Exemplo n.º 1
0
        internal static void InjectEx(
            Int32 InHostPID,
            Int32 InTargetPID,
            Int32 InWakeUpTID,
            Int32 InNativeOptions,
            String InLibraryPath_x86,
            String InLibraryPath_x64,
            Boolean InCanBypassWOW64,
            Boolean InCanCreateService,
            params Object[] InPassThruArgs)
        {
            MemoryStream      PassThru   = new MemoryStream();
            ManagedRemoteInfo RemoteInfo = new ManagedRemoteInfo();
            BinaryFormatter   Format     = new BinaryFormatter();
            Int32             NtStatus;

            HelperServiceInterface.BeginInjection(InTargetPID);

            try
            {
                RemoteInfo            = new ManagedRemoteInfo();
                RemoteInfo.HostPID    = InHostPID;
                RemoteInfo.UserParams = InPassThruArgs;

                GCHandle hPassThru = PrepareInjection(
                    RemoteInfo,
                    ref InLibraryPath_x86,
                    ref InLibraryPath_x64,
                    PassThru);

                /*
                 *  Inject library...
                 */
                try
                {
                    switch (NtStatus = NativeAPI.RhInjectLibraryEx(
                                InTargetPID,
                                InWakeUpTID,
                                NativeAPI.EASYHOOK_INJECT_MANAGED | InNativeOptions,
                                typeof(Config).Assembly.Location,
                                typeof(Config).Assembly.Location,
                                hPassThru.AddrOfPinnedObject(),
                                (int)PassThru.Length))
                    {
                    case NativeAPI.STATUS_WOW_ASSERTION:
                    {
                        // Use helper application to bypass WOW64...
                        if (InCanBypassWOW64)
                        {
                            WOW64Bypass.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InPassThruArgs);
                        }
                        else
                        {
                            throw new AccessViolationException("Unable to inject library into target process.");
                        }
                    } break;

                    case NativeAPI.STATUS_ACCESS_DENIED:
                    {
                        // Use service and try again...
                        if (InCanCreateService)
                        {
                            ServiceMgmt.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InPassThruArgs);
                        }
                        else
                        {
                            NativeAPI.Force(NtStatus);
                        }
                    } break;

                    case NativeAPI.STATUS_SUCCESS:
                    {
                        // wait for injection completion
                        HelperServiceInterface.WaitForInjection(InTargetPID);
                    } break;

                    default:
                    {
                        NativeAPI.Force(NtStatus);
                    } break;
                    }
                }
                finally
                {
                    hPassThru.Free();
                }
            }
            finally
            {
                HelperServiceInterface.EndInjection(InTargetPID);
            }
        }
Exemplo n.º 2
0
        internal static void InjectEx(
            Int32 InHostPID,
            Int32 InTargetPID,
            Int32 InWakeUpTID,
            Int32 InNativeOptions,
            String InLibraryPath_x86,
            String InLibraryPath_x64,
            Boolean InCanBypassWOW64,
            Boolean InCanCreateService,
            Boolean InRequireStrongName,
            params Object[] InPassThruArgs)
        {
            var PassThru = new MemoryStream();

            HelperServiceInterface.BeginInjection(InTargetPID);
            try
            {
                var RemoteInfo = new ManagedRemoteInfo();
                RemoteInfo.HostPID = InHostPID;
                // We first serialise parameters so that they can be deserialised AFTER the UserLibrary is loaded
                var format = new BinaryFormatter();
                var args   = new List <object>();
                if (InPassThruArgs != null)
                {
                    foreach (var arg in InPassThruArgs)
                    {
                        using (var ms = new MemoryStream())
                        {
                            format.Serialize(ms, arg);
                            args.Add(ms.ToArray());
                        }
                    }
                }
                RemoteInfo.UserParams = args.ToArray();

                RemoteInfo.RequireStrongName = InRequireStrongName;

                var hPassThru = PrepareInjection(
                    RemoteInfo,
                    ref InLibraryPath_x86,
                    ref InLibraryPath_x64,
                    PassThru);

                /*
                 *  Inject library...
                 */
                try
                {
                    Int32 NtStatus;
                    switch (NtStatus = NativeAPI.RhInjectLibraryEx(
                                InTargetPID,
                                InWakeUpTID,
                                NativeAPI.EASYHOOK_INJECT_MANAGED | InNativeOptions,
                                typeof(Config).Assembly.Location,
                                typeof(Config).Assembly.Location,
                                hPassThru.AddrOfPinnedObject(),
                                (int)PassThru.Length))
                    {
                    case NativeAPI.STATUS_WOW_ASSERTION:
                    {
                        // Use helper application to bypass WOW64...
                        if (InCanBypassWOW64)
                        {
                            WOW64Bypass.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InRequireStrongName,
                                InPassThruArgs);
                        }
                        else
                        {
                            throw new AccessViolationException("Unable to inject library into target process.");
                        }
                    }
                    break;

                    case NativeAPI.STATUS_ACCESS_DENIED:
                    {
                        // Use service and try again...
                        if (InCanCreateService)
                        {
                            ServiceMgmt.Inject(
                                InHostPID,
                                InTargetPID,
                                InWakeUpTID,
                                InNativeOptions,
                                InLibraryPath_x86,
                                InLibraryPath_x64,
                                InRequireStrongName,
                                InPassThruArgs);
                        }
                        else
                        {
                            NativeAPI.Force(NtStatus);
                        }
                    }
                    break;

                    case NativeAPI.STATUS_SUCCESS:
                    {
                        // wait for injection completion
                        HelperServiceInterface.WaitForInjection(InTargetPID);
                    }
                    break;

                    default:
                    {
                        NativeAPI.Force(NtStatus);
                    }
                    break;
                    }
                }
                finally
                {
                    hPassThru.Free();
                }
            }
            finally
            {
                HelperServiceInterface.EndInjection(InTargetPID);
            }
        }