Fixed some small things

2026-01-13 19:22:22 +01:00 · 2022-10-16 02:08:01 +02:00
parent 968739de9e
commit 699367200f
147 changed files with 953 additions and 54005 deletions
--- a/lib/src/util/injector.dart
+++ b/lib/src/util/injector.dart
@@ -1,23 +1,91 @@
-import 'dart:io';
+// ignore_for_file: non_constant_identifier_names

-import 'package:process_run/shell.dart';
-import 'package:reboot_launcher/src/util/binary.dart';
+import 'dart:ffi';

-File injectLogFile = File("${Platform.environment["Temp"]}/server.txt");
+import 'package:win32/win32.dart';
+import 'package:ffi/ffi.dart';

-// This can be done easily with win32 apis but for some reason it doesn't work on all machines
-// Update: it was a missing permission error, it could be refactored now
-Future<bool> injectDll(int pid, String dll, [bool useSafeBinariesHome = false]) async {
-  var shell = Shell(
-      commandVerbose: false,
-      commentVerbose: false,
-      workingDirectory: useSafeBinariesHome ? safeBinariesDirectory : internalBinariesDirectory
+final _kernel32 = DynamicLibrary.open('kernel32.dll');
+final _CreateRemoteThread = _kernel32.lookupFunction<
+    IntPtr Function(
+        IntPtr hProcess,
+        Pointer<SECURITY_ATTRIBUTES> lpThreadAttributes,
+        IntPtr dwStackSize,
+        Pointer loadLibraryAddress,
+        Pointer lpParameter,
+        Uint32 dwCreationFlags,
+        Pointer<Uint32> lpThreadId),
+    int Function(
+        int hProcess,
+        Pointer<SECURITY_ATTRIBUTES> lpThreadAttributes,
+        int dwStackSize,
+        Pointer loadLibraryAddress,
+        Pointer lpParameter,
+        int dwCreationFlags,
+        Pointer<Uint32> lpThreadId)>('CreateRemoteThread');
+int CreateRemoteThread(
+    int hProcess,
+    Pointer<SECURITY_ATTRIBUTES> lpThreadAttributes,
+    int dwStackSize,
+    Pointer loadLibraryAddress,
+    Pointer lpParameter,
+    int dwCreationFlags,
+    Pointer<Uint32> lpThreadId) =>
+    _CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize,
+        loadLibraryAddress, lpParameter, dwCreationFlags, lpThreadId);
+
+Future<void> injectDll(int pid, String dll) async {
+  var process = OpenProcess(
+      0x43A,
+      0,
+      pid
  );
-  var process = await shell.run("./injector.exe -p $pid --inject \"$dll\"");
-  var success = process.outText.contains("Successfully injected module");
-  if (!success) {
-    injectLogFile.writeAsString(process.outText);
+
+  var processAddress = GetProcAddress(
+      GetModuleHandle("KERNEL32".toNativeUtf16()),
+      "LoadLibraryA".toNativeUtf8()
+  );
+
+  if (processAddress == nullptr) {
+    throw Exception("Cannot get process address for pid $pid");
  }

-  return success;
+  var dllAddress = VirtualAllocEx(
+      process,
+      nullptr,
+      dll.length + 1,
+      0x3000,
+      0x4
+  );
+
+  var writeMemoryResult = WriteProcessMemory(
+      process,
+      dllAddress,
+      dll.toNativeUtf8(),
+      dll.length,
+      nullptr
+  );
+
+  if (writeMemoryResult != 1) {
+    throw Exception("Memory write failed");
+  }
+
+  var createThreadResult = CreateRemoteThread(
+      process,
+      nullptr,
+      0,
+      processAddress,
+      dllAddress,
+      0,
+      nullptr
+  );
+
+  if (createThreadResult == -1) {
+    throw Exception("Thread creation failed");
+  }
+
+  var closeResult = CloseHandle(process);
+  if(closeResult != 1){
+    throw Exception("Cannot close handle");
+  }
 }