-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathCallFunctionThreadProc.cs
82 lines (66 loc) · 2.78 KB
/
CallFunctionThreadProc.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
using System;
using System.ComponentModel;
namespace Com.Xenthrax.DllInjector
{
public partial class DllInjector : IDisposable
{
public uint CallFunctionThreadProc<T>(IntPtr Function, ref T Paramater)
where T : struct
{
if (Function == IntPtr.Zero)
throw new ArgumentNullException("Function");
this.ThrowIfDisposed();
this.ThrowIfNoHandle();
using (MemoryHandle lpParamater = this.WriteStruct(Paramater))
{
uint res = this.CallFunctionThreadProc(Function, lpParamater);
Paramater = this.ReadStruct<T>(lpParamater);
return res;
}
}
public uint CallFunctionThreadProc(IntPtr Function, IntPtr Paramater = default(IntPtr))
{
if (Function == IntPtr.Zero)
throw new ArgumentNullException("Function");
this.ThrowIfDisposed();
this.ThrowIfNoHandle();
IntPtr hRemoteThread = IntPtr.Zero;
try
{
if (Utilities.DoesWin32MethodExist("Ntdll.dll", "NtCreateThreadEx"))
{
uint Status = Win32.NtCreateThreadEx(out hRemoteThread, 0x1FFFFF, IntPtr.Zero, this.hProc, Function, Paramater, false, 0, 0, 0, IntPtr.Zero);
// Win32.ERROR_SUCCESS?
//if (Status != 0x0)
if (Status != 0x0 || hRemoteThread == IntPtr.Zero)
{
if (hRemoteThread == IntPtr.Zero)
hRemoteThread = Win32.CreateRemoteThread(this.hProc, IntPtr.Zero, 0, Function, Paramater, Win32.CreateRemoteThreadCreationFlags.None, IntPtr.Zero);
if (hRemoteThread != IntPtr.Zero)
Utilities.Log("DllInjector.CallFunctionThreadProc, NtCreateThreadEx failed, 0x{0:X}\r\n(See http://msdn.microsoft.com/en-us/library/cc704588.aspx)", Status);
else
throw new Exception(string.Format("DllInjector.CallFunctionThreadProc, NtCreateThreadEx failed, 0x{0:X}\r\n(See http://msdn.microsoft.com/en-us/library/cc704588.aspx)", Status), new Win32Exception());
}
}
else
{
hRemoteThread = Win32.CreateRemoteThread(this.hProc, IntPtr.Zero, 0, Function, Paramater, Win32.CreateRemoteThreadCreationFlags.None, IntPtr.Zero);
if (hRemoteThread == IntPtr.Zero)
throw new Exception("DllInjector.CallFunctionThreadProc failed, CreateRemoteThread failed", new Win32Exception());
}
if (Win32.WaitForSingleObject(hRemoteThread, Win32.INFINITE) == Win32.WaitForSingleObjectReturn.WAIT_TIMEOUT)
throw new TimeoutException("DllInjector.CallFunctionThreadProc failed, thread timed out", new Win32Exception());
uint ExitCode;
if (Win32.GetExitCodeThread(hRemoteThread, out ExitCode))
return ExitCode;
else
throw new Exception("DllInjector.CallFunctionThreadProc failed, GetExitCodeThread failed", new Win32Exception());
}
finally
{
if (hRemoteThread != IntPtr.Zero)
Win32.CloseHandle(hRemoteThread);
}
}
}
}