[Release] Inject Managed .Net Code!

[bigtimt]

With this tool, you will be able to inject a .Net assembly into a running process.

Contents:
NetInjector.exe
example.dll
DLLMain.cs

NetInjector is an injector i wrote specifically for the c++ dll it uses, you cannot use another injector for the dll it produces.

example.dll - inject his into a process, just a little example

DLLMain.cs- if you want to be able to load you're assembly, this is where you do all of you're fiddling. you NEED this namespace/class/function in you're project or it won't run.

Download Link:
RapidShare: Easy Filehosting

[Shynd]

Well it's not very ****ing useful if you don't tell people how to use it in their own code, is it? Here, I'll do the job for you.

He's embedded a library in NetInjector.exe as a resource which he calls "dotNetLoader.dll" which I have mirrored here. I looked, for about 30 seconds, at dotNetLoader.dll in a disassembler, and I can say that it does not import any possibly harmful API functions, so it should be pretty safe. That said, I didn't write it, so I don't know exactly what it does; if it ruins your computer for some reason, I assume no responsibility and all blame falls squarely on the OP's shoulders (all I did was extract the resource and host it).

Now that you have that, you do like he said and create a class library that follows the following template:

Code:

namespace APIENTRY
{
    public unsafe static class DLLMain
    {
        public static int DLL_PROCESS_ATTACH(string arg)
        {
            //Do stuff here
            return 0;
        }
    }
}

(You may need to tick the 'Allow unsafe code' checkbox under Project Properties.)

Now, you're going to need to write the full path of the .NET library which you want injected--the one that follows the above code template--to memory as a Unicode string at address 0x7C888200 (yes, that is a static codecave inside kernel32.dll, which is terrible coding practice because what if kernel32.dll changes via service pack patch or is a different size/configuration between different versions of Windows?... In fact, this crap may only work on XP or Vista or something, I don't know).

From what I can tell, the path needs to be at that specific address and it also needs to be in Unicode format (meaning each character is represented by two bytes, for those of you that don't know). I am guessing that dotNetLoader.dll, once injected, will load the library pointed to by the path at 0x7C888200, and then uninject itself. I honestly don't know, seeing as no explanation was given and I haven't tried it.

Anyway, then inject dotNetLoader.dll as you usually would. As long as the path to your .NET library is in place before injection, it shouldn't matter how dotNetLoader.dll gets injected. It should then load your .NET library and call public static int DLL_PROCESS_ATTACH(string arg) (which, if you followed the template, is where you either create your own thread to do stuff or whatever you want).


Anyway, I'm not sure if I'm the only one, but I'm sick of releases like this horseshit. If you're going to release something for the benefit of the group, release your ****ing source and give a semi-decent explanation as to either what it does or how to use it.

[Shynd]

Code:

    this.pFilename = 0x7c888000;
    this.pNetFilename = 0x7c888200;


private void Button2_Click(object sender, EventArgs e)
        {
            if (!Microsoft.VisualBasic.FileIO.FileSystem.FileExists(MyProject.Application.Info.DirectoryPath + @"dotNetLoader.dll"))
            {
                Microsoft.VisualBasic.FileIO.FileSystem.WriteAllBytes(MyProject.Application.Info.DirectoryPath + @"dotNetLoader.dll", NetInject.My.Resources.Resources.dotNetLoader, false);
            }
            Process process = Process.GetProcessesByName(this.ComboBox1.Text)[0];
            int hProcess = OpenProcess(0x1f0fff, false, process.Id);
            string s = MyProject.Application.Info.DirectoryPath + @"dotNetLoader.dll";
            string text = this.TextBox1.Text;
            WriteProcessMemory(hProcess, this.pFilename, (int) Marshal.StringToHGlobalAnsi(s), s.Length, 0);
            WriteProcessMemory(hProcess, this.pNetFilename, (int) Marshal.StringToHGlobalUni(text), text.Length * 2, 0);
            string lpModuleName = "kernel32.dll";
            string lpProcName = "LoadLibraryA";
            int procAddress = GetProcAddress(GetModuleHandle(ref lpModuleName), ref lpProcName);
            WaitForSingleObject(CreateRemoteThread(hProcess, 0, 0, procAddress, this.pFilename, 0, 0), 0xea60);
            Interaction.MsgBox("Injection Successful!", MsgBoxStyle.OkOnly, null);
        }

There's bigtimt's code for injecting. You'll notice that it extracts the resource as dotNetLoader.dll, writes two strings to memory (one for dotNetLoader.dll injection, the other for accessing the .NET library to be loaded), and creates a thread on LoadLibrary to load dotNetLoader.dll just like any normal injection. You'll also notice that he does not free the memory allocated for the two strings after they're written to memory, does not do any error checking, and does not close the handle to the thread returned by CreateRemoteThread. Jesus ****ing christ. At least it gives you some idea of how NetInject.exe works, since he didn't see fit to give even an iota of an explanation.

[Morphih]

Shynd you deserver more rep for this better explanation and your great blog

[Cursed]

Shynd you deserver more rep for this better explanation and your great blog

Yep he does... Shynd +Rep 3x

[barthen]

Those looking into this topic might find this link useful:
How To Inject a Managed .NET Assembly (DLL) Into Another Process - Coding the Wheel

[felixdabayer]

Oh thanks barthen.
Very nice that u posted the Link. Most Leechers would Just read the Article and look for a Tutorial how to injec the Code and don't think about the others... U didn't, u thought of the Community and helped me alot. I +Rep ped u for the Help and wish u good luck on your way up to Contributor.