Dll Injection in C# not working

Question

I have got the following code.

    using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Threading;
using ClassLibrary1;

namespace Injection
{
    class Program
    {
        static void Main(string[] args)
        {
            //ClassLibrary1.Class1.Main();
            Program p = new Program();
            String strDLLName = "C:\\Users\\pente\\Documents\\Visual Studio 2015\\Projects\\Injection\\ClassLibrary1\\obj\\Debug\\ClassLibrary1.dll";
            String strProcessName = "notepad";

            Int32 ProcID = p.GetProcessId(strProcessName);
            if (ProcID >= 0)
            {
                IntPtr hProcess = (IntPtr)OpenProcess(0x1F0FFF, 1, ProcID);
                if (hProcess == null)
                {
                   Console.WriteLine("OpenProcess() Failed!");
                    return;
                }
                else
                    p.InjectDLL(hProcess, strDLLName);
            }
        }

        public void InjectDLL(IntPtr hProcess, String strDLLName)
        {
            IntPtr bytesout;

            // Length of string containing the DLL file name +1 byte padding 
            Int32 LenWrite = strDLLName.Length + 1;
            // Allocate memory within the virtual address space of the target process 
            IntPtr AllocMem = (IntPtr)VirtualAllocEx(hProcess, (IntPtr)null, (uint)LenWrite, 0x1000, 0x40); //allocation pour WriteProcessMemory 

            // Write DLL file name to allocated memory in target process 
            WriteProcessMemory(hProcess, AllocMem, strDLLName, (UIntPtr)LenWrite, out bytesout);
            // Function pointer "Injector" 
            UIntPtr Injector = (UIntPtr)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");

            if (Injector == null)
            {
                Console.WriteLine(" Injector Error! \\n ");
                // return failed 
                return;
            }

            // Create thread in target process, and store handle in hThread 
            IntPtr hThread = (IntPtr)CreateRemoteThread(hProcess, (IntPtr)null, 0, Injector, AllocMem, 0, out bytesout);
            // Make sure thread handle is valid 
            if (hThread == null)
            {
                //incorrect thread handle ... return failed 
                Console.WriteLine(" hThread [ 1 ] Error! \\n ");
                return;
            }
            // Time-out is 10 seconds... 
            int Result = WaitForSingleObject(hThread, 10 * 1000);
            // Check whether thread timed out... 
            if (Result == 0x00000080L || Result == 0x00000102L || Result == 0xFFFFFFFF)
            {
                /* Thread timed out... */
                Console.WriteLine(" hThread [ 2 ] Error! \\n ");
                // Make sure thread handle is valid before closing... prevents crashes. 
                if (hThread != null)
                {
                    //Close thread in target process 
                    CloseHandle(hThread);
                }
                return;
            }
            // Sleep thread for 1 second 
            Thread.Sleep(1000);
            // Clear up allocated space ( Allocmem ) 
            VirtualFreeEx(hProcess, AllocMem, (UIntPtr)0, 0x8000);
            // Make sure thread handle is valid before closing... prevents crashes. 
            if (hThread != null)
            {
                //Close thread in target process 
                CloseHandle(hThread);
            }
            // return succeeded 
            return;
        }
        [DllImport("kernel32")]
        public static extern IntPtr CreateRemoteThread(
      IntPtr hProcess,
      IntPtr lpThreadAttributes,
      uint dwStackSize,
      UIntPtr lpStartAddress, // raw Pointer into remote process 
      IntPtr lpParameter,
      uint dwCreationFlags,
      out IntPtr lpThreadId
    );

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(
            UInt32 dwDesiredAccess,
            Int32 bInheritHandle,
            Int32 dwProcessId
            );

        [DllImport("kernel32.dll")]
        public static extern Int32 CloseHandle(
        IntPtr hObject
        );

        [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
        static extern bool VirtualFreeEx(
            IntPtr hProcess,
            IntPtr lpAddress,
            UIntPtr dwSize,
            uint dwFreeType
            );

        [DllImport("kernel32.dll", CharSet = CharSet.Ansi, ExactSpelling = true)]
        public static extern UIntPtr GetProcAddress(
            IntPtr hModule,
            string procName
            );

        [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
        static extern IntPtr VirtualAllocEx(
            IntPtr hProcess,
            IntPtr lpAddress,
            uint dwSize,
            uint flAllocationType,
            uint flProtect
            );

        [DllImport("kernel32.dll")]
        static extern bool WriteProcessMemory(
            IntPtr hProcess,
            IntPtr lpBaseAddress,
            string lpBuffer,
            UIntPtr nSize,
            out IntPtr lpNumberOfBytesWritten
        );

        [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
        public static extern IntPtr GetModuleHandle(
            string lpModuleName
            );

        [DllImport("kernel32", SetLastError = true, ExactSpelling = true)]
        internal static extern Int32 WaitForSingleObject(
            IntPtr handle,
            Int32 milliseconds
            );

        public Int32 GetProcessId(String proc)
        {
            Process[] ProcList;
            ProcList = Process.GetProcessesByName(proc);
            return ProcList[0].Id;
        }
    }
}

The code above is my main program. I have got a dll, whose code is illustrated below, that I try to inject into a notepad.

    using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace ClassLibrary1
{
    public class Class1
    {
        public static void Main()
        {
            Console.WriteLine("Succeeded!!");
            Console.ReadLine();
        }

    }
}

I added the library code as a dll reference to the main code.

The code runs, and basically does nothing. What am I missing? why doesnt it work?

You cannot use LoadLibrary() to load a C# DLL, only the CLR knows how to load an assembly. Injecting the CLR into another process, well, it isn't *exactly* impossible but certainly a very bad idea. It suffers heavily from the "what if two programs do this" problem. Which is a lot more likely than you'll assume, too many shell extensions and COM servers were written in C#. — Hans Passant, Dec 24 '15 at 15:40
Take a look on this article http://www.codeproject.com/Articles/607352/Injecting-Net-Assemblies-Into-Unmanaged-Processes — Anton Semenov, Dec 25 '15 at 07:07

score 3 · Answer 1 · answered Dec 24 '15 at 15:41

3

Your code trying to call an native library but you link to an .NET library, so your .NET library Main get never called. So the best solution is to create an native library (with e.g. C++) and load the .Net Framework into your host program and then run the managed Main-Method.

tl;dr: LoadLibrary etc. only loads native libraries

answered Dec 24 '15 at 15:41

DogeAmazed

858
11
28

Say, is there a resource link to C++ code that injects c# dll into a process well? cause I googled, and I found code samples that dont do the job – XWorm Dec 24 '15 at 15:49
@XWorm You can look on the library EasyHook. They took all the native work off you, and you just need to write some C# to inject your .NET Dll – DogeAmazed Dec 24 '15 at 20:43

Dll Injection in C# not working

1 Answers1