Can't call export after re-injecting managed DLL, but why? menu
Follow us:

User Tag List

Results 1 to 2 of 2
  1. 08-18-2018 #1
    Viano's Avatar
    Viano
    Viano is offline
    Active Member
    Reputation
    37
    Join Date
    May 2008
    Posts
    172
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can't call export after re-injecting managed DLL, but why?

    Hello there,

    I wanted to get rid of bootstrap C++ DLL and do everything managed. I thought I give DllExport a try. I however hit the wall and experience weird behavior.

    - After calling the export I can see the DLL loaded twice in notepad.exe in Process Explorer. Ejecting fails after calling my Eject() function once. The second call removes my DLL. However in Process Explorer I can still see the DLL (which is not listed anymore when I go through all modules in my C# app).
    - When I inject, call, eject and inject again, I can't call the export anymore but I have no idea why?

    Logging and Pinvokes are removed from the code below.
    Code:
        class Injector
    {
        private string _dll = AppDomain.CurrentDomain.BaseDirectory + "Soup.dll";            

        public bool IsModuleInjected(int pid, string moduleName)
        {
            var process = Process.GetProcessById(pid);

            foreach (ProcessModule module in process.Modules)
            {
                if (!module.FileName.Equals(_dll)) continue;                
                return true;
            }
            return false;
        }

        public bool Inject(int pid)
        {
            var process = Process.GetProcessById(pid);

            if (IsModuleInjected(pid, _dll)) { 
                return false;
            }

            var hProcess = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            if (hProcess == IntPtr.Zero)
            {           
                return false;
            }
          
            var allocAddress = VirtualAllocEx(hProcess, IntPtr.Zero, (uint)Encoding.Unicode.GetByteCount(_dll.ToCharArray())+1, AllocationType.Commit, MemoryProtection.ReadWrite);

            if (allocAddress == IntPtr.Zero) { 
                return false;
            }

            if (!WriteProcessMemory(hProcess, allocAddress, Encoding.Unicode.GetBytes(_dll),
                Encoding.Unicode.GetByteCount(_dll.ToCharArray()), out _))
            {
                return false;
            }

            var moduleHandle = GetModuleHandle("kernel32.dll");

            if (moduleHandle == IntPtr.Zero) { 
                return false;
            }

            var procAddress = GetProcAddress(moduleHandle, "LoadLibraryW");

            if (procAddress == IntPtr.Zero) {
                return false;
            }

            var hRemoteThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, procAddress, allocAddress, 0, IntPtr.Zero);

            if (hRemoteThread == IntPtr.Zero) {
                return false;
            }

            var result = WaitForSingleObject(hRemoteThread, int.MaxValue);

            if (!VirtualFreeEx(hProcess, allocAddress, Encoding.Unicode.GetByteCount(_dll)+1, AllocationType.Decommit))
            {
                return false;
            }

            if (!CloseHandle(hProcess))
            {
                return false;
            }

            if (!IsModuleInjected(pid, _dll)) return false;
            return true;

        }

        public bool Eject(int pid)
        {
            var process = Process.GetProcessById(pid);

            ProcessModule targetModule = null;

            foreach (ProcessModule module in process.Modules)
            {
                if (module.FileName.Equals(_dll))
                {
                    targetModule = module;
                }
            }

            if (targetModule == null)
            {
                return false;
            }

            var hProcess = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            if (hProcess == IntPtr.Zero)
            {
                return false;
            }

            var moduleHandle = GetModuleHandle("kernel32.dll");

            if (moduleHandle == IntPtr.Zero)
            {
                return false;
            }

            var procAddress = GetProcAddress(moduleHandle, "FreeLibrary");

            if (procAddress == IntPtr.Zero)
            {
                return false;
            }

            var hRemoteThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, procAddress, targetModule.BaseAddress, 0, IntPtr.Zero);

            if (hRemoteThread == IntPtr.Zero)
            {
                return false;
            }

            WaitForSingleObject(hRemoteThread, 10 * 1000);

            if (!IsModuleInjected(pid, _dll))
            {
                return true;
            }

            return false;
        }

        public bool Call(int pid)
        {
            var process = Process.GetProcessById(pid);

            ProcessModule targetModule = null;

            foreach (ProcessModule module in process.Modules)
            {
                if (module.FileName.Equals(_dll))
                {
                    targetModule = module;
                }                
            }

            if (targetModule == null)
            {
                return false;
            }

            var hProcess = OpenProcess(ProcessAccessFlags.All, false, process.Id);

            if (hProcess == IntPtr.Zero)
            {
                return false;
            }

            var hLoaded = LoadLibraryEx(_dll, IntPtr.Zero, LoadLibraryFlags.DontResolveDllReferences);

            if (hLoaded == IntPtr.Zero) {
                return false;
            }

            var procAddress = GetProcAddress(hLoaded, "ShowMessage");

            if (procAddress == IntPtr.Zero)
            {
                return false;
            }            

            var offset = (ulong)procAddress - (ulong)hLoaded;

            if (!FreeLibrary(hLoaded))
            {
                return false;
            }

            var hRemoteThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, IntPtr.Add(targetModule.BaseAddress, (int)offset), IntPtr.Zero, 0, IntPtr.Zero);

            if (hRemoteThread == IntPtr.Zero)
            {
                return false;
            }

            WaitForSingleObject(hRemoteThread, 10 * 1000);

            if (CloseHandle(hProcess)) return true;
            return false;


        }
    }
    My DLL is plain and simple.

    Code:
    namespace Soup
{
    public class Soup
    {
        [DllExport]
        public static void ShowMessage()
        {
            MessageBox.Show("I'm inside and doing nothing!", "Soup");            
        }
    }
}
    Any ideas?
    Last edited by Viano; 08-18-2018 at 09:00 AM.
    Viano
    Reply With Quote Reply With Quote
    Can't call export after re-injecting managed DLL, but why?
  2. 08-18-2018 #2
    Viano's Avatar
    Viano
    Viano is offline
    Active Member
    Reputation
    37
    Join Date
    May 2008
    Posts
    172
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, just forget it people. It seems that you have to spawn an AppDomain and load your app from there.
    Viano
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. C# / MemorySharp: Injecting managed DLL into the WoW-Process?
    By mskc33 in forum WoW Memory Editing
    Replies: 3
    Last Post: 03-03-2017, 08:03 AM
  2. [C#] Managed Dll Injection
    By streppel in forum WoW Memory Editing
    Replies: 26
    Last Post: 06-01-2010, 05:29 AM
  3. [Release] Inject Managed .Net Code!
    By bigtimt in forum WoW Memory Editing
    Replies: 6
    Last Post: 10-12-2008, 03:52 PM
  4. Possible to add music files that can be called up?
    By unklcod in forum World of Warcraft Emulator Servers
    Replies: 2
    Last Post: 10-22-2007, 08:27 PM
  5. Problems with server after Re-format.
    By KRAZY2K7 in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 10-07-2007, 03:14 PM
All times are GMT -5. The time now is 09:32 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search