public bool UninjectFromProcess(IntPtr processHandle, IntPtr libraryHandle)
{
try
{
var buffer = BitConverter.GetBytes(libraryHandle.ToInt32());
using (var remoteMemory = new RemoteMemory(processHandle, buffer.Length))
{
using (var pinnedBuffer = new PinnedObject(buffer))
{
uint bytesWritten;
NativeMethods.WriteProcessMemory(
processHandle,
remoteMemory.Address,
pinnedBuffer.AddrOfPinnedObject,
(uint)buffer.Length,
out bytesWritten);
}
var kernel32Handle = NativeMethods.GetModuleHandle("kernel32.dll");
var freeLibraryAddress = NativeMethods.GetProcAddress(kernel32Handle, "FreeLibrary");
using (var remoteThread = new RemoteThread(processHandle, freeLibraryAddress))
{
remoteThread.Start(remoteMemory.Address);
remoteThread.Join(TimeSpan.FromMilliseconds(5000));
var exitCode = remoteThread.ExitCode();
return exitCode != 0;
}
}
}
catch (Exception)
{
return false;
}
}
public byte[] Read(IntPtr processHandle, IntPtr baseAddress, int size)
{
var buffer = new byte[size];
using (var pinnedBuffer = new PinnedObject(buffer))
{
uint bytesRead;
NativeMethods.ReadProcessMemory(
processHandle, baseAddress, pinnedBuffer.AddrOfPinnedObject, (uint)size, out bytesRead);
return buffer;
}
}
public IntPtr InjectToProcess(IntPtr processHandle)
{
try
{
var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "AnarchyHook.dll");
var buffer = Encoding.ASCII.GetBytes(dllPath);
using (var remoteMemory = new RemoteMemory(processHandle, buffer.Length))
{
using (var pinnedBuffer = new PinnedObject(buffer))
{
uint bytesWritten;
NativeMethods.WriteProcessMemory(
processHandle,
remoteMemory.Address,
pinnedBuffer.AddrOfPinnedObject,
(uint)buffer.Length,
out bytesWritten);
}
var kernel32Handle = NativeMethods.GetModuleHandle("kernel32.dll");
var loadLibraryAddress = NativeMethods.GetProcAddress(kernel32Handle, "LoadLibraryA");
using (var remoteThread = new RemoteThread(processHandle, loadLibraryAddress))
{
remoteThread.Start(remoteMemory.Address);
remoteThread.Join(TimeSpan.FromMilliseconds(5000));
var exitCode = remoteThread.ExitCode();
return(new IntPtr(exitCode));
}
}
}
catch (Exception)
{
return(IntPtr.Zero);
}
}
public IntPtr InjectToProcess(IntPtr processHandle)
{
try
{
var dllPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "AnarchyHook.dll");
var buffer = Encoding.ASCII.GetBytes(dllPath);
using (var remoteMemory = new RemoteMemory(processHandle, buffer.Length))
{
using (var pinnedBuffer = new PinnedObject(buffer))
{
uint bytesWritten;
NativeMethods.WriteProcessMemory(
processHandle,
remoteMemory.Address,
pinnedBuffer.AddrOfPinnedObject,
(uint)buffer.Length,
out bytesWritten);
}
var kernel32Handle = NativeMethods.GetModuleHandle("kernel32.dll");
var loadLibraryAddress = NativeMethods.GetProcAddress(kernel32Handle, "LoadLibraryA");
using (var remoteThread = new RemoteThread(processHandle, loadLibraryAddress))
{
remoteThread.Start(remoteMemory.Address);
remoteThread.Join(TimeSpan.FromMilliseconds(5000));
var exitCode = remoteThread.ExitCode();
return new IntPtr(exitCode);
}
}
}
catch (Exception)
{
return IntPtr.Zero;
}
}