internal static bool InjectManagedInternal(void *processHandle, string assemblyPath, string typeName, string methodName, string argument, InjectionClrVersion clrVersion, out int returnValue, bool wait)
{
bool isAssembly;
InjectionClrVersion clrVersionTemp;
void *pEnvironment;
void *threadHandle;
uint exitCode;
returnValue = 0;
assemblyPath = Path.GetFullPath(assemblyPath);
// 获取绝对路径
IsAssembly(assemblyPath, out isAssembly, out clrVersionTemp);
if (clrVersion == InjectionClrVersion.Auto)
{
clrVersion = clrVersionTemp;
}
if (!isAssembly)
{
throw new NotSupportedException("Not a valid .NET assembly.");
}
if (!InjectUnmanagedInternal(processHandle, Path.Combine(Environment.GetEnvironmentVariable("SystemRoot"), @"System32\mscoree.dll")))
{
return(false);
}
// 加载对应进程位数的mscoree.dll
pEnvironment = WriteMachineCode(processHandle, clrVersion, assemblyPath, typeName, methodName, argument);
// 获取远程进程中启动CLR的函数指针
if (pEnvironment == null)
{
return(false);
}
threadHandle = CreateRemoteThread(processHandle, null, 0, pEnvironment, ((byte *)pEnvironment + ReturnValueOffset), 0, null);
if (threadHandle == null)
{
return(false);
}
if (wait)
{
WaitForSingleObject(threadHandle, INFINITE);
// 等待线程结束
if (!GetExitCodeThread(threadHandle, out exitCode))
{
return(false);
}
if (!NativeProcess.ReadInt32Internal(processHandle, ((byte *)pEnvironment + ReturnValueOffset), out returnValue))
{
return(false);
}
// 获取程序集中被调用方法的返回值
if (!NativeProcess.FreeMemoryInternal(processHandle, pEnvironment))
{
return(false);
}
return(exitCode == 0);
}
return(true);
}
