Can't call export after re-injecting managed DLL, but why? menu

User Tag List

Results 1 to 2 of 2
  1. #1
    Viano's Avatar Active Member
    Reputation
    37
    Join Date
    May 2008
    Posts
    172
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can't call export after re-injecting managed DLL, but why?

    Hello there,

    I wanted to get rid of bootstrap C++ DLL and do everything managed. I thought I give DllExport a try. I however hit the wall and experience weird behavior.

    - After calling the export I can see the DLL loaded twice in notepad.exe in Process Explorer. Ejecting fails after calling my Eject() function once. The second call removes my DLL. However in Process Explorer I can still see the DLL (which is not listed anymore when I go through all modules in my C# app).
    - When I inject, call, eject and inject again, I can't call the export anymore but I have no idea why?

    Logging and Pinvokes are removed from the code below.
    Code:
        class Injector
        {
            private string _dll = AppDomain.CurrentDomain.BaseDirectory + "Soup.dll";            
    
            public bool IsModuleInjected(int pid, string moduleName)
            {
                var process = Process.GetProcessById(pid);
    
                foreach (ProcessModule module in process.Modules)
                {
                    if (!module.FileName.Equals(_dll)) continue;                
                    return true;
                }
                return false;
            }
    
            public bool Inject(int pid)
            {
                var process = Process.GetProcessById(pid);
    
                if (IsModuleInjected(pid, _dll)) { 
                    return false;
                }
    
                var hProcess = OpenProcess(ProcessAccessFlags.All, false, process.Id);
    
                if (hProcess == IntPtr.Zero)
                {           
                    return false;
                }
              
                var allocAddress = VirtualAllocEx(hProcess, IntPtr.Zero, (uint)Encoding.Unicode.GetByteCount(_dll.ToCharArray())+1, AllocationType.Commit, MemoryProtection.ReadWrite);
    
                if (allocAddress == IntPtr.Zero) { 
                    return false;
                }
    
                if (!WriteProcessMemory(hProcess, allocAddress, Encoding.Unicode.GetBytes(_dll),
                    Encoding.Unicode.GetByteCount(_dll.ToCharArray()), out _))
                {
                    return false;
                }
    
                var moduleHandle = GetModuleHandle("kernel32.dll");
    
                if (moduleHandle == IntPtr.Zero) { 
                    return false;
                }
    
                var procAddress = GetProcAddress(moduleHandle, "LoadLibraryW");
    
                if (procAddress == IntPtr.Zero) {
                    return false;
                }
    
                var hRemoteThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, procAddress, allocAddress, 0, IntPtr.Zero);
    
                if (hRemoteThread == IntPtr.Zero) {
                    return false;
                }
    
                var result = WaitForSingleObject(hRemoteThread, int.MaxValue);
    
                if (!VirtualFreeEx(hProcess, allocAddress, Encoding.Unicode.GetByteCount(_dll)+1, AllocationType.Decommit))
                {
                    return false;
                }
    
                if (!CloseHandle(hProcess))
                {
                    return false;
                }
    
                if (!IsModuleInjected(pid, _dll)) return false;
                return true;
    
            }
    
            public bool Eject(int pid)
            {
                var process = Process.GetProcessById(pid);
    
                ProcessModule targetModule = null;
    
                foreach (ProcessModule module in process.Modules)
                {
                    if (module.FileName.Equals(_dll))
                    {
                        targetModule = module;
                    }
                }
    
                if (targetModule == null)
                {
                    return false;
                }
    
                var hProcess = OpenProcess(ProcessAccessFlags.All, false, process.Id);
    
                if (hProcess == IntPtr.Zero)
                {
                    return false;
                }
    
                var moduleHandle = GetModuleHandle("kernel32.dll");
    
                if (moduleHandle == IntPtr.Zero)
                {
                    return false;
                }
    
                var procAddress = GetProcAddress(moduleHandle, "FreeLibrary");
    
                if (procAddress == IntPtr.Zero)
                {
                    return false;
                }
    
                var hRemoteThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, procAddress, targetModule.BaseAddress, 0, IntPtr.Zero);
    
                if (hRemoteThread == IntPtr.Zero)
                {
                    return false;
                }
    
                WaitForSingleObject(hRemoteThread, 10 * 1000);
    
                if (!IsModuleInjected(pid, _dll))
                {
                    return true;
                }
    
                return false;
            }
    
            public bool Call(int pid)
            {
                var process = Process.GetProcessById(pid);
    
                ProcessModule targetModule = null;
    
                foreach (ProcessModule module in process.Modules)
                {
                    if (module.FileName.Equals(_dll))
                    {
                        targetModule = module;
                    }                
                }
    
                if (targetModule == null)
                {
                    return false;
                }
    
                var hProcess = OpenProcess(ProcessAccessFlags.All, false, process.Id);
    
                if (hProcess == IntPtr.Zero)
                {
                    return false;
                }
    
                var hLoaded = LoadLibraryEx(_dll, IntPtr.Zero, LoadLibraryFlags.DontResolveDllReferences);
    
                if (hLoaded == IntPtr.Zero) {
                    return false;
                }
    
                var procAddress = GetProcAddress(hLoaded, "ShowMessage");
    
                if (procAddress == IntPtr.Zero)
                {
                    return false;
                }            
    
                var offset = (ulong)procAddress - (ulong)hLoaded;
    
                if (!FreeLibrary(hLoaded))
                {
                    return false;
                }
    
                var hRemoteThread = CreateRemoteThread(hProcess, IntPtr.Zero, 0, IntPtr.Add(targetModule.BaseAddress, (int)offset), IntPtr.Zero, 0, IntPtr.Zero);
    
                if (hRemoteThread == IntPtr.Zero)
                {
                    return false;
                }
    
                WaitForSingleObject(hRemoteThread, 10 * 1000);
    
                if (CloseHandle(hProcess)) return true;
                return false;
    
    
            }
        }
    My DLL is plain and simple.

    Code:
    namespace Soup
    {
        public class Soup
        {
            [DllExport]
            public static void ShowMessage()
            {
                MessageBox.Show("I'm inside and doing nothing!", "Soup");            
            }
        }
    }
    Any ideas?
    Last edited by Viano; 08-18-2018 at 09:00 AM.
    Viano

    These ads disappear when you log in.

  2. #2
    Viano's Avatar Active Member
    Reputation
    37
    Join Date
    May 2008
    Posts
    172
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, just forget it people. It seems that you have to spawn an AppDomain and load your app from there.
    Viano

Similar Threads

  1. Replies: 3
    Last Post: 03-03-2017, 08:03 AM
  2. [C#] Managed Dll Injection
    By streppel in forum WoW Memory Editing
    Replies: 26
    Last Post: 06-01-2010, 05:29 AM
  3. [Release] Inject Managed .Net Code!
    By bigtimt in forum WoW Memory Editing
    Replies: 6
    Last Post: 10-12-2008, 03:52 PM
  4. Possible to add music files that can be called up?
    By unklcod in forum World of Warcraft Emulator Servers
    Replies: 2
    Last Post: 10-22-2007, 08:27 PM
  5. Problems with server after Re-format.
    By KRAZY2K7 in forum World of Warcraft Emulator Servers
    Replies: 1
    Last Post: 10-07-2007, 03:14 PM
All times are GMT -5. The time now is 07:22 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2023 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2023 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search