0

Lets say I have an executable 'foobar.exe' written in C# and now compiled, running on a Windows box. One of the functions in the application is the following (example):

public static async Task LoadBox(string msg)
{
    System.Windows.Forms.MessageBox.Show(msg);
}

I would like to write a DLL in C# that calls this method in the application. The DLL, say 'injected.dll', will be injected into the running 'foobar.exe' process using the injector referenced here: http://www.codingvision.net/miscellaneous/c-inject-a-dll-into-a-process-w-createremotethread

Is it possible from the newly injected DLL to call the public function in the original exe? If so, any example code in C# would be appreciated.

acelives
  • 13
  • 1
  • 4
  • If the DLL is a .NET DLL, there's no need for using Windows API calls. Just use [`Assembly.LoadFrom` and similar](https://learn.microsoft.com/en-us/dotnet/framework/deployment/best-practices-for-assembly-loading) (note that links to a "best practices" doc for loading assemblies). – Heretic Monkey Mar 06 '19 at 22:04
  • Related, if not a dupe: [Correct Way to Load Assembly, Find Class and Call Run() Method](https://stackoverflow.com/q/1137781/215552) – Heretic Monkey Mar 06 '19 at 22:07
  • To clarify, I will not be modifying the 'foobar.exe' application to load the DLL. Foobar.exe is a third-party application (which is written in C#), that I have identified a method within that I would like to call while the foobar.exe application is already running, by injecting a DLL into the running process and invoking its LoadBox method. – acelives Mar 06 '19 at 22:13
  • My friend and I are discussing this right now. There is no way (within reason) to accomplish this. I have used injection many times but that wasn't trying to go across managed boundaries. It seems as if nobody is even reading your "running" requirement. I would speculate that C++/CLI 'might' give you a shot at it but that will be extremely difficult to say the least. Another option? Dissasemble the exe and do whatever you want to it. – Señor CMasMas Mar 06 '19 at 22:17
  • Yeah, it is disassembled (decompiled, thanks MSIL!), and has been patched to do what I want. I'm really just curious about writing an executable that injects itself into the running process and then invokes the method, to bypass a check made by the program before it runs LoadBox(), so that I don't have to use a patched binary. – acelives Mar 06 '19 at 22:55

1 Answers1

0

My approach would be to use the concepts of Reflection. We could make the EXE load an assembly through reflection, discover a Type and invoke a method on this Type and then pass an instance of a class in your EXE to this method, which in turn does a call back. A round about way - but it would work.

You can use the method System.Reflection.Assembly.LoadFrom( to load an assembly compiled for .NET. This is a fairly old technique, nothing new about it. Dependency contains and applications that are meant to load plugins post deployment are written using this method.

Step 1

Load the plugin assembly into the current Appdomain using System.Reflection.LoadFrom

Step 2

Find the Type in this plugin assembly by using Assembly.GetTypes()

Step 3

Pass an instance of a class defined in your EXE into the plugin and have the plugin do a call back. This is what an event call back would actually do.

Link

https://learn.microsoft.com/en-us/dotnet/api/system.activator.createinstance?view=netframework-4.7.2#System_Activator_CreateInstance_System_AppDomain_System_String_System_String_System_Boolean_System_Reflection_BindingFlags_System_Reflection_Binder_System_Object___System_Globalization_CultureInfo_System_Object___

Sau001
  • 1,451
  • 1
  • 18
  • 25