Exemplo n.º 1
0
        public bool Inject(IntPtr hProcess, IntPtr injectionAddress)
        {
            var asmCode        = _asmCode.ToString();
            var is64bitProcess = OnyxNative.Is64bitProcess(hProcess);

            if (hProcess == IntPtr.Zero)
            {
                throw new ArgumentException("Wrong process handle !");
            }
            if (injectionAddress == IntPtr.Zero)
            {
                throw new ArgumentException("Bad injection address !");
            }
            if (!asmCode.Contains("org "))
            {
                asmCode = asmCode.Insert(0, String.Format("org 0x{0:X08}\n", (long)injectionAddress));
            }
            if (!(asmCode.Contains("use32") || (asmCode.Contains("use64"))))
            {
                asmCode = asmCode.Insert(0, is64bitProcess ? "use64" : "use32");
            }
            if (is64bitProcess && asmCode.Contains("use32"))
            {
                throw new ArgumentException("Target process is 64bit, but you're trying to compile using use32 parameter !", "use32/64 switch");
            }
            if (!is64bitProcess && asmCode.Contains("use64"))
            {
                throw new ArgumentException("Target process is 32bit, but you're trying to compile using use64 parameter !", "use32/64 switch");
            }
            Assemble(asmCode);
            OnyxMemory.WriteBytes(hProcess, injectionAddress, _assembledBytes);
            return(true);
        }
Exemplo n.º 2
0
        /// <summary>
        ///     Injects a dll into a process by creating a remote thread on LoadLibrary.
        /// </summary>
        /// <param name="_hProcess">Handle to the process into which dll will be injected.</param>
        /// <param name="_szDllPath">Full path of the dll that will be injected.</param>
        /// <returns>Returns the base address of the injected dll on success, zero on failure.</returns>
        public static IntPtr InjectDllCreateThread(IntPtr _hProcess, string _szDllPath)
        {
            if (_hProcess == IntPtr.Zero)
            {
                throw new ArgumentNullException("_hProcess");
            }
            if (_szDllPath.Length == 0)
            {
                throw new ArgumentNullException("_szDllPath");
            }
            if (!_szDllPath.Contains("\\"))
            {
                _szDllPath = Path.GetFullPath(_szDllPath);
            }
            if (!File.Exists(_szDllPath))
            {
                throw new ArgumentException("DLL not found.", "_szDllPath");
            }
            var    dwBaseAddress = IntPtr.Zero;
            IntPtr lpLoadLibrary;
            IntPtr lpDll;
            IntPtr hThread, threadId;
            var    hKernel32 = OnyxNative.GetModuleHandle(_hProcess, "kernel32.dll");

            lpLoadLibrary =
                (IntPtr)(hKernel32.ToInt64() + OnyxNative.GetExportedFunctionRVA(OnyxNative.GetModuleFileNameEx(_hProcess, hKernel32), "LoadLibraryW").ToInt64());
            if (lpLoadLibrary != IntPtr.Zero)
            {
                lpDll = OnyxMemory.AllocateMemory(_hProcess);
                if (lpDll != IntPtr.Zero)
                {
                    if (OnyxMemory.Write(_hProcess, lpDll, _szDllPath))
                    {
                        //wait for thread handle to have signaled state
                        hThread = OnyxNative.CreateRemoteThread(
                            _hProcess,
                            IntPtr.Zero,
                            0,
                            lpLoadLibrary,
                            lpDll,
                            ThreadFlags.THREAD_EXECUTE_IMMEDIATELY,
                            out threadId);
                        //wait for thread handle to have signaled state
                        //exit code will be equal to the base address of the dll
                        if (OnyxNative.WaitForSingleObject(hThread, 5000) == WaitValues.WAIT_OBJECT_0)
                        {
                            OnyxNative.GetExitCodeThread(hThread, out dwBaseAddress);
                            if (dwBaseAddress == IntPtr.Zero)
                            {
                                throw new Win32Exception(Marshal.GetLastWin32Error());
                            }
                        }
                        OnyxNative.CloseHandle(hThread);
                    }
                    OnyxMemory.FreeMemory(_hProcess, lpDll);
                }
            }
            return(dwBaseAddress);
        }
Exemplo n.º 3
0
 public Onyx(Process _targetProcess)
 {
     if (_targetProcess == null)
     {
         throw new ArgumentNullException(nameof(_targetProcess));
     }
     m_targetProcess = _targetProcess;
     m_memory        = new OnyxMemory(_targetProcess.Id);
     m_detours       = new DetourManager();
 }