public CordovaView()
{
InitializeComponent();
if (DesignerProperties.IsInDesignTool)
{
return;
}
StartupMode mode = PhoneApplicationService.Current.StartupMode;
if (mode == StartupMode.Launch)
{
PhoneApplicationService service = PhoneApplicationService.Current;
service.Activated += new EventHandler <Microsoft.Phone.Shell.ActivatedEventArgs>(AppActivated);
service.Launching += new EventHandler <LaunchingEventArgs>(AppLaunching);
service.Deactivated += new EventHandler <DeactivatedEventArgs>(AppDeactivated);
service.Closing += new EventHandler <ClosingEventArgs>(AppClosing);
}
else
{
}
// initializes native execution logic
this.nativeExecution = new NativeExecution(ref this.CordovaBrowser);
this.bmHelper = new BrowserMouseHelper(ref this.CordovaBrowser);
}
public PGView()
{
InitializeComponent();
if (DesignerProperties.IsInDesignTool)
{
return;
}
StartupMode mode = PhoneApplicationService.Current.StartupMode;
Debug.WriteLine("StartupMode mode =" + mode.ToString());
if (mode == StartupMode.Activate)
{
PhoneApplicationService service = PhoneApplicationService.Current;
service.Activated += new EventHandler <Microsoft.Phone.Shell.ActivatedEventArgs>(AppActivated);
service.Launching += new EventHandler <LaunchingEventArgs>(AppLaunching);
service.Deactivated += new EventHandler <DeactivatedEventArgs>(AppDeactivated);
service.Closing += new EventHandler <ClosingEventArgs>(AppClosing);
}
else
{
}
// initializes native execution logic
this.nativeExecution = new NativeExecution(ref this.GapBrowser);
}
public CordovaView()
{
InitializeComponent();
if (DesignerProperties.IsInDesignTool)
{
return;
}
// initializes native execution logic
configHandler = new ConfigHandler();
configHandler.LoadAppPackageConfig();
if (configHandler.ContentSrc != null)
{
if (Uri.IsWellFormedUriString(configHandler.ContentSrc, UriKind.Absolute))
{
this.StartPageUri = new Uri(configHandler.ContentSrc, UriKind.Absolute);
}
else
{
this.StartPageUri = new Uri(AppRoot + "www/" + configHandler.ContentSrc, UriKind.Relative);
}
}
browserDecorators = new Dictionary <string, IBrowserDecorator>();
nativeExecution = new NativeExecution(ref this.CordovaBrowser);
bmHelper = new BrowserMouseHelper(ref this.CordovaBrowser);
ApplyConfigurationPreferences();
CreateDecorators();
}
/// <summary>
/// Removes from Target Process Memory the DNCIClrLoader
/// </summary>
/// <param name="targetProcessHandle">Target Process Handle</param>
/// <param name="dnciModuleHandle">DNCIClrLoader Module Handle</param>
private void EraseRemoteModules(IntPtr targetProcessHandle, IntPtr dnciModuleHandle)
{
// Resolve FreeLibrary function pointer into kernel32 address space
IntPtr freeLibraryHandle = NativeExecution.GetProcAddress(NativeExecution.GetModuleHandle("Kernel32"), "FreeLibrary");
// Unload DNCIClrLoader.dll from Remote Process
NativeExecution.CreateRemoteThread(targetProcessHandle, IntPtr.Zero, 0, freeLibraryHandle, dnciModuleHandle, 0, IntPtr.Zero);
}
/// <summary>
/// Inject the "functionPointer" with "parameters" into Remote Process
/// </summary>
/// <param name="processHandle">Remote Process Handle</param>
/// <param name="functionPointer">LoadLibraryW Function Pointer</param>
/// <param name="clrLoaderFullPath">DNCIClrLoader.exe Full Path</param>
private Int32 Inject(IntPtr processHandle, IntPtr functionPointer, String parameters)
{
// Set Array to Write
byte[] toWriteData = Encoding.Unicode.GetBytes(parameters);
// Compute Required Space on Remote Process
uint requiredRemoteMemorySize = (uint)(
(toWriteData.Length) * Marshal.SizeOf(typeof(char))
) + (uint)Marshal.SizeOf(typeof(char));
// Alocate Required Memory Space on Remote Process
IntPtr allocMemAddress = NativeExecution.VirtualAllocEx(
processHandle,
IntPtr.Zero,
requiredRemoteMemorySize,
NativeConstants.MEM_RESERVE | NativeConstants.MEM_COMMIT,
NativeConstants.PAGE_READWRITE
);
// Write Argument on Remote Process
UIntPtr bytesWritten;
bool success = NativeExecution.WriteProcessMemory(
processHandle,
allocMemAddress,
toWriteData,
requiredRemoteMemorySize,
out bytesWritten
);
// Create Remote Thread
IntPtr createRemoteThread = NativeExecution.CreateRemoteThread(
processHandle,
IntPtr.Zero,
0,
functionPointer,
allocMemAddress,
0,
IntPtr.Zero
);
// Wait Thread to Exit
NativeExecution.WaitForSingleObject(createRemoteThread, NativeConstants.INFINITE);
// Release Memory in Remote Process
NativeExecution.VirtualFreeEx(processHandle, allocMemAddress, 0, NativeConstants.MEM_RELEASE);
// Get Thread Exit Code
Int32 exitCode;
NativeExecution.GetExitCodeThread(createRemoteThread, out exitCode);
// Close Remote Handle
NativeExecution.CloseHandle(createRemoteThread);
return(exitCode);
}
/// <summary>
/// Inject the DNCLClrLoader.dll into Target Process Memory
/// </summary>
/// <param name="targetProcessHandle">Target Process Handle</param>
/// <param name="injectorLibraryFilePath">DNCIClrLoader.dll File Path</param>
/// <param name="moduleName">Name of Module (usually, FILE_NAME.dll)</param>
/// <returns></returns>
private IntPtr DNCIClrLoader(IntPtr targetProcessHandle, String injectorLibraryFilePath, String moduleName)
{
// Resolve LoadLibraryW function pointer into Kernel32 address space
IntPtr loadLibraryWAddr = NativeExecution.GetProcAddress(
NativeExecution.GetModuleHandle("kernel32.dll"),
"LoadLibraryW"
);
// Inject DNCIClrLoader into Remote Process
Inject(targetProcessHandle, loadLibraryWAddr, injectorLibraryFilePath);
// Find the LoadDNA Function Point into Remote Process Memory
return(FindRemoteModuleHandle(targetProcessHandle, moduleName));
}
public CordovaView()
{
InitializeComponent();
if (DesignerProperties.IsInDesignTool)
{
return;
}
StartupMode mode = PhoneApplicationService.Current.StartupMode;
if (mode == StartupMode.Launch)
{
PhoneApplicationService service = PhoneApplicationService.Current;
service.Activated += new EventHandler <Microsoft.Phone.Shell.ActivatedEventArgs>(AppActivated);
service.Launching += new EventHandler <LaunchingEventArgs>(AppLaunching);
service.Deactivated += new EventHandler <DeactivatedEventArgs>(AppDeactivated);
service.Closing += new EventHandler <ClosingEventArgs>(AppClosing);
}
else
{
}
configHandler = new ConfigHandler();
configHandler.LoadAppPackageConfig();
if (configHandler.ContentSrc != null)
{
if (Uri.IsWellFormedUriString(configHandler.ContentSrc, UriKind.Absolute))
{
this.StartPageUri = new Uri(configHandler.ContentSrc, UriKind.Absolute);
}
else
{
this.StartPageUri = new Uri(AppRoot + "www/" + configHandler.ContentSrc, UriKind.Relative);
}
}
ApplyConfigurationPreferences();
browserDecorators = new Dictionary <string, IBrowserDecorator>();
// initializes native execution logic
nativeExecution = new NativeExecution(ref this.CordovaBrowser);
bmHelper = new BrowserMouseHelper(ref this.CordovaBrowser);
CreateDecorators();
}
/// <summary>
/// Get Target Function OffSet
/// </summary>
/// <param name="libraryPath">Full Library Path</param>
/// <param name="targetFunctionName"></param>
/// <returns></returns>
private uint GetFunctionOffSet(String libraryPath, String targetFunctionName)
{
// Load the Library
IntPtr libHandle = NativeExecution.LoadLibrary(libraryPath);
// Get Target Function Address
IntPtr functionPtr = NativeExecution.GetProcAddress(libHandle, targetFunctionName);
// Compute the OffSet Between the Library Base Address and the Target Function inside the Binary
uint offset = (uint)functionPtr.ToInt32() - (uint)libHandle.ToInt32();
// Unload Library from Memory
NativeExecution.FreeLibrary(libHandle);
return(offset);
}
/// <summary>
/// Find the "moduleName" into Remote Process
/// </summary>
/// <param name="targetProcessHandle">Target Process Handler</param>
/// <param name="moduleName">Desired Module Name</param>
/// <returns></returns>
private IntPtr FindRemoteModuleHandle(IntPtr targetProcessHandle, String moduleName)
{
NativeStructures.MODULEENTRY32 moduleEntry = new NativeStructures.MODULEENTRY32()
{
dwSize = (uint)Marshal.SizeOf(typeof(NativeStructures.MODULEENTRY32))
};
uint targetProcessId = NativeExecution.GetProcessId(targetProcessHandle);
IntPtr snapshotHandle = NativeExecution.CreateToolhelp32Snapshot(
NativeStructures.SnapshotFlags.Module | NativeStructures.SnapshotFlags.Module32,
targetProcessId
);
// Check if is Valid
if (!NativeExecution.Module32First(snapshotHandle, ref moduleEntry))
{
NativeExecution.CloseHandle(snapshotHandle);
return(IntPtr.Zero);
}
// Enumerate all Modules until find the "moduleName"
while (NativeExecution.Module32Next(snapshotHandle, ref moduleEntry))
{
if (moduleEntry.szModule == moduleName)
{
break;
}
}
// Close the Handle
NativeExecution.CloseHandle(snapshotHandle);
// Return if Success on Search
if (moduleEntry.szModule == moduleName)
{
return(moduleEntry.modBaseAddr);
}
return(IntPtr.Zero);
}
/// <summary>
/// Inject .NET Assembly into Remote Process
/// </summary>
/// <returns></returns>
private InjectorResult DoInject(Int32 targetProcessId)
{
// Create Result Object
InjectorResult hResult = new InjectorResult()
{
TargetProcessId = targetProcessId
};
try
{
// Copy DNCIClrLoader.dll into Temporary Folder with Random Name
String dnciLoaderLibraryPath = WriteLoaderToDisk();
// Open and get handle of the process - with required privileges
IntPtr targetProcessHandle = NativeExecution.OpenProcess(
NativeConstants.PROCESS_ALL_ACCESS,
false,
targetProcessId
);
// Check Process Handle
if (targetProcessHandle == null || targetProcessHandle == IntPtr.Zero)
{
hResult.Status = InjectorResultStatus.UNABLE_TO_GET_PROCESS_HANDLE;
return(hResult);
}
// Get Process Name
hResult.TargetProcessName = Process.GetProcessById(targetProcessId).ProcessName;
// Find the LoadDNA Function Point into Remote Process Memory
IntPtr dnciModuleHandle = DNCIClrLoader(targetProcessHandle, dnciLoaderLibraryPath, Path.GetFileName(dnciLoaderLibraryPath));
// Check Injector Handle
if (dnciModuleHandle == null || dnciModuleHandle == IntPtr.Zero)
{
hResult.Status = InjectorResultStatus.UNABLE_TO_FIND_INJECTOR_HANDLE;
return(hResult);
}
// Inject Managed Assembly
LoadManagedAssemblyOnRemoteProcess(targetProcessHandle, dnciModuleHandle, this.configuration.MethodName, this.configuration.AssemblyFileLocation, this.configuration.TypeName, this.configuration.ArgumentString, dnciLoaderLibraryPath);
// Erase Modules from Target Process
EraseRemoteModules(targetProcessHandle, dnciModuleHandle);
// Close Remote Process Handle
NativeExecution.CloseHandle(targetProcessHandle);
// Remove Temporary File
try
{
File.Delete(dnciLoaderLibraryPath);
}
catch { }
hResult.Status = InjectorResultStatus.OK;
}
catch
{
hResult.Status = InjectorResultStatus.MASTER_ERROR;
}
return(hResult);
}