public void WriteProcessMemory_T()
{
IntPtr baseAddress = Marshal.AllocHGlobal(4);
const int buffer = 1337;
Marshal.WriteInt32(baseAddress, 0);
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer));
Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer);
Marshal.WriteInt32(baseAddress, 0);
IntPtr bytesWritten = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.WriteProcessMemory(handle, baseAddress, buffer, ref bytesWritten));
Assert.IsTrue(Marshal.ReadInt32(baseAddress) == buffer);
Assert.IsTrue(bytesWritten == (IntPtr)4);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void ReadProcessMemory_T()
{
IntPtr baseAddress = Marshal.AllocHGlobal(4);
Marshal.WriteInt32(baseAddress, 1337);
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
int buffer = 0;
Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer));
Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress));
buffer = 0;
IntPtr bytesRead = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.ReadProcessMemory(handle, baseAddress, ref buffer, ref bytesRead));
Assert.IsTrue(buffer == Marshal.ReadInt32(baseAddress));
Assert.IsTrue(bytesRead == (IntPtr)4);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void VirtualProtectEx()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite);
MemoryProtectionFlags oldProtection = default;
Assert.IsTrue(ProcessMemory.VirtualProtectEx(handle, address, (IntPtr)1024, MemoryProtectionFlags.NoAccess, ref oldProtection));
Assert.IsTrue(oldProtection == MemoryProtectionFlags.ExecuteReadWrite);
try
{
Marshal.WriteInt32(address, 1337);
throw new Exception();
}
catch
{
}
Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release));
ProcessMemory.CloseHandle(handle);
}
public void Close()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
}
public void OnExit()
{
ProcessMemory.CloseHandle(memory.ProcessHandle);
memory = null;
hotKeyManager.KeyPressed -= OnKeyPressed;
hotKeyManager.Dispose();
}
public void CreateRemoteThreadEx()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
TestCreateRemoteThread_1(handle);
TestCreateRemoteThread_2(handle);
TestCreateRemoteThread_3(handle);
TestCreateRemoteThread_4(handle);
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
}
private void TestCreateRemoteThread_3(IntPtr hProcess)
{
var originalCounter = _counter;
IntPtr hThread = ProcessMemory.CreateRemoteThreadEx(hProcess, IntPtr.Zero, IntPtr.Zero, _remoteFunctionPointer, IntPtr.Zero, ThreadCreationFlags.Immediately, IntPtr.Zero);
Assert.IsFalse(hThread == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.WaitForSingleObject(hThread, ProcessMemory.WAIT_TIMEOUT_INFINITE) == WaitObjectResult.Success);
Assert.IsTrue(ProcessMemory.CloseHandle(hThread));
Assert.IsTrue(originalCounter + 1 == _counter);
}
public void VirtualAllocAndFree()
{
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
IntPtr address = ProcessMemory.VirtualAllocEx(handle, IntPtr.Zero, (IntPtr)1024, AllocationType.Reserve | AllocationType.Commit, MemoryProtectionFlags.ExecuteReadWrite);
Assert.IsFalse(address == IntPtr.Zero);
Assert.IsTrue(Marshal.ReadInt32(address) == 0);
Marshal.WriteInt32(address, 1337);
Assert.IsTrue(Marshal.ReadInt32(address) == 1337);
Assert.IsTrue(ProcessMemory.VirtualFreeEx(handle, address, IntPtr.Zero, FreeType.Release));
ProcessMemory.CloseHandle(handle);
}
public void WriteProcessMemory_TArray()
{
IntPtr baseAddress = Marshal.AllocHGlobal(16);
int[] buffer = new int[4];
for (int i = 0; i < buffer.Length; i++)
{
buffer[i] = 1337;
Marshal.WriteInt32(baseAddress, i * 4, 0);
}
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
Assert.IsTrue(ProcessMemory.WriteProcessMemoryArray(handle, baseAddress, buffer));
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(Marshal.ReadInt32(baseAddress, i * 4) == 1337);
Marshal.WriteInt32(baseAddress, i * 4, 0);
}
IntPtr bytesWritten = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.WriteProcessMemoryArray(handle, baseAddress, buffer, ref bytesWritten));
Assert.IsTrue(bytesWritten == (IntPtr)16);
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(Marshal.ReadInt32(baseAddress, i * 4) == 1337);
}
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void ReadProcessMemory_TArray()
{
IntPtr baseAddress = Marshal.AllocHGlobal(16);
for (int i = 0; i < 16; i += 4)
{
Marshal.WriteInt32(baseAddress, i, 1337);
}
IntPtr handle = ProcessMemory.OpenProcess(ProcessAccessFlags.All, _processId);
Assert.IsFalse(handle == IntPtr.Zero);
int[] buffer = new int[4];
Assert.IsTrue(ProcessMemory.ReadProcessMemoryArray(handle, baseAddress, buffer));
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(buffer[i] == Marshal.ReadInt32(baseAddress, i * 4));
buffer[i] = 0;
}
IntPtr bytesRead = IntPtr.Zero;
Assert.IsTrue(ProcessMemory.ReadProcessMemoryArray(handle, baseAddress, buffer, ref bytesRead));
Assert.IsTrue(bytesRead == (IntPtr)(buffer.Length * 4));
for (int i = 0; i < buffer.Length; i++)
{
Assert.IsTrue(buffer[i] == Marshal.ReadInt32(baseAddress, i * 4));
}
Assert.IsTrue(ProcessMemory.CloseHandle(handle));
Marshal.FreeHGlobal(baseAddress);
}
public void OnExit()
{
ProcessMemory.CloseHandle(memory.ProcessHandle);
memory = null;
}
public static InjectResult Inject(Process process, string dllPath, TimeSpan timeout)
{
InjectResult result = InjectResult.None;
//Get the full path of the DLL.
string fullPath = Path.GetFullPath(dllPath);
//Return if the DLL is not found.
if (!File.Exists(fullPath))
{
return(InjectResult.Dll_Not_Found);
}
//Process modules aren't automatically updated in a stored process variable.
//Grab the updated process.
Process updatedProcess = Process.GetProcessById(process.Id);
//Sometimes randomly fails due to 64-bit OS accessing 32-bit process ProcessMemory...
//Try again if fails.
bool success = false;
string pathCompare = fullPath.ToLower();
while (!success)
{
try
{
foreach (ProcessModule pm in updatedProcess.Modules)
{
if (pm.FileName.ToLower() == pathCompare)
//Return if the DLL is found to
//prevent injecting duplicates.
{
return(InjectResult.Dll_Already_Jnjected);
}
}
success = true;
}
catch { }
}
//Open handle with all permissions to avoid any unexpected access violation errors...
IntPtr hProcess = ProcessMemory.OpenProcess(ProcessAccessFlags.All, true, process.Id);
//Return if the handle is 0. This is an invalid result.
if (hProcess == IntPtr.Zero)
{
return(InjectResult.Process_Handle_Invalid);
}
//Get the handle for kernel32.dll.
IntPtr hKernel = ProcessMemory.GetModuleHandle("kernel32.dll");
//Return if the handle is 0. This is an invalid result.
if (hKernel == IntPtr.Zero)
{
return(InjectResult.Kernel_Module_Not_Found);
}
//Get the address for LoadLibraryA, which is used to load a process
//module into a process and calls the DllMain entry point.
IntPtr hLoadLibraryA = ProcessMemory.GetProcAddress(hKernel, "LoadLibraryA");
//Return if the address is 0. This is an invalid result.
if (hLoadLibraryA == IntPtr.Zero)
{
return(InjectResult.Load_Library_A_Not_Found);
}
//Allocation space for the full path of the module and
//+1 for the null terminator (0x00) of the string.
int allocationSize = fullPath.Length + 1;
//Allocate memory space in the process and store the address
//the allocation was made at.
IntPtr allocatedAddr = ProcessMemory.VirtualAllocEx(hProcess, IntPtr.Zero, (IntPtr)allocationSize,
AllocationType.Commit | AllocationType.Reserve,
MemoryProtection.ExecuteReadWrite);
//Return if the address is 0. Allocation was not made.
if (allocatedAddr == IntPtr.Zero)
{
return(InjectResult.Memory_Allocation_Failed);
}
//Convert the full path string into bytes.
byte[] buffer = Encoding.UTF8.GetBytes(fullPath);
IntPtr numWritten;
//Write the bytes to the space we allocated within the process.
if (!ProcessMemory.WriteProcessMemory(hProcess, allocatedAddr, buffer, buffer.Length, out numWritten))
{
//Writing to memory failed if WriteProcessMemory returned false.
result = InjectResult.Memory_Write_Failed;
//Free the memory we allocated into the process.
//dwSize must be 0 to free all pages allocated by VirtualAllocEx.
if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release))
{
//Freeing the allocated memory failed if VirtualFreeEx returned false.
result |= InjectResult.Memory_Release_Failed;
}
//Return due to failing to write the bytes to ProcessMemory.
return(result);
}
//Create a new remote thread, calling the LoadLibraryA function in our target
//process with the address we allocated our string bytes at as the parameter.
//This will load the DLL into the process using the full path to the DLL that
//was specified and call the DLL's DllMain entry point.
IntPtr threadId;
IntPtr hThread = ProcessMemory.CreateRemoteThread(hProcess, IntPtr.Zero, 0, hLoadLibraryA, allocatedAddr, 0, out threadId);
if (hThread == IntPtr.Zero)
{
//The remote thread failed to create if the thread handle is is 0.
result = InjectResult.Thread_Creation_Failed;
//Free the memory we allocated into the process.
//dwSize must be 0 to free all pages allocated by VirtualAllocEx.
if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release))
{
//Freeing the allocated memory failed if VirtualFreeEx returned false.
result |= InjectResult.Memory_Release_Failed;
}
//Return due to failing to create the remote thread.
return(result);
}
//Wait for the thread to finish, with specified timeout if it never finishes.
ProcessMemory.WaitForSingleObject(hThread, (uint)timeout.TotalMilliseconds);
//Free the memory we allocated into the process.
//dwSize must be 0 to free all pages allocated by VirtualAllocEx.
if (!ProcessMemory.VirtualFreeEx(hProcess, allocatedAddr, 0, FreeType.Release))
{
//Freeing the allocated memory failed if VirtualFreeEx returned false.
result |= InjectResult.Memory_Release_Failed;
}
//Close the handle created by CreateRemoteThread.
if (!ProcessMemory.CloseHandle(hThread))
{
result |= InjectResult.Thread_Close_Failed;
}
//Close the handle created by OpenProcess.
if (!ProcessMemory.CloseHandle(hProcess))
{
result |= InjectResult.Process_Handle_Close_Failed;
}
return(result |= InjectResult.Success);
}
