internal static extern bool CreateProcess( string lpApplicationName, string lpCommandLine, ref SECURITY_ATTRIBUTES lpProcessAttributes, ref SECURITY_ATTRIBUTES lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, string lpCurrentDirectory, [In] ref STARTUPINFO lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation);
public void injectDll() { NativeMethods.GetPrivateProfileString("Config", "Path", "", _buffer, (uint)_buffer.Capacity, _configpath); _gamepath = _buffer.ToString(); //create suspend process string cmdLine = "\"" + GamePath + "\"" + "0 /23 0 0"; PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); STARTUPINFO si = new STARTUPINFO(); SECURITY_ATTRIBUTES pSec = new SECURITY_ATTRIBUTES(); SECURITY_ATTRIBUTES tSec = new SECURITY_ATTRIBUTES(); pSec.nLength = Marshal.SizeOf(pSec); tSec.nLength = Marshal.SizeOf(tSec); bool result = NativeMethods.CreateProcess(null, cmdLine, ref pSec, ref tSec, false, CREATE_SUSPENDED, IntPtr.Zero, null, ref si, out pi); if (result == false) { OpenFileDialog ofd = null; try { //MessageBox.Show("Error : could not start sro_client.exe"); ofd = new OpenFileDialog(); ofd.DefaultExt = "exe"; ofd.Filter = "| sro_client.exe"; ofd.Multiselect = false; ofd.Title = "Select sro_client.exe ..."; if (ofd.ShowDialog() == DialogResult.OK) { string name = ofd.FileName; NativeMethods.WritePrivateProfileString("Config", "Path", name, _configpath); injectDll(); } } finally { ofd.Dispose(); } return; } //create virtual stub memory and injection thread IntPtr lpAlloc = NativeMethods.VirtualAllocEx(pi.hProcess, IntPtr.Zero, (uint)DllPath.Length, AllocationType.Commit, MemoryProtection.ExecuteReadWrite); UIntPtr temp = UIntPtr.Zero; NativeMethods.WriteProcessMemory(pi.hProcess, lpAlloc, Encoding.ASCII.GetBytes(DllPath), (uint)DllPath.Length, out temp); uint lpThreadId; IntPtr hThread = NativeMethods.CreateRemoteThread(pi.hProcess, IntPtr.Zero, 0, NativeMethods.GetProcAddress(NativeMethods.GetModuleHandle("kernel32.dll"), "LoadLibraryA"), lpAlloc, 0, out lpThreadId); NativeMethods.WaitForSingleObject(hThread, INFINITE); //exit thread injected uint dwExitCode; NativeMethods.GetExitCodeThread(hThread, out dwExitCode); NativeMethods.CloseHandle(hThread); //free virtual stub memory NativeMethods.VirtualFreeEx(pi.hProcess, lpAlloc, DllPath.Length, FreeType.Decommit); //disable the suspend status of sro_client process NativeMethods.ResumeThread(pi.hThread); NativeMethods.CloseHandle(pi.hThread); NativeMethods.CloseHandle(pi.hProcess); if (dwExitCode == 0) { MessageBox.Show("injected fail !"); } }