예제 #1
0
 /// <summary>
 ///     Will execute the given static method under system privileges.
 /// </summary>
 /// <remarks>
 ///     <para>
 ///         For some tasks it is necessary to have unrestricted access to the windows API.
 ///         For example if you want to enumerate all running processes in all sessions. But
 ///         keep in mind that you only can access these information within the given static
 ///         method and only if it is called through this service.
 ///     </para>
 ///     <para>
 ///         To accomplish this task, your assembly is loaded into a system service which
 ///         executes the given static method in a remoted manner. This implies that the
 ///         return type shall be marked with <see cref="SerializableAttribute" />. All
 ///         handles or other process specific things obtained in the service, will be invalid
 ///         in your application after the call is completed! Also the service will use
 ///         a new instance of your class, so you should only rely on the given parameters
 ///         and avoid using any external variables.. Your method shall be threaded as isolated!
 ///     </para>
 ///     <para>
 ///         The next thing to mention is that all assemblies required for executing the method
 ///         shall either be in the GAC or in the directory of the related EasyHook-Library.
 ///         Otherwise the service won't be able to use your assembly!
 ///     </para>
 ///     <para>
 ///         All unhandled exceptions will be rethrown by the local <see cref="ExecuteAsService" />.
 ///     </para>
 /// </remarks>
 /// <typeparam name="TClass">A class containing the given static method.</typeparam>
 /// <param name="InMethodName">A public static method exposed by the given public class.</param>
 /// <param name="InParams">A list of serializable parameters being passed to your static method.</param>
 /// <returns>The same value your method is returning or <c>null</c> if a <c>void</c> method is called.</returns>
 /// <exception cref="AccessViolationException">
 ///     The current user is not an administrator.
 /// </exception>
 /// <include file='ExecuteAsService.xml' path='example' />
 public static Object ExecuteAsService <TClass>(
     String InMethodName,
     params Object[] InParams)
 {
     return(ServiceMgmt.ExecuteAsService <TClass>(InMethodName, InParams));
 }
예제 #2
0
        internal static void InjectEx(
            Int32 InHostPID,
            Int32 InTargetPID,
            Int32 InWakeUpTID,
            Int32 InNativeOptions,
            String InLibraryPath_x86,
            String InLibraryPath_x64,
            Boolean InCanBypassWOW64,
            Boolean InCanCreateService,
            params Object[] InPassThruArgs)
        {
            MemoryStream      PassThru   = new MemoryStream();
            ManagedRemoteInfo RemoteInfo = new ManagedRemoteInfo();
            BinaryFormatter   Format     = new BinaryFormatter();
            Int32             NtStatus;

            HelperServiceInterface.BeginInjection(InTargetPID);

            try
            {
                RemoteInfo            = new ManagedRemoteInfo();
                RemoteInfo.HostPID    = InHostPID;
                RemoteInfo.UserParams = InPassThruArgs;

                GCHandle hPassThru = PrepareInjection(
                    RemoteInfo,
                    ref InLibraryPath_x86,
                    ref InLibraryPath_x64,
                    PassThru);

                /*
                 *  Inject library...
                 */
                try
                {
                    switch (NtStatus = NativeAPI.RhInjectLibraryEx(
                                InTargetPID,
                                InWakeUpTID,
                                NativeAPI.EASYHOOK_INJECT_MANAGED | InNativeOptions,
                                typeof(Config).Assembly.Location,
                                typeof(Config).Assembly.Location,
                                hPassThru.AddrOfPinnedObject(),
                                (int)PassThru.Length))
                    {
                    case NativeAPI.STATUS_WOW_ASSERTION:
                    {
                        // Use helper application to bypass WOW64...
                        if (InCanBypassWOW64)
                        {
                            WOW64Bypass.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InPassThruArgs);
                        }
                        else
                        {
                            throw new AccessViolationException("Unable to inject library into target process.");
                        }
                    } break;

                    case NativeAPI.STATUS_ACCESS_DENIED:
                    {
                        // Use service and try again...
                        if (InCanCreateService)
                        {
                            ServiceMgmt.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InPassThruArgs);
                        }
                        else
                        {
                            NativeAPI.Force(NtStatus);
                        }
                    } break;

                    case NativeAPI.STATUS_SUCCESS:
                    {
                        // wait for injection completion
                        HelperServiceInterface.WaitForInjection(InTargetPID);
                    } break;

                    default:
                    {
                        NativeAPI.Force(NtStatus);
                    } break;
                    }
                }
                finally
                {
                    hPassThru.Free();
                }
            }
            finally
            {
                HelperServiceInterface.EndInjection(InTargetPID);
            }
        }
예제 #3
0
        internal static void InjectEx(
            Int32 InHostPID,
            Int32 InTargetPID,
            Int32 InWakeUpTID,
            Int32 InNativeOptions,
            String InLibraryPath_x86,
            String InLibraryPath_x64,
            Boolean InCanBypassWOW64,
            Boolean InCanCreateService,
            Boolean InRequireStrongName,
            params Object[] InPassThruArgs)
        {
            var PassThru = new MemoryStream();

            HelperServiceInterface.BeginInjection(InTargetPID);
            try
            {
                var RemoteInfo = new ManagedRemoteInfo();
                RemoteInfo.HostPID = InHostPID;
                // We first serialise parameters so that they can be deserialised AFTER the UserLibrary is loaded
                var format = new BinaryFormatter();
                var args   = new List <object>();
                if (InPassThruArgs != null)
                {
                    foreach (var arg in InPassThruArgs)
                    {
                        using (var ms = new MemoryStream())
                        {
                            format.Serialize(ms, arg);
                            args.Add(ms.ToArray());
                        }
                    }
                }
                RemoteInfo.UserParams = args.ToArray();

                RemoteInfo.RequireStrongName = InRequireStrongName;

                var hPassThru = PrepareInjection(
                    RemoteInfo,
                    ref InLibraryPath_x86,
                    ref InLibraryPath_x64,
                    PassThru);

                /*
                 *  Inject library...
                 */
                try
                {
                    Int32 NtStatus;
                    switch (NtStatus = NativeAPI.RhInjectLibraryEx(
                                InTargetPID,
                                InWakeUpTID,
                                NativeAPI.EASYHOOK_INJECT_MANAGED | InNativeOptions,
                                typeof(Config).Assembly.Location,
                                typeof(Config).Assembly.Location,
                                hPassThru.AddrOfPinnedObject(),
                                (int)PassThru.Length))
                    {
                    case NativeAPI.STATUS_WOW_ASSERTION:
                    {
                        // Use helper application to bypass WOW64...
                        if (InCanBypassWOW64)
                        {
                            WOW64Bypass.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InRequireStrongName,
                                InPassThruArgs);
                        }
                        else
                        {
                            throw new AccessViolationException("Unable to inject library into target process.");
                        }
                    }
                    break;

                    case NativeAPI.STATUS_ACCESS_DENIED:
                    {
                        // Use service and try again...
                        if (InCanCreateService)
                        {
                            ServiceMgmt.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InRequireStrongName,
                                InPassThruArgs);
                        }
                        else
                        {
                            NativeAPI.Force(NtStatus);
                        }
                    }
                    break;

                    case NativeAPI.STATUS_SUCCESS:
                    {
                        // wait for injection completion
                        HelperServiceInterface.WaitForInjection(InTargetPID);
                    }
                    break;

                    default:
                    {
                        NativeAPI.Force(NtStatus);
                    }
                    break;
                    }
                }
                finally
                {
                    hPassThru.Free();
                }
            }
            finally
            {
                HelperServiceInterface.EndInjection(InTargetPID);
            }
        }