I'm releasing XyInjector as an Open Source for many reasons. First, the reason is for the public to be able to look at some code and maybe learn a few things from it
Secondly is a personal reason. I honestly have been debugging this for a while and can't seem to find the issue.
Now the code:
Form1.vb
Code:
Public Class Form1
Private Sub InjectDLLs(ByRef currentProcess As Process)
Dim resultBoolean As Boolean
Dim errorString As String = ""
Dim dllNameString As String
If RadioButton1.Checked Then
dllNameString = TextBox1.Text
ElseIf RadioButton2.Checked Then
dllNameString = TextBox2.Text
Else
dllNameString = TextBox1.Text
End If
resultBoolean = InjectorSystem.Inject(currentProcess, dllNameString, errorString)
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim selectedIDString As String
Dim tokensString() As String
Dim idInteger As Integer
Dim selectedProcess As Process
selectedIDString = ComboBox1.Items(ComboBox1.SelectedIndex)
tokensString = selectedIDString.Split("")
idInteger = Integer.Parse(tokensString(0))
selectedProcess = Process.GetProcessById(idInteger)
InjectDLLs(selectedProcess)
End Sub
Private Sub Button2_Click(sender As Object, e As EventArgs) Handles Button2.Click
Dim processes() As Process
Dim currentProcess As Process
Dim processString As String
ComboBox1.Items.Clear()
processes = Process.GetProcesses()
For Each currentProcess In processes
processString = currentProcess.Id.ToString
processString = processString.PadLeft(8, "0")
processString = processString & ""& currentProcess.ProcessName
ComboBox1.Items.Add(processString)
Next
ComboBox1.SelectedIndex = -1
ComboBox1.Sorted = True
End Sub
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
Dim processes() As Process
Dim currentProcess As Process
Dim procString As String
processes = Process.GetProcesses()
For Each currentProcess In processes
procString = currentProcess.Id.ToString
procString = procString.PadLeft(8, "0")
procString = procString & ""& currentProcess.ProcessName
ComboBox1.Items.Add(procString)
Next
ComboBox1.SelectedIndex = -1
ComboBox1.Sorted = True
End Sub
End Class
Code:
Imports System.Runtime.InteropServices
Public Class InjectorSystem
Private Class WINAPI
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function OpenProcess( _
ByVal dwDesiredAccess As UInteger, _
ByVal bInheritHandle As Integer, _
ByVal dwProcessId As UInteger) As IntPtr
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function CloseHandle( _
ByVal hObject As IntPtr) As Boolean
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function GetProcAddress( _
ByVal hModule As IntPtr, _
ByVal lpProcName As String) As IntPtr
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function GetModuleHandle( _
ByVal lpModuleName As String) As IntPtr
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function VirtualAllocEx( _
ByVal hProcess As IntPtr, _
ByVal lpAddress As IntPtr, _
ByVal dwSize As UInteger, _
ByVal flAllocationType As UInteger, _
ByVal flProtect As UInteger) As IntPtr
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function WriteProcessMemory( _
ByVal hProcess As IntPtr, _
ByVal lpBaseAddress As IntPtr, _
ByVal lpBuffer As Byte(), _
ByVal nSize As UInteger, _
<Out()> ByRef lpNumberOfBytesWritten As Integer) As Boolean
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Shared Function CreateRemoteThread( _
ByVal hProcess As IntPtr, _
ByVal lpThreadAttribute As IntPtr, _
ByVal dwStackSize As IntPtr, _
ByVal lpStartAddress As IntPtr, _
ByVal lpParameter As IntPtr, _
ByVal dwCreationFlags As UInteger, _
<Out()> ByRef lpThreadId As IntPtr) As IntPtr
End Function
End Class
Public Enum AccessType As Integer
PROCESS_CREATE_THREAD = &H2
PROCESS_VM_OPERATION = &H8
PROCESS_VM_READ = &H10
PROCESS_VM_WRITE = &H20
PROCESS_QUERY_INFORMATION = &H400
End Enum
Public Enum AllocationType As Integer
MEM_COMMIT = &H1000
MEM_RESERVE = &H2000
MEM_RESET = &H80000
End Enum
Public Enum ProtectionConstants As Integer
PAGE_EXECUTE = &H10
PAGE_EXECUTE_READ = &H20
PAGE_EXECUTE_READWRITE = &H40
PAGE_EXECUTE_WRITECOPY = &H80
PAGE_NOACCESS = &H1
End Enum
Public Shared Function Inject(ByRef toBeInjectedProcess As Process, ByRef dllPathString As String, ByRef errorString As String) As Boolean
Dim hwndIntPtr As IntPtr = IntPtr.Zero
Dim resultBoolean As Boolean
' Create remote thread
resultBoolean = CRT(toBeInjectedProcess, dllPathString, errorString, hwndIntPtr)
If Not hwndIntPtr.Equals(IntPtr.Zero) Then
WINAPI.CloseHandle(hwndIntPtr)
End If
Return resultBoolean
End Function
Private Shared Function CRT(ByRef toBeInjectedProcess As Process, ByRef dllPathString As String, ByRef errorString As String, ByRef hwndIntPtr As IntPtr) As Boolean
errorString = ""
hwndIntPtr = WINAPI.OpenProcess( _
AccessType.PROCESS_CREATE_THREAD Or AccessType.PROCESS_QUERY_INFORMATION Or AccessType.PROCESS_VM_OPERATION Or AccessType.PROCESS_VM_READ Or AccessType.PROCESS_VM_WRITE, _
1, _
toBeInjectedProcess.Id)
If hwndIntPtr.Equals(IntPtr.Zero) Then
errorString = "Unable to attach to process."& vbNewLine
errorString = errorString & "Error code: "& Marshal.GetLastWin32Error()
Return False
End If
Dim functAddressIntPtr As IntPtr
' Get LoadLibraryA function address pointer
functAddressIntPtr = WINAPI.GetProcAddress( _
WINAPI.GetModuleHandle("kernel32.dll"), _
"LoadLibraryA")
If functAddressIntPtr.Equals(IntPtr.Zero) Then
errorString = "Unable to find address of ""LoadLibraryA""."& vbNewLine
errorString = errorString & "Error code: "& Marshal.GetLastWin32Error()
Return False
End If
Dim functParamIntPtr As IntPtr
' Allocate memory space for parameter data in the injected process
functParamIntPtr = WINAPI.VirtualAllocEx( _
hwndIntPtr, _
0, _
dllPathString.Length, _
AllocationType.MEM_COMMIT Or AllocationType.MEM_RESERVE, _
ProtectionConstants.PAGE_EXECUTE_READWRITE)
If functParamIntPtr.Equals(IntPtr.Zero) Then
errorString = "Unable to allocate memory to target process."& vbNewLine
errorString = errorString & "Error code: "& Marshal.GetLastWin32Error()
Return False
End If
Dim bytes() As Byte = CalculateBytes(dllPathString)
Dim resultBoolean As Boolean
' Write the parameter data into the allocated memory space
resultBoolean = WINAPI.WriteProcessMemory(hwndIntPtr, functParamIntPtr, bytes, bytes.Length, Nothing)
If resultBoolean = False Then
errorString = "Unable to write memory to process."& vbNewLine
errorString = errorString & "Error code: "& Marshal.GetLastWin32Error()
Return False
End If
Dim threadHndIntPtr As IntPtr
' Run LoadLibraryA in the injected process
threadHndIntPtr = WINAPI.CreateRemoteThread(hwndIntPtr, Nothing, 0, functAddressIntPtr, functParamIntPtr, 0, 0)
If threadHndIntPtr.Equals(IntPtr.Zero) Then
errorString = "Unable to load dll into memory."& vbNewLine
errorString = errorString & "Error code: "& Marshal.GetLastWin32Error()
Return False
End If
' Inject successful
Return True
End Function
Private Shared Function CalculateBytes(ByRef sToConvert As String) As Byte()
Dim returnBytes() As Byte = System.Text.Encoding.ASCII.GetBytes(sToConvert)
Return returnBytes
End Function
End Class