Exemplo n.º 1
0
 public SafeRemoteThread CreateThread(IntPtr functionAddress, SafeVirtualMemoryHandle parametersAddress)
 {
     return(new SafeRemoteThread(handle, functionAddress, parametersAddress.DangerousGetHandle()));
 }
Exemplo n.º 2
0
        private static void MainLoop(Byte[] unicodeDllPath, CancellationTokenSource cts, TimeSpan timeout)
        {
            HashSet <Int32> processedIds = new HashSet <Int32>();

            while (true)
            {
                cts.Token.ThrowIfCancellationRequested();

                try
                {
                    KeepAlive(cts, timeout);
                    WindowsObject window = WindowsObject.Wait("Debug", "You can attach a debugger now if you want", cts.Token);

                    Int32 processId = window.GetProcessId();
                    if (!processedIds.Add(processId))
                    {
                        if (cts.Token.WaitHandle.WaitOne(1000))
                        {
                            cts.Token.ThrowIfCancellationRequested();
                        }
                        continue;
                    }

                    if (processedIds.Count == 1)
                    {
                        window.Close();
                        continue;
                    }

                    Console.WriteLine();
                    Console.WriteLine($"A new debuggable process [PID: {processId}] was found. Trying to inject DLL...");

                    using (SafeProcessHandle processHandle = new SafeProcessHandle(processId, ProcessAccessFlags.All, false))
                        using (SafeVirtualMemoryHandle memoryHandle = processHandle.Allocate(unicodeDllPath.Length, AllocationType.Commit, MemoryProtection.ReadWrite))
                        {
                            memoryHandle.Write(unicodeDllPath);

                            // Uncomment to debug
                            // System.Diagnostics.Debugger.Launch();
                            // KeepAlive(cts, TimeSpan.FromMinutes(10));

                            IntPtr loadLibraryAddress = GetLoadLibraryAddress();
                            using (SafeRemoteThread thread = processHandle.CreateThread(loadLibraryAddress, memoryHandle))
                            {
                                thread.Join();
                                window.Close();
                            }
                        }

                    KeepAlive(cts, timeout);
                    Console.WriteLine($"DLL was successfully injected to the process with PID: {processId}.");
                }
                catch (OperationCanceledException)
                {
                    throw;
                }
                catch (Exception ex)
                {
                    Console.WriteLine();
                    Console.WriteLine("Faield to inject DLL.");
                    Console.WriteLine(ex);

                    cts.Token.ThrowIfCancellationRequested();
                    Console.WriteLine("Waiting 20 seconds to try again...");
                    Console.WriteLine("Press Ctrl+C to exit...");
                    Thread.Sleep(20 * 1000);
                }
            }
        }