Friday, 1 June 2012

Video: Injecting C# DLLs into Managed (C#) and Unmanaged (C++) processes

I was finally able to inject O2's REPL scripting environment into other processes (both managed and unmanaged)

Originally I was just trying to inject a managed dll into another .NET process, but the 4.0 .NET Framework will load up a CLR when it is not there, so this technique will also work on unmanaged (i.e. C++ based) applications.

Here is what happens in the video below:
  • Inside O2,  run the Util - Inject O2 into other processes.h2 script (which will provide a nice 'Injection GUI')
    • on the left there is a TreeView with a list of all current processes that have MainWindowHandle != 0 (a requirement at the moment)
    • on the right there is a TreeView with a list of the loaded modules (i.e. dlls) from the selected process
    • if you right-click on the process list you will be able: 
      • bring the process window to front, 
      • refresh the process list and 
      • do the injection into the selected process
  • Open LinqPad using the link from the 'Actions Panel' (on the top)
    • After LinqPad opens, select it on the process list and click on the 'Inject O2 into Process' link (top left)
    • An O2 REPL environment will apear. A number of scripts are dynamically created, showing that we now have complete control over the LinqPad GUI, by for example:
      • injecting a new Tab with another O2 REPL Editor
      • making the entire GUI pink or azure :)
  • Close LinqPad and back in the Util - Inject O2 into other processes.h2 click on the 'Open Calc' link to open Calc.exe (an unmanaged windows app (i.e. no CLR))
    • After Calc opens, select it on the process list and click on the 'Inject O2 into Process' link (top left)
    • A come more scripts are written to show that we are indeed inside the Calc.exe process.
This open up a LOT of interesting integration possibilities, and it is a much more solid solution that the use used before which required O2 dlls to be copied into the target's application folder (see Injecting O2 into IBM Rational AppScan Standard and Creating a Pink version of IBM Rational AppScan Standard)

Related Posts:

1 comment:

Dinis Cruz said...

Here is a great CodeProject article on Process hooking/injection: