Wiki

Clone wiki

CodeCop / Process Injection API

Process Injection API

From v2.0 onwards CodeCop provides an API that can be used to inject itself as well as interceptors into any .NET process, allowing method interception on it.

Inject(Process process, string libToInjectName, string initializerClass, [optional]int appDomainIndex = 0)

This method belongs to be Cop class and this an example how you should use it:

#!c#
class Program
    {  
      static void Main(string[] args)
        {
          // Get the target process
          var process = GetProcessByName("FooProcess");

          if (process != null)
           {
                // NOTE: If you're using v3.2 or onwards specify the full path to where the interceptor assembly is on  your system (no need to copy it near the target app main executable or library)
            var libToInject = "c:\libs\MyInterceptorLib.dll";   

              // If below v3.2 specify the name of the interceptor assembly to inject instead (must be placed inside the folder where the target process main executable or library is)
            var libToInject = "MyInterceptorLib";  // extension must be ommited as well          

            // The name of the class to instantiate after injection, must be a public class with a parameterless ctor where you should bootstrap the interception logic there
            var classToInstantiate = "FooNamespace.FooClass";

            // We are omitting appdomain index, if it is a web application you should pass the appdomain index associated with your process. Normally never is the default.  
            Cop.Inject(process, libToInject, classToInstantiate); 
           }
        }

        static Process GetProcessByName(string name)
        {
            return Process.GetProcesses().FirstOrDefault(x => x.ProcessName.ToLower() == name.ToLower());
        }
    }
This is a simple example of how your interceptor libraries to inject should look:

#!c#
namespace FooNamespace
{
  class FooClass
    {  
      public FooClass()
        {
          // Using the Fluent API, but you can use the JSON API as well
          Cop.AsFluent();

           // Find a type inside an assembly that is loaded into the target appdomain that we want to intercept methods on
          var assembly = AppDomain.CurrentDomain.GetAssemblies().FirstOrDefault(x => x.FullName.Contains("SomeAssemblyInsideTargetProcess"));
          var t = assembly.GetTypes().FirstOrDefault(x => x.Name.ToLower().Contains("SomeType"));

          if (t != null)
            {
                // Get the method we want to intercept 
                var m = t.GetMethod("SomeMethod",
                    BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.DeclaredOnly
                    | BindingFlags.Static);

                // Let's override the method
                if (m != null)
                {
                    m.Override((c) =>
                    {
                       Console.WriteLine("SomeMethodWasOverrided"); 
                       return null;
                    });

                   // Call Cop.Intercept using a fire and forget thread (must do it like this) 
                   ThreadPool.QueueUserWorkItem(o => Cop.Intercept());
                }
            }
    }
}
NOTE: If the target process doesn't have a dependency on CodeCop you should:

For all versions: - Place the CodeCop.dll...

For versions below v3.2 - Place the Newtonsoft.Json.dll

...on the folder where the target process main assembly is.

Process Injection CLI

The process injection API also comes out as a CLI interface that you can find in %Temp%/CodeCop/injection/{bitness}/Cop.exe

These are the command-line options you can use:

-i (libToInjectName without extension for versions below v3.2) (libToInjectFullPath for v3.2 and upper)

-p (process id)

-pn (process name)

-c (namespace.class to instantiate)

-d (appdomain index)

Here's how you could use for the aforementioned API example:

#!c#
Cop -i MyInterceptorLib -pn FooProcess -c FooNamespace.FooClass

You can check this video for an example of how this API could be used.

https://www.youtube.com/watch?v=09hiGOklmjA

Updated