void ThreadPicker::OnAttachProfilerAll(wxCommandEvent& event)
{
if ( AttachToProcess(true) )
{
EndModal(ATTACH);
}
}
void ThreadPicker::OnAttachProfiler()
{
if ( AttachToProcess(false) )
{
EndModal(ATTACH);
}
}
/// <summary>
/// Load selected image and do some validation
/// </summary>
DWORD MainDlg::SetActiveProcess( bool createNew, const wchar_t* path, DWORD pid /*= 0xFFFFFFFF*/ )
{
HWND hCombo = GetDlgItem( _hMainDlg, IDC_COMBO_PROC );
if (createNew)
{
std::wstring procName = blackbone::Utils::StripPath( path ) + L" (New process)";
// Update process list
auto idx = ComboBox_AddString( hCombo, procName.c_str() );
ComboBox_SetItemData( hCombo, idx, -1 );
ComboBox_SetCurSel( hCombo, idx );
// Enable command line options field
EnableWindow( GetDlgItem( _hMainDlg, IDC_CMDLINE ), TRUE );
_newProcess = true;
_procPath = path;
}
else if (pid != 0xFFFFFFFF && AttachToProcess( pid ) == ERROR_SUCCESS)
{
FillThreads();
_newProcess = false;
if (path != nullptr)
{
std::wstring procName = std::wstring( path ) + L" (" + std::to_wstring( _proc.pid() ) + L")";
_procPath = path;
auto idx = ComboBox_AddString( hCombo, procName.c_str() );
ComboBox_SetItemData( hCombo, idx, -1 );
ComboBox_SetCurSel( hCombo, idx );
}
else
_procPath = _proc.modules().GetMainModule()->name;
// Disable command line option field
EnableWindow( GetDlgItem( _hMainDlg, IDC_CMDLINE ), FALSE );
}
return ERROR_SUCCESS;
}
/// <summary>
/// Injection routine
/// </summary>
/// <param name="path">Image path</param>
/// <param name="init">Initizliation routine/param>
/// <param name="arg">Initizliation routine argument</param>
/// <returns>Error code</returns>
DWORD MainDlg::InjectWorker( std::wstring path, std::string init, std::wstring arg )
{
blackbone::Thread *pThread = nullptr;
const blackbone::ModuleData* mod = nullptr;
PROCESS_INFORMATION pi = { 0 };
wchar_t cmdline[256] = { 0 };
HWND hCombo = GetDlgItem( _hMainDlg, IDC_THREADS );
DWORD thdId = (DWORD)ComboBox_GetItemData( hCombo, ComboBox_GetCurSel( hCombo ) );
bool bManual = ComboBox_GetCurSel( GetDlgItem( _hMainDlg, IDC_OP_TYPE ) ) == 1;
GetDlgItemTextW( _hMainDlg, IDC_CMDLINE, cmdline, ARRAYSIZE( cmdline ) );
// Check export
if (ValidateInit( init.c_str() ) != STATUS_SUCCESS)
return ERROR_CANCELLED;
// Create new process
if (_newProcess)
{
STARTUPINFOW si = { 0 };
si.cb = sizeof(si);
if (!CreateProcessW( _procPath.c_str(), cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi ))
{
MessageBoxW( _hMainDlg, L"Failed to create new process", L"Error", MB_ICONERROR );
return GetLastError();
}
thdId = 0;
// Wait for process to initialize loader
Sleep( 1 );
AttachToProcess( pi.dwProcessId );
}
// Final sanity check
if (ValidateImage( path.c_str(), init.c_str() ) != ERROR_SUCCESS)
{
if (_newProcess)
TerminateProcess( pi.hProcess, 0 );
return ERROR_CANCELLED;
}
// Normal inject
if (bManual == false)
{
if (_imagePE.IsPureManaged())
{
DWORD code = 0;
if (!_proc.modules().InjectPureIL( blackbone::ImageNET::GetImageRuntimeVer( path.c_str() ),
path, blackbone::Utils::AnsiToWstring( init ), arg, code ))
{
if (_newProcess)
TerminateProcess( pi.hProcess, 0 );
MessageBoxW( _hMainDlg, L"Failed to inject image", L"Error", MB_ICONERROR );
return ERROR_FUNCTION_FAILED;
}
}
else if (!_newProcess && thdId != 0)
{
pThread = _proc.threads().get( thdId );
if (pThread == nullptr)
{
if (_newProcess)
TerminateProcess( pi.hProcess, 0 );
MessageBoxW( _hMainDlg, L"Selected thread does not exist", L"Error", MB_ICONERROR );
return ERROR_NOT_FOUND;
}
// Load
auto pLoadLib = _proc.modules().GetExport( _proc.modules().GetModule( L"kernel32.dll" ), "LoadLibraryW" ).procAddress;
blackbone::RemoteFunction<decltype(&LoadLibraryW)> pfn( _proc, (decltype(&LoadLibraryW))pLoadLib, path.c_str() );
decltype(pfn)::ReturnType junk = 0;
pfn.Call( junk, pThread );
mod = _proc.modules().GetModule( path );
}
else
mod = _proc.modules().Inject( path );
}
// Manual map
else
{
thdId = 0;
int flags = blackbone::RebaseProcess | blackbone::NoDelayLoad | MmapFlags();
mod = _proc.mmap().MapImage( path, flags );
}
if (mod == 0 && !_imagePE.IsPureManaged())
{
if (_newProcess)
TerminateProcess( pi.hProcess, 0 );
MessageBoxW( _hMainDlg, L"Failed to inject image", L"Error", MB_ICONERROR );
return ERROR_NOT_FOUND;
}
// Call init for native image
if (!init.empty() && !_imagePE.IsPureManaged())
{
auto fnPtr = _proc.modules().GetExport( mod, init.c_str() ).procAddress;
if (thdId == 0)
{
auto argMem = _proc.memory().Allocate( 0x1000, PAGE_READWRITE );
argMem.Write( 0, arg.length() * sizeof(wchar_t)+2, arg.c_str() );
_proc.remote().ExecDirect( fnPtr, argMem.ptr() );
}
else
{
pThread = _proc.threads().get( thdId );
if (pThread == nullptr)
{
if (_newProcess)
TerminateProcess( pi.hProcess, 0 );
MessageBoxW( _hMainDlg, L"Selected thread does not exist", L"Error", MB_ICONERROR );
return ERROR_NOT_FOUND;
}
blackbone::RemoteFunction<int( _stdcall* )(const wchar_t*)> pfn( _proc, (int( _stdcall* )(const wchar_t*))fnPtr, arg.c_str() );
int junk = 0;
pfn.Call( junk, pThread );
}
}
// Unlink module if required
if (!_imagePE.IsPureManaged() && !bManual && Button_GetCheck( GetDlgItem( _hMainDlg, IDC_UNLINK ) ))
if (_proc.modules().Unlink( mod ) == false)
MessageBoxW( _hMainDlg, L"Failed to unlink module", L"Error", MB_ICONERROR );
// MessageBoxW( _hMainDlg, L"Successfully injected", L"Info", MB_ICONINFORMATION );
//ResumeThread( pi.hThread );
return ERROR_SUCCESS;
}