Expose Shellcode Class w/ LoadLibrary & GetProcAddress Pointers

Author: Sewer56

Source/Reloaded.Injector/Injector.cs

@@ -21,9 +21,13 @@ public class Injector : IDisposable
         /// </summary>
         public bool HasExited => _process.HasExited;
 
-        private Shellcode _shellCode;               /* Call GetProcAddress and LoadLibraryW in remote process. */
-        private CircularBuffer _circularBuffer;     /* Used for calling foreign functions. */
-        private Process _process;                   /* Process to DLL Inject into. */
+        /// <summary>
+        /// Provides access to the raw GetProcAddress and LoadLibrary calls.
+        /// </summary>
+        public Shellcode ShellCode { get; private set; }    /* Call GetProcAddress and LoadLibraryW in remote process. */
+
+        private CircularBuffer _circularBuffer;             /* Used for calling foreign functions. */
+        private Process _process;                           /* Process to DLL Inject into. */
 
         /// <summary>
         /// Initializes the DLL Injector.
@@ -36,7 +40,7 @@ public Injector(Process process)
             // Initiate target process.
             _process        = process;
             _circularBuffer = new CircularBuffer(4096, new ExternalMemory(process));
-            _shellCode      = new Shellcode(process);
+            ShellCode      = new Shellcode(process);
         }
 
         ~Injector()
@@ -48,7 +52,7 @@ public Injector(Process process)
         public void Dispose()
         {
             _circularBuffer?.Dispose();
-            _shellCode?.Dispose();
+            ShellCode?.Dispose();
             GC.SuppressFinalize(this);
         }
 
@@ -68,7 +72,7 @@ public long Inject(string modulePath)
             if (moduleHandle != IntPtr.Zero)
                 return (long)moduleHandle;
 
-            long address = _shellCode.LoadLibraryW(modulePath);
+            long address = ShellCode.LoadLibraryW(modulePath);
 
             return address;
         }
@@ -86,7 +90,7 @@ public long GetFunctionAddress(string module, string functionToExecute)
             if (moduleHandle == IntPtr.Zero)
                 throw new DllInjectorException("Module not found in target process.");
 
-            return _shellCode.GetProcAddress((long)moduleHandle, functionToExecute);
+            return ShellCode.GetProcAddress((long)moduleHandle, functionToExecute);
         }
 
         /// <summary>
@@ -138,7 +142,7 @@ public bool Eject(string module)
             if (moduleHandle == IntPtr.Zero)
                 return false;
 
-            long methodAddress  = _shellCode.GetProcAddress(_shellCode.Kernel32Handle, "FreeLibrary");
+            long methodAddress  = ShellCode.GetProcAddress(ShellCode.Kernel32Handle, "FreeLibrary");
 
             int result = CallRemoteFunction(_process.Handle, (IntPtr)methodAddress, moduleHandle);
             return Convert.ToBoolean(result);

Source/Reloaded.Injector/Reloaded.Injector.csproj

@@ -13,7 +13,7 @@
     <RepositoryUrl>https://github.com/Reloaded-Project/Reloaded.Injector</RepositoryUrl>
     <RepositoryType>git</RepositoryType>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
-    <Version>1.1.1</Version>
+    <Version>1.2.0</Version>
     <Copyright>LGPLV3</Copyright>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
   </PropertyGroup>

Source/Reloaded.Injector/Shellcode.cs

@@ -18,10 +18,13 @@ namespace Reloaded.Injector
     /// Builds the shellcode inside a target process which can be used to
     /// call LoadLibrary and GetProcAddress inside a remote process.
     /// </summary>
-    internal class Shellcode : IDisposable
+    public class Shellcode : IDisposable
     {
         /* Setup/Build Shellcode */
-        public  long        Kernel32Handle { get; } /* Address of Kernel32 in remote process. */
+        public  long        Kernel32Handle      { get; }                /* Address of Kernel32 in remote process. */
+        public  long        LoadLibraryAddress  { get; private set; }   /* Address of LoadLibrary function. */
+        public  long        GetProcAddressAddress { get; private set; } /* Address of GetProcAddress function. */
+
         private uint        _loadLibraryWOffset;    /* Address of LoadLibraryW in remote process. */
         private uint        _getProcAddressOffset;  /* Address of GetProcAddress in remote process. */
         private MachineType _machineType;           /* Is remote process 64 or 32bit? */
@@ -145,8 +148,9 @@ private void BuildGetProcAddress86()
             // GetProcAddress(long hModule, char* lpProcName)
             // lpParameter: Address of first struct member.
             // Using stdcall calling convention.
-            long getProcAddressAddress = Kernel32Handle + _getProcAddressOffset;
-            IntPtr getProcAddressPtr   = _privateBuffer.Add(ref getProcAddressAddress);
+            long getProcAddressAddress  = Kernel32Handle + _getProcAddressOffset;
+            GetProcAddressAddress       = getProcAddressAddress;
+            IntPtr getProcAddressPtr    = _privateBuffer.Add(ref getProcAddressAddress);
 
             long dummy                    = 0;
             _getProcAddressReturnValuePtr = (long)_privateBuffer.Add(ref dummy);
@@ -172,8 +176,9 @@ private void BuildGetProcAddress64()
             // GetProcAddress(long hModule, char* lpProcName)
             // lpParameter: Address of first struct member.
             // Using Microsoft X64 calling convention.
-            long getProcAddressAddress = Kernel32Handle + _getProcAddressOffset;
-            IntPtr getProcAddressPtr = _privateBuffer.Add(ref getProcAddressAddress);
+            long getProcAddressAddress  = Kernel32Handle + _getProcAddressOffset;
+            GetProcAddressAddress       = getProcAddressAddress;
+            IntPtr getProcAddressPtr    = _privateBuffer.Add(ref getProcAddressAddress);
 
             long dummy = 0;
             _getProcAddressReturnValuePtr = (long)_privateBuffer.Add(ref dummy);
@@ -200,6 +205,7 @@ private void BuildLoadLibraryW86()
         {
             // Using stdcall calling convention.
             long loadLibraryAddress = Kernel32Handle + _loadLibraryWOffset;
+            LoadLibraryAddress      = loadLibraryAddress;
             IntPtr loadLibraryPtr   = _privateBuffer.Add(ref loadLibraryAddress);
 
             long dummy = 0;
@@ -223,8 +229,9 @@ private void BuildLoadLibraryW86()
         private void BuildLoadLibraryW64()
         {
             // Using Microsoft X64 calling convention.
-            long loadLibraryAddress   = Kernel32Handle + _loadLibraryWOffset;
-            IntPtr loadLibraryPtr     = _privateBuffer.Add(ref loadLibraryAddress);
+            long loadLibraryAddress     = Kernel32Handle + _loadLibraryWOffset;
+            LoadLibraryAddress          = loadLibraryAddress;
+            IntPtr loadLibraryPtr       = _privateBuffer.Add(ref loadLibraryAddress);
 
             long dummy = 0;
             _loadLibraryWReturnValuePtr = (long)_privateBuffer.Add(ref dummy);