Exemplo n.º 1
        private void InitialiseDetour(MethodInfo originalFunctionInfo, MethodInfo targetFunctionInfo)
            // Ensure the operating system is valid


            // Ensure the functions are JIT compiled



            // Get a pointer to the original function

            _originalFunctionAddress = originalFunctionInfo.MethodHandle.GetFunctionPointer();

            // Get a pointer to the target function

            var targetFunctionAddress = targetFunctionInfo.MethodHandle.GetFunctionPointer();

            // Create shellcode to perform a function detour

            var shellcode = Environment.Is64BitProcess ? Shellcode.JumpToFunctionX64(targetFunctionAddress) : Shellcode.JumpToFunctionX86(targetFunctionAddress);

            // Save the bytes of the original function

            _originalBytes = new byte[shellcode.Length];

            Marshal.Copy(_originalFunctionAddress, _originalBytes, 0, shellcode.Length);

            // Save the bytes used to detour the original function to the target function

            _detourBytes = shellcode;
Exemplo n.º 2
        internal MethodWrapper(int processId, byte[] dllBytes)
            // Ensure the operating system is valid


            // Ensure the arguments passed in are valid

            if (processId <= 0 || dllBytes is null || dllBytes.Length == 0)
                throw new ArgumentException("One or more of the arguments provided was invalid");

            // Convert the dll bytes to a temporary file on disk

            var temporaryDllPath = Path.Combine(Path.GetTempPath(), "Bleak.dll");

            if (File.Exists(temporaryDllPath))

                File.WriteAllBytes(temporaryDllPath, dllBytes);

                File.WriteAllBytes(temporaryDllPath, dllBytes);

            // Get an instance of the remote process

            Process process;

                process = Process.GetProcessById(processId);

            catch (ArgumentException)
                // The process isn't currently running

                throw new ArgumentException($"No process with id {processId} is currently running");

            // Ensure the process architecture matches the dll architecture

            ValidateArchitecture.Validate(process, temporaryDllPath);

            // Store the values

            _process = process;

            _dllPath = temporaryDllPath;
Exemplo n.º 3
        internal ExtensionWrapper(string processName, byte[] dllBytes)
            // Ensure the operating system is valid


            // Ensure the arguments passed in are valid

            if (string.IsNullOrWhiteSpace(processName) || dllBytes is null || dllBytes.Length == 0)
                throw new ArgumentException("One or more of the arguments provided was invalid");

            // Convert the dll bytes to a temporary file on disk

            var temporaryDllPath = Path.Combine(Path.GetTempPath(), "Bleak.dll");

            if (File.Exists(temporaryDllPath))

                File.WriteAllBytes(temporaryDllPath, dllBytes);

                File.WriteAllBytes(temporaryDllPath, dllBytes);

            // Get an instance of the remote process

            Process process;

                process = Process.GetProcessesByName(processName)[0];

            catch (IndexOutOfRangeException)
                // The remote process isn't currently running

                throw new ArgumentException($"No process with name {processName} is currently running");

            // Ensure the remote process architecture matches the dll architecture

            ValidateArchitecture.Validate(process, temporaryDllPath);

            // Store the values

            _process = process;

            _dllPath = temporaryDllPath;
Exemplo n.º 4
        internal MethodWrapper(int processId, string dllPath)
            // Ensure the operating system is valid


            // Ensure the arguments passed in are valid

            if (processId <= 0 || string.IsNullOrWhiteSpace(dllPath))
                throw new ArgumentException("One or more of the arguments provided was invalid");

            // Ensure the dll exists

            if (!File.Exists(dllPath))
                throw new FileNotFoundException("No file exists at the provided location");

            // Get an instance of the process

            Process process;

                process = Process.GetProcessById(processId);

            catch (ArgumentException)
                // The process isn't currently running

                throw new ArgumentException($"No process with id {processId} is currently running");

            // Ensure the process architecture matches the dll architecture

            ValidateArchitecture.Validate(process, dllPath);

            // Store the values

            _process = process;

            _dllPath = dllPath;
Exemplo n.º 5
        internal ExtensionWrapper(string processName, string dllPath)
            // Ensure the operating system is valid


            // Ensure the arguments passed in are valid

            if (string.IsNullOrWhiteSpace(processName) || string.IsNullOrWhiteSpace(dllPath))
                throw new ArgumentException("One or more of the arguments provided was invalid");

            // Ensure the dll exists

            if (!File.Exists(dllPath))
                throw new FileNotFoundException("No file exists at the provided location");

            // Get an instance of the remote process

            Process process;

                process = Process.GetProcessesByName(processName)[0];

            catch (IndexOutOfRangeException)
                // The remote process isn't currently running

                throw new ArgumentException($"No process with name {processName} is currently running");

            // Ensure the remote process architecture matches the dll architecture

            ValidateArchitecture.Validate(process, dllPath);

            // Store the values

            _process = process;

            _dllPath = dllPath;
Exemplo n.º 6
        internal MethodWrapper(int processId, byte[] dllBytes)
            // Ensure the operating system is valid


            // Ensure the arguments passed in are valid

            if (processId <= 0 || dllBytes is null || dllBytes.Length == 0)
                throw new ArgumentException("One or more of the arguments provided was invalid");

            // Ensure the temporary directory exists on disk

            var temporaryDllFolderPath = Path.Combine(Path.GetTempPath(), "Bleak");

            var temporaryDirectoryInfo = Directory.CreateDirectory(temporaryDllFolderPath);

            // Clear the temporary directory if necessary

            foreach (var file in temporaryDirectoryInfo.GetFiles())

                catch (Exception)
                    // The file is open in a process - Ignore

            // Create a temporary dll name for the dll using a hash of its bytes

            var temporaryDllName = Tools.ComputeHash(dllBytes).Substring(0, 14) + ".dll";

            // Convert the dll bytes to a temporary file on disk

            var temporaryDllPath = Path.Combine(temporaryDllFolderPath, temporaryDllName);

                File.WriteAllBytes(temporaryDllPath, dllBytes);

            catch (Exception)
                // The file is open in a process - Ignore

            // Get an instance of the remote process

            Process process;

                process = Process.GetProcessById(processId);

            catch (ArgumentException)
                // The process isn't currently running

                throw new ArgumentException($"No process with id {processId} is currently running");

            // Ensure the process architecture matches the dll architecture

            ValidateArchitecture.Validate(process, temporaryDllPath);

            // Store the values

            _process = process;

            _dllPath = temporaryDllPath;