Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Diagnostics;
- using System.IO;
- using System.Linq;
- using System.Runtime.InteropServices;
- using System.Text;
- using WinAPI.Kernel32;
- namespace Injector
- {
- public class Injector
- {
- private readonly CloseHandleDelegate _closeHandle;
- private readonly CreateRemoteThreadDelegate _createRemoteThread;
- private readonly WaitForSingleObjectDelegate _waitForSingleObject;
- private readonly ImpersonateSelfDelegate _impersonateSelf;
- private readonly RevertToSelfDelegate _revertToSelf;
- private readonly GetModuleHandleDelegate _getModuleHandle;
- private readonly GetProcAddressDelegate _getProcAddress;
- private readonly ExternalModuleLocator _externalModuleLocator;
- private readonly OpenProcessDelegate _openProcess;
- private readonly VirtualAllocExDelegate _virtualAllocEx;
- private readonly WriteProcessMemoryDelegate _writeProcessMemory;
- [DllImport("kernel32.dll")]
- private static extern IntPtr LoadLibrary(string lpModuleName);
- public Injector(ExternalModuleLocator externalModuleLocator, OpenProcessDelegate openProcess,
- CloseHandleDelegate closeHandle,
- GetProcAddressDelegate getProcAddress, GetModuleHandleDelegate getModuleHandle,
- VirtualAllocExDelegate virtualAllocEx, WriteProcessMemoryDelegate writeProcessMemory,
- CreateRemoteThreadDelegate createRemoteThread, WaitForSingleObjectDelegate waitForSingleObject,
- ImpersonateSelfDelegate impersonateSelf, RevertToSelfDelegate revertToSelf)
- {
- _externalModuleLocator = externalModuleLocator;
- _openProcess = openProcess;
- _closeHandle = closeHandle;
- _getProcAddress = getProcAddress;
- _getModuleHandle = getModuleHandle;
- _virtualAllocEx = virtualAllocEx;
- _writeProcessMemory = writeProcessMemory;
- _createRemoteThread = createRemoteThread;
- _waitForSingleObject = waitForSingleObject;
- _impersonateSelf = impersonateSelf;
- _revertToSelf = revertToSelf;
- }
- public InjectorResult InjectTo(string targetProcessName, string targetDllFilename)
- {
- if (!File.Exists(targetDllFilename))
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.TargetDllNotFound);
- }
- var procs = Process.GetProcesses();
- var procId = (from t in procs where t.ProcessName == targetProcessName select t.Id).FirstOrDefault();
- // ReSharper disable once ConvertIfStatementToReturnStatement
- if (procId == 0)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.ProcessNotFound);
- }
- return InjectTo(procId, targetDllFilename);
- }
- public InjectorResult InjectTo(int targetProcessId, string targetDllFilename)
- {
- var hndProc = _openProcess(0x2 | 0x8 | 0x10 | 0x20 | 0x400, 1, (uint) targetProcessId);
- if (hndProc == IntPtr.Zero)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.OpenThreadFailed);
- }
- var lpLlAddress = _getProcAddress(_getModuleHandle("kernel32.dll"), "LoadLibraryA");
- if (lpLlAddress == IntPtr.Zero)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.RetrieveLoadLibraryFailed);
- }
- var lpAddress = _virtualAllocEx(hndProc, (IntPtr) null, new IntPtr(targetDllFilename.Length), 0x1000 | 0x2000,
- 0x40);
- if (lpAddress == IntPtr.Zero)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.AllocationFailed);
- }
- var bytes = Encoding.ASCII.GetBytes(targetDllFilename);
- if (_writeProcessMemory(hndProc, lpAddress, bytes, (uint) bytes.Length, 0) == 0)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.WritePayloadFailed);
- }
- var remoteThread = _createRemoteThread(hndProc, IntPtr.Zero, IntPtr.Zero, lpLlAddress, lpAddress, 0, IntPtr.Zero);
- if (IntPtr.Zero == remoteThread)
- {
- if (!_impersonateSelf(SecurityImpersonationLevel.SecurityImpersonation))
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.ImpersonationFailed);
- }
- remoteThread = _createRemoteThread(hndProc, IntPtr.Zero, IntPtr.Zero, lpLlAddress, lpAddress, 0, IntPtr.Zero);
- if (IntPtr.Zero == remoteThread)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.CreateLoadLibraryThreadFailed);
- }
- if (!_revertToSelf())
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.RevertAfterImpersonationFailed);
- }
- }
- if (_waitForSingleObject(remoteThread, 3000) != 0)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.LoadLibraryTimeoutExceeded);
- }
- var libraryName = new FileInfo(targetDllFilename).Name;
- var loadedModule = _externalModuleLocator.EnumProcessModules((uint) targetProcessId)
- .FirstOrDefault(module => string.Equals(module.szModule, libraryName,
- StringComparison.InvariantCultureIgnoreCase));
- if (EqualityComparer<Moduleentry32>.Default.Equals(loadedModule, default(Moduleentry32)))
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.RetrieveLoadLibraryFailed);
- }
- var targetDllHandle = LoadLibrary(targetDllFilename);
- if (targetDllHandle == IntPtr.Zero)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.CouldNotLoadTargetDll);
- }
- var runMethodOffset = _getProcAddress(targetDllHandle, "run");
- if (IntPtr.Zero == runMethodOffset)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.ExportedRunMethodNotFound);
- }
- var remoteRunMethodAddress = loadedModule.modBaseAddr + (int) runMethodOffset - (int) targetDllHandle;
- remoteThread = _createRemoteThread(hndProc, IntPtr.Zero, IntPtr.Zero, remoteRunMethodAddress, IntPtr.Zero, 0,
- IntPtr.Zero);
- if (IntPtr.Zero == remoteThread)
- {
- return new InjectorResult(InjectorResult.InjectorStatusCode.CreateRemoteRunThreadFailed);
- }
- _closeHandle(hndProc);
- return new InjectorResult(lpLlAddress);
- }
- }
- }
Add Comment
Please, Sign In to add comment