From 458d9a5185f1e1eb0a07891172c3526d549cb96b Mon Sep 17 00:00:00 2001 From: goat <16760685+goaaats@users.noreply.github.com> Date: Mon, 8 Jun 2020 02:57:04 +0200 Subject: [PATCH] fix: injector race condition --- Dalamud.Injector/NativeFunctions.cs | 10 +------- Dalamud.Injector/Program.cs | 38 ++++++++++++++++++++--------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/Dalamud.Injector/NativeFunctions.cs b/Dalamud.Injector/NativeFunctions.cs index 263ab8332..fb030b0e1 100644 --- a/Dalamud.Injector/NativeFunctions.cs +++ b/Dalamud.Injector/NativeFunctions.cs @@ -12,7 +12,6 @@ namespace Dalamud.Injector { static class NativeFunctions { - // OpenProcess signture https://www.pinvoke.net/default.aspx/kernel32.openprocess [Flags] public enum ProcessAccessFlags : uint { @@ -41,7 +40,6 @@ namespace Dalamud.Injector return OpenProcess(flags, false, proc.Id); } - // VirtualAllocEx signture https://www.pinvoke.net/default.aspx/kernel32.virtualallocex [Flags] public enum AllocationType { @@ -56,7 +54,6 @@ namespace Dalamud.Injector LargePages = 0x20000000 } - // VirtualFreeEx signture https://www.pinvoke.net/default.aspx/kernel32.virtualfreeex [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] public static extern bool VirtualFreeEx(IntPtr hProcess, IntPtr lpAddress, int dwSize, AllocationType dwFreeType); @@ -85,24 +82,20 @@ namespace Dalamud.Injector AllocationType flAllocationType, MemoryProtection flProtect); - // WriteProcessMemory signture https://www.pinvoke.net/default.aspx/kernel32/WriteProcessMemory.html [DllImport("kernel32.dll", SetLastError = true)] public static extern bool WriteProcessMemory( IntPtr hProcess, IntPtr lpBaseAddress, - [MarshalAs(UnmanagedType.AsAny)] object lpBuffer, + byte[] lpBuffer, int dwSize, out IntPtr lpNumberOfBytesWritten); - // GetProcAddress signture https://www.pinvoke.net/default.aspx/kernel32.getprocaddress [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)] public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); - // GetModuleHandle signture http://pinvoke.net/default.aspx/kernel32.GetModuleHandle [DllImport("kernel32.dll", CharSet = CharSet.Auto)] public static extern IntPtr GetModuleHandle(string lpModuleName); - // CreateRemoteThread signture https://www.pinvoke.net/default.aspx/kernel32.createremotethread [DllImport("kernel32.dll")] public static extern IntPtr CreateRemoteThread( IntPtr hProcess, @@ -113,7 +106,6 @@ namespace Dalamud.Injector uint dwCreationFlags, IntPtr lpThreadId); - // CloseHandle signture https://www.pinvoke.net/default.aspx/kernel32.closehandle [DllImport("kernel32.dll", SetLastError = true)] [ReliabilityContract(Consistency.WillNotCorruptState, Cer.Success)] [SuppressUnmanagedCodeSecurity] diff --git a/Dalamud.Injector/Program.cs b/Dalamud.Injector/Program.cs index 53e7e7e2c..eb4ad0eae 100644 --- a/Dalamud.Injector/Program.cs +++ b/Dalamud.Injector/Program.cs @@ -73,6 +73,8 @@ namespace Dalamud.Injector { // Inject to process Inject(process, startInfo); + Thread.Sleep(1000); + // Inject exception handler NativeInject(process); } @@ -92,9 +94,15 @@ namespace Dalamud.Injector { Console.WriteLine("Injected"); } - private static void NativeInject(Process process) { + private static void NativeInject(Process process) + { var libPath = Path.GetFullPath("DalamudDebugStub.dll"); + var pathBytes = Encoding.Unicode.GetBytes(libPath); + var len = pathBytes.Length + 1; + + Console.WriteLine($"Injecting {libPath}..."); + var handle = NativeFunctions.OpenProcess( NativeFunctions.ProcessAccessFlags.All, false, @@ -106,25 +114,28 @@ namespace Dalamud.Injector { var dllMem = NativeFunctions.VirtualAllocEx( handle, IntPtr.Zero, - libPath.Length, - NativeFunctions.AllocationType.Reserve | NativeFunctions.AllocationType.Commit, - NativeFunctions.MemoryProtection.ExecuteReadWrite); + len, + NativeFunctions.AllocationType.Commit, + NativeFunctions.MemoryProtection.ReadWrite); if (dllMem == IntPtr.Zero) - throw new Win32Exception(Marshal.GetLastWin32Error(), "Could not alloc memory"); + throw new Win32Exception(Marshal.GetLastWin32Error(), $"Could not alloc memory {Marshal.GetLastWin32Error():X}"); + + Console.WriteLine($"dll path at {dllMem.ToInt64():X}"); - var pathBytes = Encoding.ASCII.GetBytes(libPath); if (!NativeFunctions.WriteProcessMemory( handle, dllMem, pathBytes, - pathBytes.Length, - out var bytesread + len, + out var bytesWritten )) throw new Win32Exception(Marshal.GetLastWin32Error(), "Could not write DLL"); + Console.WriteLine($"Wrote {bytesWritten}"); + var kernel32 = NativeFunctions.GetModuleHandle("Kernel32.dll"); - var loadLibA = NativeFunctions.GetProcAddress(kernel32, "LoadLibraryA"); + var loadLibA = NativeFunctions.GetProcAddress(kernel32, "LoadLibraryW"); var remoteThread = NativeFunctions.CreateRemoteThread( handle, @@ -137,13 +148,16 @@ namespace Dalamud.Injector { ); if (remoteThread == IntPtr.Zero) - throw new Win32Exception(Marshal.GetLastWin32Error(), "Could not alloc memory"); + throw new Win32Exception(Marshal.GetLastWin32Error(), $"Could not CreateRemoteThread"); - NativeFunctions.VirtualFreeEx( + /* + TODO kill myself + VirtualFreeEx( handle, dllMem, 0, - NativeFunctions.AllocationType.Release); + AllocationType.Release); + */ NativeFunctions.CloseHandle(remoteThread); NativeFunctions.CloseHandle(handle);