Code:
this.pFilename = 0x7c888000;
this.pNetFilename = 0x7c888200;
private void Button2_Click(object sender, EventArgs e)
{
if (!Microsoft.VisualBasic.FileIO.FileSystem.FileExists(MyProject.Application.Info.DirectoryPath + @"dotNetLoader.dll"))
{
Microsoft.VisualBasic.FileIO.FileSystem.WriteAllBytes(MyProject.Application.Info.DirectoryPath + @"dotNetLoader.dll", NetInject.My.Resources.Resources.dotNetLoader, false);
}
Process process = Process.GetProcessesByName(this.ComboBox1.Text)[0];
int hProcess = OpenProcess(0x1f0fff, false, process.Id);
string s = MyProject.Application.Info.DirectoryPath + @"dotNetLoader.dll";
string text = this.TextBox1.Text;
WriteProcessMemory(hProcess, this.pFilename, (int) Marshal.StringToHGlobalAnsi(s), s.Length, 0);
WriteProcessMemory(hProcess, this.pNetFilename, (int) Marshal.StringToHGlobalUni(text), text.Length * 2, 0);
string lpModuleName = "kernel32.dll";
string lpProcName = "LoadLibraryA";
int procAddress = GetProcAddress(GetModuleHandle(ref lpModuleName), ref lpProcName);
WaitForSingleObject(CreateRemoteThread(hProcess, 0, 0, procAddress, this.pFilename, 0, 0), 0xea60);
Interaction.MsgBox("Injection Successful!", MsgBoxStyle.OkOnly, null);
}
There's bigtimt's code for injecting. You'll notice that it extracts the resource as dotNetLoader.dll, writes two strings to memory (one for dotNetLoader.dll injection, the other for accessing the .NET library to be loaded), and creates a thread on LoadLibrary to load dotNetLoader.dll just like any normal injection. You'll also notice that he does not free the memory allocated for the two strings after they're written to memory, does not do any error checking, and does not close the handle to the thread returned by CreateRemoteThread. Jesus ****ing christ. At least it gives you some idea of how NetInject.exe works, since he didn't see fit to give even an iota of an explanation.