLoaderLibraryPath, Path.GetFileName(dnciLoaderLibraryPath)); // Check Injector Handle if (dnciModuleHandle == null || dnciModuleHandle == IntPtr.Zero) { hResult.Status = InjectorResultStatus.UNABLE_TO_FIND_INJECTOR_HANDLE; return(hResult); } // Inject Managed Assembly LoadManagedAssemblyOnRemoteProcess(targetProcessHandle, dnciModuleHandle, this.configuration.MethodName, this.configuration.AssemblyFileLocation, this.configuration.TypeName, this.configuration.ArgumentString, dnciLoaderLibraryPath); // Erase Modules from Target Process EraseRemoteModules(targetProcessHandle, dnciModuleHandle); // Close Remote Process Handle NativeExecution.CloseHandle(targetProcessHandle); // Remove Temporary File try { File.Delete(dnciLoaderLibraryPath); } catch { } hResult.Status = InjectorResultStatus.OK; } catch { hResult.Status = InjectorResultStatus.MASTER_ERROR; } return(hResult); }