private static void Main(string[] args) { Process notepadpp = Process.GetProcessesByName("notepad++").FirstOrDefault(); if (notepadpp == null) { // The process we are injecting into. notepadpp = Process.Start("notepad++"); notepadpp.WaitForInputIdle(); } GameSharpProcess gameSharp = new GameSharpProcess(notepadpp); if (gameSharp == null) { throw new Exception("Process not found."); } string pathToDll = Path.Combine(Environment.CurrentDirectory, "GameSharp.Notepadpp.dll"); // My remote thread injector, you can replace this with any injector. IInjection injector = new RemoteThreadInjection(gameSharp); injector.InjectAndExecute(new Injectable(pathToDll, "Main"), attach: true, launchConsole: true); }
protected override Delegate ToCallDelegate() { GameSharpProcess process = GameSharpProcess.Instance; IMemoryModule kernel32 = process.Modules["kernel32.dll"]; IMemoryAddress IsDebuggerPresentPtr = kernel32.GetProcAddress("IsDebuggerPresent"); return(IsDebuggerPresentPtr.ToDelegate <IsDebuggerPresentDelegate>()); }
protected override Delegate InitializeDelegate() { GameSharpProcess process = GameSharpProcess.Instance; ModulePointer ntdll = process.Modules["ntdll.dll"]; IMemoryPointer ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess"); return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>()); }
public static void SafeAttach(GameSharpProcess process) { DebugHelper debugHelper = new DebugHelper(process); debugHelper.ValidateDbgBreakPoint(); debugHelper.AttachManagedDebugger(); debugHelper.HideDebugger(); debugHelper.DisposeOfPatches(); }
protected override Delegate ToCallDelegate() { GameSharpProcess process = GameSharpProcess.Instance; IMemoryModule user32dll = process.Modules["user32.dll"]; IMemoryAddress messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW"); return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>()); }
public override Delegate GetHookDelegate() { GameSharpProcess process = GameSharpProcess.Instance; ModulePointer user32dll = process.Modules["user32.dll"]; IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW"); return(messageBoxWPtr.ToDelegate <HookMessageBoxWDelegate>()); }
protected override Delegate ToCallDelegate() { GameSharpProcess process = GameSharpProcess.Instance; IMemoryModule ntdll = process.Modules["ntdll.dll"]; IMemoryAddress ntQueryInformationProcessPtr = ntdll.GetProcAddress("NtQueryInformationProcess"); return(ntQueryInformationProcessPtr.ToDelegate <NtQueryInformationProcessDelegate>()); }
protected override Delegate InitializeDelegate() { GameSharpProcess process = GameSharpProcess.Instance; ModulePointer user32dll = process.Modules["user32.dll"]; IMemoryPointer messageBoxWPtr = user32dll.GetProcAddress("MessageBoxW"); return(messageBoxWPtr.ToDelegate <MessageBoxWDelegate>()); }
private static void Main(string[] args) { // The process we are injecting into. GameSharpProcess process = new GameSharpProcess(Process.GetProcessesByName("notepad++").FirstOrDefault()); if (process == null) { throw new Exception("Process not found."); } // A simple RemoteThreadInjector. IInjection injector = new RemoteThreadInjection(process); // Inject the DLL and executes the entrypoint. string pathToDll = Path.Combine(Environment.CurrentDirectory, "GameSharp.Notepadpp.dll"); injector.InjectAndExecute(new Injectable(pathToDll, "Main"), attach: false); }
/// <summary> /// Wrapper for the NtQueryInformationProcess delegate, this will make the code more readable. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="process"></param> /// <param name="pic"></param> /// <returns></returns> public static T NtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct { T returnResult = default; uint ntResult = NtQueryInformationProcessWrapper.Call(process.NativeHandle, pic, out IMemoryPointer returnPtr, Marshal.SizeOf <T>(), out IMemoryPointer _); // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55 if (ntResult == 0) { returnResult = returnPtr.Read <T>(); } //else //{ // LoggingService.Error( // $"Flag: {pic.ToString()}" + // $", Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}" + // $", Return value of NtQueryInformationProcess function is 0x{ntResult.ToString("X")}"); //} return(returnResult); }
/// <summary> /// Wrapper for the defautl WinApi NtQueryInformationProcess, makes the code more readable. /// </summary> /// <typeparam name="T"></typeparam> /// <param name="process"></param> /// <param name="pic"></param> /// <returns></returns> public static T WinApiNtQueryInformationProcess <T>(GameSharpProcess process, ProcessInformationClass pic) where T : struct { T returnResult = default; IMemoryPointer ntResult = process.AllocateManagedMemory(Marshal.SizeOf <T>()); uint result = Ntdll.NtQueryInformationProcess(process.NativeHandle, pic, ntResult.Address, Marshal.SizeOf <T>(), out int _); if (result == 0) { returnResult = ntResult.Read <T>(); } else { LoggingService.Error( $"Couldn't query NtQueryInformationProcess, Error code: {Marshal.GetLastWin32Error().ToString("X")}, " + $"Return value of NtQueryInformationProcess function is 0x{result.ToString("X")}."); } return(returnResult); }
public InjectionBase(GameSharpProcess process) { Process = process ?? throw new NullReferenceException(); }
public MemoryAddress(GameSharpProcess process, IntPtr address) { Address = address; Process = process as IProcess; }
public ThreadHijackInjection(GameSharpProcess process) : base(process) { }
public MemoryModule(GameSharpProcess process, ProcessModule processModule) : base(processModule) { GameSharpProcess = process; MemoryAddress = new MemoryAddress(GameSharpProcess, processModule.BaseAddress); }
public ExternalModulePointer(GameSharpProcess process, ProcessModule processModule) : base(processModule) { GameSharpProcess = process; MemoryPointer = new ExternalMemoryPointer(GameSharpProcess, processModule.BaseAddress); }
private DebugHelper(GameSharpProcess process) { Process = process; }
public RemoteThreadInjection(GameSharpProcess process) : base(process) { }
public ExternalMemoryPointer(GameSharpProcess process, IntPtr address) { Address = address; GameSharpProcess = process as IProcess; }