C# (CSharp) Dargon.Processes.Injection SafeRemoteThreadHandleの例

コード例 #1

        private static bool TryStartRemoteDllThreadHelper(SafeProcessHandle hRemoteProcess, SafeRemoteBufferHandle hRemoteDllPathBuffer, out SafeRemoteThreadHandle hRemoteThreadOut)
        {
            var hProcessUnsafe = hRemoteProcess.DangerousGetHandle();
            var pRemoteDllPath = hRemoteDllPathBuffer.DangerousGetHandle();

            try {
                uint remoteThreadId;
                var  hRemoteThread = WinAPI.CreateRemoteThread(
                    hProcessUnsafe,
                    IntPtr.Zero,
                    0,
                    pLoadLibraryA,
                    pRemoteDllPath,
                    0,
                    out remoteThreadId
                    );
                if (hRemoteThread == IntPtr.Zero)
                {
                    logger.Warn($"CreateRemoteThread failed with errno {Marshal.GetLastWin32Error()}.");
                    hRemoteThreadOut = null;
                }
                else
                {
                    hRemoteThreadOut = new SafeRemoteThreadHandle(hRemoteThread);
                }
            } catch (Win32Exception e) {
                var errno = Marshal.GetLastWin32Error();
                logger.Warn("Win32Exception thrown when creating remote thread. Errno: " + errno + ".", e);
                hRemoteThreadOut = null;
            }

            return(hRemoteThreadOut != null);
        }

コード例 #2

ファイル: SafeRemoteThreadHandle.cs プロジェクト: ItzWarty/the-dargon-project

        private static bool TryStartRemoteDllThreadHelper(SafeProcessHandle hRemoteProcess, SafeRemoteBufferHandle hRemoteDllPathBuffer, out SafeRemoteThreadHandle hRemoteThreadOut)
        {
            var hProcessUnsafe = hRemoteProcess.DangerousGetHandle();
             var pRemoteDllPath = hRemoteDllPathBuffer.DangerousGetHandle();

             try {
            uint remoteThreadId;
            var hRemoteThread = WinAPI.CreateRemoteThread(
               hProcessUnsafe,
               IntPtr.Zero,
               0,
               pLoadLibraryA,
               pRemoteDllPath,
               0,
               out remoteThreadId
            );
            if (hRemoteThread == IntPtr.Zero) {
               logger.Warn($"CreateRemoteThread failed with errno {Marshal.GetLastWin32Error()}.");
               hRemoteThreadOut = null;
            } else {
               hRemoteThreadOut = new SafeRemoteThreadHandle(hRemoteThread);
            }
             } catch (Win32Exception e) {
            var errno = Marshal.GetLastWin32Error();
            logger.Warn("Win32Exception thrown when creating remote thread. Errno: " + errno + ".", e);
            hRemoteThreadOut = null;
             }

             return hRemoteThreadOut != null;
        }

コード例 #3

ファイル: ProcessInjectorImpl.cs プロジェクト: iboshkov/the-dargon-project

        public ProcessInjectionResult InjectToProcessOrThrow(int targetProcessId, string dllPath)
        {
            // Normalize dll path so it is properly loaded in target process
            dllPath = Path.GetFullPath(dllPath);

            logger.Info("Injecting into processId " + targetProcessId + " dll " + dllPath);
            using (var hProcess = SafeProcessHandle.OpenOrThrow(targetProcessId))
                using (var hDllPathBuffer = SafeRemoteBufferHandle.AllocateOrThrow(hProcess, dllPath))
                    using (var hRemoteThread = SafeRemoteThreadHandle.StartRemoteDllThreadOrThrow(hProcess, hDllPathBuffer, 10)) {
                        logger.Info("Our dll is running in a remote thread.");
                        if (hRemoteThread.TryWaitForTermination(kDllCompletionTimeoutMilliseconds))
                        {
                            return(ProcessInjectionResult.Success);
                        }
                        else
                        {
                            return(ProcessInjectionResult.DllFailed);
                        }
                    }
        }