[Open Source] Injection Library - C#

[_VERSTROATE_]

Can you convert the source code into another extension? Visual Studio 2010 gives me the error that's attached (The project type (.csproj) is not supported by this version of the application).
I tried to resolve it by re-installing VS and I even executed devenv /ResetSkipPkgs in the Visual Studio Command Prompt, but without a result.
As for the InjectionLibrary.dll, I'm getting errors also. Well no errors in fact, I do not see any errors but when I try to debug, it says that there were build errors (and still no errors in the box at the bottom). I did what I had to do I believe. Hope you guys can help me out.

Never mind. Used the InjectionLibrary.dll on a Framework 4.0 project.

---------- Post added at 02:38 PM ---------- Previous post was at 02:17 PM ----------

Ins't this meant to be multi-dll? It only injects the last dll I add to my listbox. Somebody who can help?

[DeadCode]

As for the InjectionLibrary.dll, I'm getting errors also. Well no errors in fact, I do not see any errors but when I try to debug, it says that there were build errors (and still no errors in the box at the bottom). I did what I had to do I believe. Hope you guys can help me out.

Simple! Simply do what I said on top!

[Xzevos]

@Jason

I have a question.
How is the Inject() method used exactly? Do you need only the (.dll , processID) or are you suppose to find the handle before that?

This what I have so far:

Code:

        Dim pID As Integer = 0
        Dim p() As Process = Process.GetProcesses
        Dim hModule As IntPtr = IntPtr.Zero
        For Each x As Process In p
            If x.ProcessName = txtProcess.Text Then
                pID = x.Id
                hModule = FindWindow(Nothing, x.MainWindowTitle) ' <-------- Do I set it here or is that not what I'm suppose to do
            End If
        Next

        If hModule = IntPtr.Zero Then
            MessageBox.Show("process not found", "Error")
        Else
            Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap)
            Using img As New PortableExecutable(My.Resources.kajsdh)
                hModule = injector.Inject(img, pID)  <---------- Because hModule is being set here when the inject function performs
            End Using
            If hModule <> IntPtr.Zero Then '--------------------------- I know everything below this is off or kinda extra coding ↓
                
            Else

                If injector.GetLastError() IsNot Nothing Then
                    MessageBox.Show(injector.GetLastError().Message)
                End If
            End If
        End If

[Jason]

@Jason

I have a question.
How is the Inject() method used exactly? Do you need only the (.dll , processID) or are you suppose to find the handle before that?

This what I have so far:

Code:

        Dim pID As Integer = 0
        Dim p() As Process = Process.GetProcesses
        Dim hModule As IntPtr = IntPtr.Zero
        For Each x As Process In p
            If x.ProcessName = txtProcess.Text Then
                pID = x.Id
                hModule = FindWindow(Nothing, x.MainWindowTitle) ' <-------- Do I set it here or is that not what I'm suppose to do
            End If
        Next

        If hModule = IntPtr.Zero Then
            MessageBox.Show("process not found", "Error")
        Else
            Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap)
            Using img As New PortableExecutable(My.Resources.kajsdh)
                hModule = injector.Inject(img, pID)  <---------- Because hModule is being set here when the inject function performs
            End Using
            If hModule <> IntPtr.Zero Then '--------------------------- I know everything below this is off or kinda extra coding ↓
                
            Else

                If injector.GetLastError() IsNot Nothing Then
                    MessageBox.Show(injector.GetLastError().Message)
                End If
            End If
        End If

There are various overloads on the Inject method that you can use. For your example, I would just use the following:

Code:

Dim targets As Process() = Process.GetProcessesByName(txtProcess.Text)
If targets.Length > 0 Then
    Dim processId As Integer = targets(0).Id
    Dim hModule As IntPtr = IntPtr.Zero
    Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap)

    Using img As New PortableExecutable(My.Resources.kajsdh)
        hModule = injector.Inject(img, processId)
    End Using

    If hModule <> IntPtr.Zero Then
        ' File was injected successfully, do whatever you want here
    Else
        ' an error occured, let the user know
        If injector.GetLastError() IsNot Nothing Then
            MessageBox.Show(String.Format("An error occurred when injecting:{0}{0}{1}", Environment.NewLine, injector.GetLastError().Message))
        Else
            MessageBox.Show("An unknown error occurred when injecting")
        End If
    End If
Else
    MessageBox.Show("Target process is not running")
End If

There is no need for "FindWindow" here at all. The handle that FindWindow returns is a HWND (Handle to Window), not a HMODULE (Handle to Module), the two are completely different. Apologies if the above code doesn't compile as-is, I haven't used VB.NET in a while and I don't have a compiler or IDE at work.

[ccman32]

How about additional options like remove PE header? For example when i inject with Radject it only works with these options. When i just manual map with this lib then my hack gets detected.

EDIT: I just added a remove PE header method manually and it works now

[Jason]

How about additional options like remove PE header? For example when i inject with Radject it only works with these options. When i just manual map with this lib then my hack gets detected.

It was a tradeoff in writing this library as pure injection library. If I added the functionality to remove the PE header into this library, then it'd be moving outside the scope of just injection and it'd open up the project to get bloated with unnecessary crap.

However, writing your own method to remove the PE header is easy anyway:

Code:

IntPtr hProcess = OpenProcess(...); // whatever way you want to get a read/write/operation handle to the target process
IntPtr hModule = method.Inject(...); // as normal
var crapware = new byte[0x40]; // size of an IMAGE_DOS_HEADER (each element of a new byte array is initialized with itsdefault value (0) in C#)
WriteProcessMemory(hProcess, hModule, crapware, crapware.Length, IntPtr.Zero);
CloseHandle(hProcess);

Given that the PE header is always at the beginning of the module (the pointer to which you get from my library's "Inject" method), it's a simple matter to just set the entire DOS header to 0. You can, of course, take this even further and make it more sophisticated but that's the basics of it.

[molot]

nice job man

[ccman32]

I got another problem @Jason. After adding the removepeheader method and compiling i added the reference to the library in my vb.net injector project. Now, every time when i compile my project im getting an error during build process. Just a popup message telling me that without any other information. Somehow i managed to compile and run the program but right when it injects i get a JIT Debugger error that InjectionLibrary.InjectionMethod in the assembly "InjectionLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" could not be loaded. Why am i getting this error pissing me off since like 2 hours now?!?

[dino42]

Nice work jason! now i can finish euro farmer for AVA.

[Jason]

I got another problem @Jason. After adding the removepeheader method and compiling i added the reference to the library in my vb.net injector project. Now, every time when i compile my project im getting an error during build process. Just a popup message telling me that without any other information. Somehow i managed to compile and run the program but right when it injects i get a JIT Debugger error that InjectionLibrary.InjectionMethod in the assembly "InjectionLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" could not be loaded. Why am i getting this error pissing me off since like 2 hours now?!?

It usually has more information than that. It might be that you're compiling with the wrong target architecture. I can't remember now if the DLL was x86 or AnyCPU.

[R4v0r]

@Jason, why can't I download?

[Jason]

@Jason, why can't I download?

I can still see the download link. Make sure you're on the first page of the thread.

[meldino]

There are no downloadable files.. Wut?
EDIT::: Works now. lulz

[Rastajan]

This sounds really interesting and i'd like to deal with it but i am not able to see the attached files...

Regards, Rastajan.

[R3DDOT]

Wazzzuuuup.

Been working on this for a while now. It's a .NET library with various injection methods which make it very straightforward to make your own injectors/loaders. It even includes a public Manual Map injection method.

Although the source is in C#, the compiled library is usable in both VB.NET and C#, depending on your language preferences. I have included both the raw binary as well as the project folder in the attachments to this post.

The source is fairly documented, but I get lazy so there may be sections that you'll need to work out for yourself when looking into the source. The project targets .NET 2.0, so there should be no compatibility issues with projects you want to make.

To use the library, simply create a new .NET project and add the library as a project reference. (Project >> Add Reference >> Browse >> Locate DLL)

I've implemented this library using a factory pattern, so using the various different injection methods are very straightforward. All the various types of injection inherit from the base "InjectionMethod" class, which implements two different methods for injecting.

Code:

Inject(...)           // inject a single module
or
InjectAll(...)        // inject a range of modules

Both of these methods have various overloads but the key point is that each method can either inject from a PortableExecutable object, or from a file location. A PortableExecutable object can be created in-memory, or from a file location. This means that when using ManualMap injection, it's possible to inject a DLL without it ever touching the harddisk during the injection process. Standard/ThreadHijack methods both call LoadLibrary, so even if you pass a PortableExecutable object to these injection methods, the module will be written to disk in a random location.

The two main namespaces you'll likely refer to are going to be

Code:

C#
using InjectionLibrary;
using JLibrary.PortableExecutable;

VB.NET
Imports InjectionLibrary
Imports JLibrary.PortableExecutable

Example 1: Using the creation factory to make an injection method

Code:

C# -
InjectionMethod injector = InjectionMethod.Create(InjectionMethodType.ManualMap);

VB.NET -
Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap)

Example 2: Super-stealthy injection from resources.

Code:

C# -
var injector = InjectionMethod.Create(InjectionMethodType.ManualMap);
var processId = Process.GetProcessesByName("engine")[0].Id;
var hModule = IntPtr.Zero;

using (var img = new PortableExecutable(Properties.Resources.TestDll))
    hModule = injector.Inject(img, processId);

if (hModule != IntPtr.Zero)
{
    // injection was successful
}
else
{
    // injection failed
    if (injector.GetLastError() != null)
        MessageBox.Show(injector.GetLastError().Message);
}




VB.NET -
Dim injector As InjectionMethod = InjectionMethod.Create(InjectionMethodType.ManualMap)
Dim processId As Integer = Process.GetProcessesByName("engine")(0).Id
Dim hModule As IntPtr = IntPtr.Zero

Using img As New PortableExecutable(My.Resources.TestDll)
    hModule = injector.Inject(img, processId)
End Using

If hModule <> IntPtr.Zero
    ' injection successful
Else
    ' injection failed
    If injector.GetLastError() IsNot Nothing
        MessageBox.Show(injector.GetLastError().Message)
    End If
End If

Virus Scans
Binary:
[x][x]
Source:
[x][x]

That's about the crux of it, the injector is on x86 compatible, meaning you won't be able to inject into x64 processes, but that shouldn't be too much of an issue. If you have any other questions about using the library, just ask in the thread.
The library is released under the GNU GPL, so you're free to use the library however you wish, I'm not responsible for whatever you make with it though, and I ask for a mention if you release an injector/loader using my library, nothing fancy just an acknowledgement of my work.

Cheers,
Jason

Why is it that when I try to import the library into an assembly, I can't build it?
When I try to build it, it says there were build errors, then I go see what errors are there and the error tab shows up blank o.o