Skip to content

Commit

Permalink
Fixed problems preventing the pipe from being used properly when laun…
Browse files Browse the repository at this point in the history
…ched from Jollypop Injector
  • Loading branch information
AWilliams17 committed Aug 3, 2019
1 parent 15d2b01 commit 6e833be
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 13 deletions.
Binary file modified MonoJabber/.vs/MonoJabber/v15/.suo
Binary file not shown.
Binary file modified MonoJabber/.vs/MonoJabber/v15/Browse.VC.db
Binary file not shown.
29 changes: 16 additions & 13 deletions MonoJabber/MonoJabber/MonoJabber.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ std::string GetMonoLoaderDLLPath() {
std::string::size_type positionToTrunc = std::string(buffer).find_last_of("\\/");
std::string currentDirectory = std::string(buffer).substr(0, positionToTrunc);
std::string pathToLoaderDLL = currentDirectory + "\\MonoLoaderDLL.dll";
const char *pathArg = pathToLoaderDLL.c_str(); // Really don't like this.
const char *pathArg = pathToLoaderDLL.c_str();

if (!DoesDLLExist(&pathArg)) {
return "";
Expand All @@ -58,10 +58,10 @@ std::string GetMonoLoaderDLLPath() {
}

HANDLE CreatePipe() {
HANDLE hPipe = ::CreateNamedPipe(("\\\\.\\pipe\\MLPipe"),
HANDLE hPipe = ::CreateNamedPipe("\\\\.\\pipe\\MLPipe",
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_WAIT,
1,
PIPE_UNLIMITED_INSTANCES,
4096,
4096,
NMPWAIT_USE_DEFAULT_WAIT,
Expand Down Expand Up @@ -154,7 +154,7 @@ int main(int argc, char* argv[]) {
EndApplication();
}

// Inject MonoLoaderDLL.dll into the injectee
// Inject MonoLoaderDLL.dll into the target
if (!mMemoryFunctions::mInjectDLL(targetProcess, monoLoaderDLLPath)) {
printf("Error: Failed to inject MonoLoaderDLL.dll into the target process. Are you running as admin?"
"LastErrorCode: %i\n", GetLastError()
Expand All @@ -163,7 +163,7 @@ int main(int argc, char* argv[]) {
}
printf("MonoLoader.dll injected.\n");

// Write the parameter struct to the injectee's memory
// Write the parameter struct to the target's memory
LPVOID addressOfParams = VirtualAllocEx(injecteeHandle, NULL, sizeof(LoaderArguments), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
if (!WriteProcessMemory(injecteeHandle, addressOfParams, &lArgs, sizeof(LoaderArguments), 0)) {
printf("Error: WriteProcessMemory returned false. Are you running as admin?"
Expand All @@ -172,7 +172,7 @@ int main(int argc, char* argv[]) {
}
printf("Paramater struct written to target.\n");

// Grab MonoLoaderDLL.dll's Inject method offset, add it to the injectee's base,
// Grab MonoLoaderDLL.dll's Inject method offset, add it to the target's base,
// call it with the param struct, then close the handle.
uintptr_t targetFunctionAddress = GetMonoLoaderFuncAddress(monoLoaderDLLPath, injecteeHandle);

Expand All @@ -186,18 +186,21 @@ int main(int argc, char* argv[]) {
HANDLE hPipe = CreatePipe();
char buffer[1024];
DWORD dwRead;
while (hPipe != INVALID_HANDLE_VALUE) {
if (ConnectNamedPipe(hPipe, NULL) != FALSE) {
while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE) {
printf("-Received result from MonoLoaderDLL-\n");
printf("MonoLoaderDLL says: %s\n", buffer);
}
if (hPipe != INVALID_HANDLE_VALUE) {
ConnectNamedPipe(hPipe, NULL); // Block until connection is made. TODO: Make asynchronous... Or atleast have a timeout.
while (ReadFile(hPipe, buffer, sizeof(buffer) - 1, &dwRead, NULL) != FALSE) {
printf("-Received result from MonoLoaderDLL-\n");
printf("MonoLoaderDLL says: %s\n", buffer);
}
} else {
printf("Error: CreateNamedPipe call failed - Handle is invalid. Last error code: %i\n", GetLastError());
printf("This means you won't be able to see any error message from the DLL - it'll fail silently.\n");
}
printf("Pipe closed.\n");
DisconnectNamedPipe(hPipe);
CloseHandle(hPipe);
}
CloseHandle(injecteeHandle);

printf("Done.\n");
return 0;
}
1 change: 1 addition & 0 deletions MonoLoaderDLL/MonoLoaderDLL/MonoLoaderDLL.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
#include <string>
#include <WinUser.h>


HANDLE GetPipe() {
HANDLE hPipe = CreateFile(TEXT("\\\\.\\pipe\\MLPipe"),
GENERIC_READ | GENERIC_WRITE,
Expand Down
4 changes: 4 additions & 0 deletions TODO.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
[ ] Make pipes optional
[ ] Dynamic pipe names (EG: process named 'x' will have a pipe name of 'x + (PID)') - or use randomized pipe names (pass the pipe name as a param)
[ ] Timeouts on pipe functions
[ ] Asynchronous pipes

0 comments on commit 6e833be

Please sign in to comment.