Ethereal injector

1. using System;
2. using System.Diagnostics;
3. using System.IO;
4. using System.Runtime.InteropServices;
5. using System.Text;
6.  
7. namespace Ethereal
8. {
9. class Injector
10. {
11. public enum DllInjectionResult
12. {
13. DllNotFound,
14. GameProcessNotFound,
15. InjectionFailed,
16. Success
17. }
18.  
19. public sealed class DllInjector
20. {
21. static readonly IntPtr INTPTR_ZERO = (IntPtr)0;
22.  
23. [DllImport("kernel32.dll", SetLastError = true)]
24. static extern IntPtr OpenProcess(uint dwDesiredAccess, int bInheritHandle, uint dwProcessId);
25.  
26. [DllImport("kernel32.dll", SetLastError = true)]
27. static extern int CloseHandle(IntPtr hObject);
28.  
29. [DllImport("kernel32.dll", SetLastError = true)]
30. static extern IntPtr GetProcAddress(IntPtr hModule, string lpProcName);
31.  
32. [DllImport("kernel32.dll", SetLastError = true)]
33. static extern IntPtr GetModuleHandle(string lpModuleName);
34.  
35. [DllImport("kernel32.dll", SetLastError = true)]
36. static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, IntPtr dwSize, uint flAllocationType, uint flProtect);
37.  
38. [DllImport("kernel32.dll", SetLastError = true)]
39. static extern int WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] buffer, uint size, int lpNumberOfBytesWritten);
40.  
41. [DllImport("kernel32.dll", SetLastError = true)]
42. static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttribute, IntPtr dwStackSize, IntPtr lpStartAddress,
43. IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
44.  
45. static DllInjector _instance;
46.  
47. public static DllInjector GetInstance
48. {
49. get
50. {
51. if (_instance == null)
52. {
53. _instance = new DllInjector();
54. }
55. return _instance;
56. }
57. }
58.  
59. DllInjector() { }
60.  
61. public DllInjectionResult Inject(string sProcName, string sDllPath)
62. {
63. if (!File.Exists(sDllPath))
64. {
65. return DllInjectionResult.DllNotFound;
66. }
67.  
68. uint _procId = 0;
69.  
70. Process[] _procs = Process.GetProcesses();
71. for (int i = 0; i < _procs.Length; i++)
72. {
73. if (_procs[i].ProcessName == sProcName)
74. {
75. _procId = (uint)_procs[i].Id;
76. break;
77. }
78. }
79.  
80. if (_procId == 0)
81. {
82. return DllInjectionResult.GameProcessNotFound;
83. }
84.  
85. if (!bInject(_procId, sDllPath))
86. {
87. return DllInjectionResult.InjectionFailed;
88. }
89.  
90. return DllInjectionResult.Success;
91. }
92.  
93. bool bInject(uint pToBeInjected, string sDllPath)
94. {
95. IntPtr hndProc = OpenProcess((0x2 | 0x8 | 0x10 | 0x20 | 0x400), 1, pToBeInjected);
96.  
97. if (hndProc == INTPTR_ZERO)
98. {
99. return false;
100. }
101.  
102. IntPtr lpLLAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
103.  
104. if (lpLLAddress == INTPTR_ZERO)
105. {
106. return false;
107. }
108.  
109. IntPtr lpAddress = VirtualAllocEx(hndProc, (IntPtr)null, (IntPtr)sDllPath.Length, (0x1000 | 0x2000), 0X40);
110.  
111. if (lpAddress == INTPTR_ZERO)
112. {
113. return false;
114. }
115.  
116. byte[] bytes = Encoding.ASCII.GetBytes(sDllPath);
117.  
118. if (WriteProcessMemory(hndProc, lpAddress, bytes, (uint)bytes.Length, 0) == 0)
119. {
120. return false;
121. }
122.  
123. if (CreateRemoteThread(hndProc, (IntPtr)null, INTPTR_ZERO, lpLLAddress, lpAddress, 0, (IntPtr)null) == INTPTR_ZERO)
124. {
125. return false;
126. }
127.  
128. CloseHandle(hndProc);
129.  
130. return true;
131. }
132. }
133. }
134. }