C# and a couple of other questions about gh-injector-library HOT 3 CLOSED

1. I don't know C# at all but I assume you can define the function prototypes similar to how you'd do it with a kernel32 export.
2. Lunar and this project are very different. This is a general injection library which mainly makes use of shellcoding where Lunar is a (basically) fully external C# manual mapper. The "inspired" part is only the manual mapping part as Dewera and I work together and a lot of the mapping code I wrote is based on their research.
   Lunar is however a very stable and reliant mapper which I definitely recommend if you want to manually map a dll if you're using C#.
3. Again, I don't know C# or how .Net even works but I'm pretty sure that this library can't be used to inject .Net binaries into a native process because it doesn't create a .Net enviroment.
4. This depends on the launch method. Only NtCreateThreadEx injections should work as all the other injection methods make use of existing thread. Additionally if one of the suspended threads has the loader lock all injection methods will fail (including manual mapping since the dependiecs are also loaded under the loader lock).
5. Again, I don't know C# and definitely not EasyHook.

from gh-injector-library.

Many thanks for you fast support.

1. Well, I would say that your knowledge of C# is pretty much similar to my knowledge of native code. Unlike C# where everything is spontaneous I have to consult docs each time I touch native code :-)
2. What I am trying to do is to recreate a Net core version of EasyHook (consider EH like an advanced native functions hooking managed from C#) by joining the pieces together. (I am not so crazy to build it from scratch since I don't have the required skills, time and knowledge). I am just trying to see if I cam manage to join together the best required components for the chain and come up with something similar. I believed that GH injector could be a good candidate as part of the chain.. Basically EH uses a native injector which seems very similar to your. Give it a quick look, it's in c++ and should be familiar to you (especially the thread.c file). Easy hook call al of those native functions directly from C#.
   The concept of DLL mapping is new to me, so I don't understand if it is best suited for my purpose. C# language is desiderable, but even native code should be fine as long as I can pinvoke from C# (seems possible). What you would recommend for my purpose?
3. Yes, to create the .Net environment the injector alone does not work and other components are required.
4. From my side I used CreateProcess with the suspended flag. I think that the injector library uses a mix of CreateRemoteThread, LoadLibraryW and WaitForSingleObject. I don't see any call to NtCreateThreadEx. So, seems to be that CreateRemoteThread should be replaced with NtCreateThreadEx when injecting a suspended process, I am correct?
   Thanks again for your support

from gh-injector-library.

It is now a couple of days that I am playing with your lib. I really like it and I am developing a C# wrapper.
I just reported an issue with the compilation along with a fix (better to call it workaround!). I rarely play with native language, so you may want to check that the fixes is the correct one.
Thanks

from gh-injector-library.