public static void ExecuteFunction(Process p, IntPtr functionAddress, uint timeout = (uint)ThreadWaitValue.Infinite) { var hThread = Imports.CreateRemoteThread(p.GetHandle(), IntPtr.Zero, 0, functionAddress, IntPtr.Zero, 0, IntPtr.Zero); if (hThread == IntPtr.Zero) throw new Win32Exception(Marshal.GetLastWin32Error()); var singleObject = Imports.WaitForSingleObject(hThread, timeout); if (!(singleObject == (uint)ThreadWaitValue.Object0 || singleObject == (uint)ThreadWaitValue.Timeout)) throw new Win32Exception(Marshal.GetLastWin32Error()); }
/// <summary> /// /// </summary> /// <param name="p"></param> /// <param name="toStringFuncAddress">The address where our injected toString() is stored</param> /// <param name="variableAddress">The address where the object's address will be stored in. After the toString()-execution this address will point to the returned string.</param> /// <returns></returns> public static void InjectIntoProcess(Process p, out IntPtr toStringFuncAddress, out IntPtr variableAddress, uint variableSize = 8u) { // Allocate 4 bytes for the variable variableAddress = p.Allocate(IntPtr.Zero, variableSize); // Build the toString function var toStringFunction = BuildToStringCode(variableAddress); // Allocate the bytes required for the function toStringFuncAddress = p.Allocate(IntPtr.Zero, (uint)toStringFunction.Length, AllocationType.Commit | AllocationType.Reserve, MemoryProtection.ExecuteReadWrite); // Important: Make it executable // Write into the process memory p.WriteArray(toStringFuncAddress, toStringFunction); // Flush instruction cache Imports.FlushInstructionCache(p.GetHandle(), toStringFuncAddress, (uint)toStringFunction.Length); }