-
Notifications
You must be signed in to change notification settings - Fork 46
/
Injector.cs
160 lines (137 loc) · 5.92 KB
/
Injector.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
using System;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Security.AccessControl;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks;
using System.Windows;
using Microsoft.VisualBasic;
namespace HorionInjector
{
partial class MainWindow
{
// IMPORTS
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(IntPtr dwDesiredAccess, bool bInheritHandle, uint processId);
[DllImport("kernel32.dll")]
public static extern bool CloseHandle(IntPtr hObject);
[DllImport("kernel32.dll")]
public static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll")]
public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, char[] lpBuffer, int nSize, out IntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll")]
public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, ref IntPtr lpThreadId);
[DllImport("kernel32.dll")]
public static extern uint WaitForSingleObject(IntPtr handle, uint milliseconds);
[DllImport("kernel32.dll")]
public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, IntPtr dwFreeType);
[DllImport("user32.dll")]
public static extern IntPtr FindWindow(String lpClassName, String lpWindowName);
[DllImport("user32.dll")]
public static extern bool SetForegroundWindow(IntPtr hWnd);
//
private void Inject(string path)
{
if (!File.Exists(path))
{
MessageBox.Show("DLL not found, your Antivirus might have deleted it.");
goto done;
}
if (File.ReadAllBytes(path).Length < 10)
{
MessageBox.Show("DLL broken (Less than 10 bytes)");
goto done;
}
SetStatus("setting file perms");
try
{
var fileInfo = new FileInfo(path);
var accessControl = fileInfo.GetAccessControl();
accessControl.AddAccessRule(new FileSystemAccessRule(new SecurityIdentifier("S-1-15-2-1"), FileSystemRights.FullControl, InheritanceFlags.None, PropagationFlags.NoPropagateInherit, AccessControlType.Allow));
fileInfo.SetAccessControl(accessControl);
}
catch (Exception)
{
MessageBox.Show("Could not set permissions, try running the injector as admin.");
goto done;
}
SetStatus("finding process");
var processes = Process.GetProcessesByName("Minecraft.Windows");
if (processes.Length == 0)
{
SetStatus("launching minecraft");
if (Interaction.Shell("explorer.exe shell:appsFolder\\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App", Wait: false) == 0)
{
MessageBox.Show("Failed to launch Minecraft (Is it installed?)");
goto done;
}
Task.Run(() =>
{
int t = 0;
while (processes.Length == 0)
{
if (++t > 200)
{
MessageBox.Show("Minecraft launch took too long.");
return;
}
processes = Process.GetProcessesByName("Minecraft.Windows");
Thread.Sleep(10);
}
Thread.Sleep(3000);
}).Wait();
}
var process = processes.First(p => p.Responding);
for (int i = 0; i < process.Modules.Count; i++)
{
if (process.Modules[i].FileName == path)
{
MessageBox.Show("Already injected!");
goto done;
}
}
SetStatus("injecting into " + process.Id);
IntPtr handle = OpenProcess((IntPtr)2035711, false, (uint)process.Id);
if (handle == IntPtr.Zero || !process.Responding)
{
MessageBox.Show("Failed to get process handle");
goto done;
}
IntPtr p1 = VirtualAllocEx(handle, IntPtr.Zero, (uint)(path.Length + 1), 12288U, 64U);
WriteProcessMemory(handle, p1, path.ToCharArray(), path.Length, out IntPtr p2);
IntPtr procAddress = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
IntPtr p3 = CreateRemoteThread(handle, IntPtr.Zero, 0U, procAddress, p1, 0U, ref p2);
if (p3 == IntPtr.Zero)
{
MessageBox.Show("Failed to create remote thread");
goto done;
}
uint n = WaitForSingleObject(p3, 5000);
if (n == 128L || n == 258L)
{
CloseHandle(p3);
}
else
{
VirtualFreeEx(handle, p1, 0, (IntPtr)32768);
if (p3 != IntPtr.Zero)
CloseHandle(p3);
if (handle != IntPtr.Zero)
CloseHandle(handle);
}
IntPtr windowH = FindWindow(null, "Minecraft");
if (windowH == IntPtr.Zero)
Console.WriteLine("Couldn't get window handle");
else
SetForegroundWindow(windowH);
done: SetStatus("done");
}
}
}