Skip to content

Instantly share code, notes, and snippets.

@e673

e673/NewDllInjectHandler.cs

Created February 18, 2022 09:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save e673/97da046c728a2b83c0e98be1ddacb5bb to your computer and use it in GitHub Desktop.
Save e673/97da046c728a2b83c0e98be1ddacb5bb to your computer and use it in GitHub Desktop.
Download ZIP
Raw
NewDllInjectHandler.cs
using System;
using System.Collections.Generic;
using System.Text;
using System.Threading;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Net;
namespace Hacks
{
public class NewDllInjectHandler
{
public NewDllInjectHandler()
{
Thread thr = new Thread(MainThread);
thr.Start();
}
#region Extern
[DllImport("kernel32.dll", SetLastError = true)]
static extern SafeFileHandle CreateNamedPipe(
String pipeName,
uint dwOpenMode,
uint dwPipeMode,
uint nMaxInstances,
uint nOutBufferSize,
uint nInBufferSize,
uint nDefaultTimeOut,
IntPtr lpSecurityAttributes);
[DllImport("kernel32.dll", SetLastError = true)]
static extern int ConnectNamedPipe(
SafeFileHandle hNamedPipe,
IntPtr lpOverlapped);
const uint DUPLEX = (0x00000003);
const uint FILE_FLAG_OVERLAPPED = (0x40000000);
[DllImport("kernel32.dll", SetLastError = true)]
static extern SafeFileHandle CreateFile(
String pipeName,
uint dwDesiredAccess,
uint dwShareMode,
IntPtr lpSecurityAttributes,
uint dwCreationDisposition,
uint dwFlagsAndAttributes,
IntPtr hTemplate);
const uint GENERIC_READ = (0x80000000);
const uint GENERIC_WRITE = (0x40000000);
const uint OPEN_EXISTING = 3;
const int BUFFER_SIZE = 4096;
#endregion
struct SPipe
{
public Socket from, to;
}
private void MainThread()
{
SafeFileHandle WaitingHandle = CreateNamedPipe(@"\\.\pipe\strans",
DUPLEX,
0,
255,
BUFFER_SIZE,
BUFFER_SIZE,
0,
IntPtr.Zero);
int success = ConnectNamedPipe(WaitingHandle, IntPtr.Zero);
FileStream fs = new FileStream(WaitingHandle, FileAccess.ReadWrite, BUFFER_SIZE, false);
BinaryReader R = new BinaryReader(fs);
int pid = Process.GetCurrentProcess().Id;
byte[] data = BitConverter.GetBytes(pid);
fs.Write(data, 0, 4);
Socket listener = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
listener.Bind(new IPEndPoint(IPAddress.Loopback, 21903));
listener.Listen(10);
while (true)
{
uint addr = R.ReadUInt32();
int port = R.ReadInt32();
int sisize = R.ReadInt32();
SocketInformation si = new SocketInformation();
si.ProtocolInformation = R.ReadBytes(sisize);
si.Options = SocketInformationOptions.Connected;
Socket remote = new Socket(si);
Socket local = listener.Accept();
SPipe pipe1 = new SPipe();
pipe1.from = local;
pipe1.to = remote;
SPipe pipe2 = new SPipe();
pipe2.from = remote;
pipe2.to = local;
IPAddress adr = new IPAddress(addr);
Console.WriteLine("Intercepted to {0}:{1}", adr, port);
Thread thr1 = new Thread(PipeThread);
Thread thr2 = new Thread(PipeThread);
thr1.Start(pipe1);
thr2.Start(pipe2);
}
}
private void PipeThread(object pipeinfo)
{
SPipe pipe = (SPipe)pipeinfo;
try
{
byte[] buf = new byte[8192];
while (true)
{
int rcv = pipe.from.Receive(buf);
if (rcv == 0)
return;
int ofs = 0;
while (ofs < rcv)
{
int snd = pipe.to.Send(buf, ofs, rcv - ofs, SocketFlags.None);
if (snd == 0)
return;
ofs += snd;
}
}
}
finally
{
pipe.from.Shutdown(SocketShutdown.Both);
pipe.to.Shutdown(SocketShutdown.Both);
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment