Updated to 2.3.0; bug fixes; appveyor support

Author: DarthTon

README.md

@@ -1,7 +1,7 @@
 Xenos
 =====
 
-Windows dll injector. This project completely depends on Blackbone library - https://github.com/DarthTon/Blackbone
+Windows dll injector. Based on Blackbone library - https://github.com/DarthTon/Blackbone
 
 ## Features ##
 
@@ -31,4 +31,6 @@ Manual map features:
 Supported OS: Win7 - Win10 x64
 
 ## License ##
-Xenos is licensed under the MIT License. Dependencies are under their respective licenses.
+Xenos is licensed under the MIT License. Dependencies are under their respective licenses.
+
+[![Build status](https://ci.appveyor.com/api/projects/status/eu6lpbla89gjgy5m?svg=true)](https://ci.appveyor.com/project/DarthTon/xenos)

appveyor.yml

@@ -0,0 +1,21 @@
+version: 1.0.{build}
+
+branches:
+  only:
+    - master
+    - VS2017
+
+image: Visual Studio 2017
+clone_folder: c:\projects\xenos
+
+platform: 
+  - Win32
+  - x64
+
+configuration: 
+  - Debug
+  - Release
+  
+build:
+  parallel: true
+  project: Xenos.sln 

ext/blackbone

@@ -131,22 +131,13 @@ NTSTATUS InjectionCore::GetTargetProcess( InjectContext& context, PROCESS_INFORM
         else
         {
             // Attach for thread init
-            status = _process.Attach(
-                pi.dwProcessId,
-                PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_CREATE_THREAD | PROCESS_VM_READ
-            );
+            status = _process.Attach( pi.dwProcessId );
         }
 
         // Create new thread to make sure LdrInitializeProcess gets called
         if (NT_SUCCESS( status ))
-        {
             _process.EnsureInit();
 
-            // Reattach with full rights
-            if (!context.cfg.krnHandle)
-                status = _process.Attach( pi.dwProcessId );
-        }
-
         if (!NT_SUCCESS( status ))
         {
             xlog::Error( "Failed to attach to process, status 0x%X", status );
@@ -677,37 +668,19 @@ blackbone::call_result_t<blackbone::ModuleDataPtr> InjectionCore::InjectDefault(
                 code = STATUS_UNSUCCESSFUL;
 
             xlog::Error( "Failed to inject pure IL image, status: %d", code );
+            if (NT_SUCCESS( code ))
+                code = STATUS_UNSUCCESSFUL;
+
             return code;
         }
 
         auto mod = _process.modules().GetModule( img.name(), blackbone::Sections );
         return mod ? blackbone::call_result_t<blackbone::ModuleDataPtr>( mod ) 
                    : blackbone::call_result_t<blackbone::ModuleDataPtr>( STATUS_NOT_FOUND );
     }
-    // Inject through existing thread
-    else if (pThread != nullptr)
-    {
-        // Load 
-        auto pLoadLib = _process.modules().GetExport( _process.modules().GetModule( L"kernel32.dll" ), "LoadLibraryW" );
-        if (!pLoadLib)
-            return pLoadLib.status;
-
-        blackbone::RemoteFunction<decltype(&LoadLibraryW)> pfn( _process, pLoadLib->procAddress );
-        
-        auto injectedMod = pfn.Call( img.path().c_str(), pThread );
-        if (!injectedMod)
-        {
-            xlog::Error( "Failed to inject image using thread hijack, status 0x%X", injectedMod.status );
-            return injectedMod.status;
-        }
-
-        auto mod = _process.modules().GetModule( img.path() );
-        return mod ? blackbone::call_result_t<blackbone::ModuleDataPtr>( mod ) 
-                   : blackbone::call_result_t<blackbone::ModuleDataPtr>( STATUS_NOT_FOUND );
-    }
     else
     {
-        auto injectedMod = _process.modules().Inject( img.path() );
+        auto injectedMod = _process.modules().Inject( img.path(), pThread );
         if (!injectedMod)
             xlog::Error( "Failed to inject image using default injection, status: 0x%X", injectedMod.status );
 
@@ -734,7 +707,7 @@ NTSTATUS InjectionCore::InjectKernel(
             img.path(),
             (KMmapFlags)context.cfg.mmapFlags,
             initRVA,
-            context.cfg.initRoutine
+            context.cfg.initArgs
             );
     }
     else
@@ -744,7 +717,7 @@ NTSTATUS InjectionCore::InjectKernel(
             img.path(),
             (context.cfg.injectMode == Kernel_Thread ? IT_Thread : IT_Apc),
             initRVA,
-            context.cfg.initRoutine,
+            context.cfg.initArgs,
             context.cfg.unlink,
             context.cfg.erasePE
             );
@@ -791,14 +764,17 @@ NTSTATUS InjectionCore::CallInitRoutine(
                 return argMem.status;
 
             argMem->Write( 0, context.cfg.initArgs.length() * sizeof( wchar_t ) + 2, context.cfg.initArgs.c_str() );
+            auto status = _process.remote().ExecDirect( fnPtr, argMem->ptr() );
 
-            xlog::Normal( "Initialization routine returned 0x%X", _process.remote().ExecDirect( fnPtr, argMem->ptr() ) );
+            xlog::Normal( "Initialization routine returned 0x%X", status );
         }
         // Execute in existing thread
         else
         {
             blackbone::RemoteFunction<fnInitRoutine> pfn( _process, fnPtr );
-            xlog::Normal( "Initialization routine returned 0x%X", pfn.Call( context.cfg.initArgs.c_str(), pThread ) );
+            auto status = pfn.Call( context.cfg.initArgs.c_str(), pThread );
+
+            xlog::Normal( "Initialization routine returned 0x%X", status );
         }
     }
 

src/InjectionCore.cpp

@@ -197,8 +197,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2,2,2,0
- PRODUCTVERSION 2,2,2,0
+ FILEVERSION 2,3,0,0
+ PRODUCTVERSION 2,3,0,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -214,12 +214,12 @@ BEGIN
         BLOCK "040004b0"
         BEGIN
             VALUE "FileDescription", "PE injector"
-            VALUE "FileVersion", "2.2.2.0"
+            VALUE "FileVersion", "2.3.0.0"
             VALUE "InternalName", "Xenos.exe"
-            VALUE "LegalCopyright", "Copyright (C) 2015"
+            VALUE "LegalCopyright", "Copyright (C) 2017"
             VALUE "OriginalFilename", "Xenos.exe"
             VALUE "ProductName", "Xenos"
-            VALUE "ProductVersion", "2.2.2.0"
+            VALUE "ProductVersion", "2.3.0.0"
         END
     END
     BLOCK "VarFileInfo"