protected override void Execute(Injectable assembly) { IntPtr dllBase = Kernel32.LoadLibraryExW(assembly.PathToAssemblyFile, IntPtr.Zero, Core.Native.Enums.LoadLibraryFlags.DontResolveDllReferences); if (dllBase == IntPtr.Zero) { throw new Win32Exception($"Couldn't load DLL, system returned error code: {Marshal.GetLastWin32Error()}"); } IntPtr entryPointAddress = Kernel32.GetProcAddress(dllBase, assembly.Entrypoint); if (entryPointAddress == IntPtr.Zero) { throw new Win32Exception($"Couldn't find the entry point, system returned error code: {Marshal.GetLastWin32Error()}"); } IntPtr entryPointInRemoteProcess = new IntPtr((long)Process.Modules[assembly.AssemblyName.ToLower()].BaseAddress + (long)entryPointAddress - (long)dllBase); IntPtr thread = Kernel32.CreateRemoteThread(Process.Handle, IntPtr.Zero, 0, entryPointInRemoteProcess, IntPtr.Zero, 0, IntPtr.Zero); if (thread == IntPtr.Zero) { throw new Win32Exception($"Couldn't load DLL, system returned error code: {Marshal.GetLastWin32Error().ToString()}"); } Process.SuspendThreads(false); }
public void InjectAndExecute(Injectable assembly, bool attach) { UpdateFiles(assembly.PathToAssemblyFile); PreExecution(assembly); Process.RefreshModules(); Process.AllocConsole(); // In case we want to attach then we have to do so BEFORE we execute to give full debugging capabilities. if (attach && Debugger.IsAttached) { Process.AttachDebugger(); } Execute(assembly); }
/// <summary> /// Execution after the DLL has been injected. /// </summary> /// <param name="pathToDll"></param> /// <param name="entryPoint"></param> protected abstract void Execute(Injectable assembly);
/// <summary> /// DLL needs to be the same platform as the target process (e.g. x64 or x86). /// </summary> /// <param name="pathToDll"></param> /// <param name="entryPoint"></param> protected abstract void PreExecution(Injectable assembly);
protected override void Execute(Injectable assembly) { IMemoryAddress allocatedMemory = Process.AllocateManagedMemory(assembly.PathToAssemblyFile.Length); allocatedMemory.Write(Encoding.Unicode.GetBytes(assembly.PathToAssemblyFile)); }
protected override void PreExecution(Injectable assembly) { }
protected override void PreExecution(Injectable assembly) { Process.SuspendThreads(true); Process.LoadLibrary(assembly.PathToAssemblyFile); }
protected override void PostExecution(Injectable assembly) { Process.SuspendThreads(false); }
protected virtual void PostExecution(Injectable assembly) { }