From 6e5f96fd72a5a8fab46fdd856aeee2a7d08be1d8 Mon Sep 17 00:00:00 2001
From: pozm <44528100+pozm@users.noreply.github.com>
Date: Tue, 30 Jan 2024 20:20:04 +0000
Subject: [PATCH] cross process communication

---
 Cargo.lock         | 296 +++++++++++++++++++++++++++++++++++++++++++--
 Cargo.toml         |   5 +-
 gdkeinj/src/lib.rs |  10 +-
 src/lib.rs         |  36 +++---
 4 files changed, 322 insertions(+), 25 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index f20066e..d96cc71 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -8,13 +8,22 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
 
+[[package]]
+name = "bincode"
+version = "1.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "bindgen"
 version = "0.68.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "726e4313eb6ec35d2730258ad4e15b547ee75d6afaa1361a922e78e59b7d8078"
 dependencies = [
- "bitflags",
+ "bitflags 2.4.1",
  "cexpr",
  "clang-sys",
  "lazy_static",
@@ -27,7 +36,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn",
+ "syn 2.0.48",
  "which",
 ]
 
@@ -39,9 +48,15 @@ checksum = "a26b8cea8bb6a81b75a84603b9e096f05fa86db057904ef29be1deee900532bd"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.48",
 ]
 
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
 [[package]]
 name = "bitflags"
 version = "2.4.1"
@@ -74,6 +89,18 @@ dependencies = [
  "libloading",
 ]
 
+[[package]]
+name = "const_panic"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6051f239ecec86fde3410901ab7860d458d160371533842974fc61f96d15879b"
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06ea2b9bc92be3c2baa9334a323ebca2d6f074ff852cd1d7b11064035cd3868f"
+
 [[package]]
 name = "crossbeam"
 version = "0.8.2"
@@ -141,6 +168,16 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "cstr"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8aa998c33a6d3271e3678950a22134cd7dd27cef86dee1b611b5b14207d1d90b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+]
+
 [[package]]
 name = "ctor"
 version = "0.2.6"
@@ -148,7 +185,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "30d2b3721e861707777e3195b0158f950ae6dc4a27e4d02ff9f67e3eb3de199e"
 dependencies = [
  "quote",
- "syn",
+ "syn 2.0.48",
+]
+
+[[package]]
+name = "dll-syringe"
+version = "0.15.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdc807201d54de75e9bd7ad199d0031048625059f84acfc94506bdb13c0b4f59"
+dependencies = [
+ "bincode",
+ "cstr",
+ "goblin",
+ "iced-x86",
+ "konst",
+ "num_enum",
+ "path-absolutize",
+ "same-file",
+ "serde",
+ "shrinkwraprs",
+ "stopwatch2",
+ "sysinfo",
+ "thiserror",
+ "widestring",
+ "winapi",
 ]
 
 [[package]]
@@ -178,6 +238,7 @@ name = "gdke"
 version = "0.1.0"
 dependencies = [
  "crossbeam",
+ "dll-syringe",
  "poggers",
  "windows",
 ]
@@ -196,6 +257,17 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
 
+[[package]]
+name = "goblin"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d6b4de4a8eb6c46a8c77e1d3be942cb9a8bf073c22374578e5ba4b08ed0ff68"
+dependencies = [
+ "log",
+ "plain",
+ "scroll",
+]
+
 [[package]]
 name = "hashbrown"
 version = "0.14.3"
@@ -211,6 +283,15 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "iced-x86"
+version = "1.21.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7c447cff8c7f384a7d4f741cfcff32f75f3ad02b406432e8d6c878d56b1edf6b"
+dependencies = [
+ "lazy_static",
+]
+
 [[package]]
 name = "indexmap"
 version = "2.1.0"
@@ -221,6 +302,35 @@ dependencies = [
  "hashbrown",
 ]
 
+[[package]]
+name = "itertools"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f56a2d0bc861f9165be4eb3442afd3c236d8a98afd426f65d92324ae1091a484"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "konst"
+version = "0.3.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d712a8c49d4274f8d8a5cf61368cb5f3c143d149882b1a2918129e53395fdb0"
+dependencies = [
+ "const_panic",
+ "konst_kernel",
+ "typewit",
+]
+
+[[package]]
+name = "konst_kernel"
+version = "0.3.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dac6ea8c376b6e208a81cf39b8e82bebf49652454d98a4829e907dac16ef1790"
+dependencies = [
+ "typewit",
+]
+
 [[package]]
 name = "lazy_static"
 version = "1.4.0"
@@ -308,18 +418,71 @@ dependencies = [
  "minimal-lexical",
 ]
 
+[[package]]
+name = "ntapi"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e8a3895c6391c39d7fe7ebc444a87eb2991b2a0bc718fdabd071eec617fc68e4"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "num_enum"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7a015b430d3c108a207fd776d2e2196aaf8b1cf8cf93253e3a097ff3085076a1"
+dependencies = [
+ "num_enum_derive",
+]
+
+[[package]]
+name = "num_enum_derive"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "96667db765a921f7b295ffee8b60472b686a51d4f21c2ee4ffdb94c7013b65a6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
 [[package]]
 name = "once_cell"
 version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860"
 
+[[package]]
+name = "path-absolutize"
+version = "3.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e4af381fe79fa195b4909485d99f73a80792331df0625188e707854f0b3383f5"
+dependencies = [
+ "path-dedot",
+]
+
+[[package]]
+name = "path-dedot"
+version = "3.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07ba0ad7e047712414213ff67533e6dd477af0a4e1d14fb52343e53d30ea9397"
+dependencies = [
+ "once_cell",
+]
+
 [[package]]
 name = "peeking_take_while"
 version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
+[[package]]
+name = "plain"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
+
 [[package]]
 name = "poggers"
 version = "1.1.6"
@@ -342,7 +505,7 @@ dependencies = [
  "proc-macro-crate",
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.48",
 ]
 
 [[package]]
@@ -352,7 +515,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ae005bd773ab59b4725093fd7df83fd7892f7d8eafb48dbd7de6e024e4215f9d"
 dependencies = [
  "proc-macro2",
- "syn",
+ "syn 2.0.48",
 ]
 
 [[package]]
@@ -410,25 +573,104 @@ version = "0.38.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d7db8590df6dfcd144d22afd1b83b36c21a18d7cbc1dc4bb5295a8712e9eb662"
 dependencies = [
- "bitflags",
+ "bitflags 2.4.1",
  "errno",
  "libc",
  "linux-raw-sys",
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "scopeguard"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
 
+[[package]]
+name = "scroll"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "04c565b551bafbef4157586fa379538366e4385d42082f255bfd96e4fe8519da"
+dependencies = [
+ "scroll_derive",
+]
+
+[[package]]
+name = "scroll_derive"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1db149f81d46d2deba7cd3c50772474707729550221e69588478ebf9ada425ae"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
+[[package]]
+name = "serde"
+version = "1.0.196"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "870026e60fa08c69f064aa766c10f10b1d62db9ccd4d0abb206472bee0ce3b32"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.196"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "33c85360c95e7d137454dc81d9a4ed2b8efd8fbe19cee57357b32b9771fccb67"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.48",
+]
+
 [[package]]
 name = "shlex"
 version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7cee0529a6d40f580e7a5e6c495c8fbfe21b7b52795ed4bb5e62cdf92bc6380"
 
+[[package]]
+name = "shrinkwraprs"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e63e6744142336dfb606fe2b068afa2e1cca1ee6a5d8377277a92945d81fa331"
+dependencies = [
+ "bitflags 1.3.2",
+ "itertools",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "stopwatch2"
+version = "2.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "911ece10388afa48417f99e01df038460b6249a3ee0255f6446a6881b702fbb4"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
 [[package]]
 name = "syn"
 version = "2.0.48"
@@ -440,6 +682,20 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "sysinfo"
+version = "0.29.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cd727fc423c2060f6c92d9534cef765c65a6ed3f428a03d7def74a8c4348e666"
+dependencies = [
+ "cfg-if",
+ "core-foundation-sys",
+ "libc",
+ "ntapi",
+ "once_cell",
+ "winapi",
+]
+
 [[package]]
 name = "thiserror"
 version = "1.0.56"
@@ -457,7 +713,7 @@ checksum = "fa0faa943b50f3db30a20aa7e265dbc66076993efed8463e8de414e5d06d3471"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn",
+ "syn 2.0.48",
 ]
 
 [[package]]
@@ -477,6 +733,21 @@ dependencies = [
  "winnow",
 ]
 
+[[package]]
+name = "typewit"
+version = "1.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6fb9ae6a3cafaf0a5d14c2302ca525f9ae8e07a0f0e6949de88d882c37a6e24"
+dependencies = [
+ "typewit_proc_macros",
+]
+
+[[package]]
+name = "typewit_proc_macros"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e36a83ea2b3c704935a01b4642946aadd445cea40b10935e3f8bd8052b8193d6"
+
 [[package]]
 name = "unicode-ident"
 version = "1.0.6"
@@ -517,6 +788,15 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
 
+[[package]]
+name = "winapi-util"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596"
+dependencies = [
+ "winapi",
+]
+
 [[package]]
 name = "winapi-x86_64-pc-windows-gnu"
 version = "0.4.0"
diff --git a/Cargo.toml b/Cargo.toml
index ece5c69..a52bd02 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -22,6 +22,9 @@ strip = false
 windows = { features = [
   "Win32_Foundation",
   "Win32_System",
+  "Wdk",
+  "Wdk_System",
+  "Wdk_System_Threading",
   "Win32_System_Threading",
   "Win32_System_Diagnostics",
   "Win32_System_Diagnostics_Debug",
@@ -31,6 +34,6 @@ windows = { features = [
   "Win32_System_ProcessStatus",
   "Win32_Security",
 ], version = "0.52" }
-# dll-syringe = "*"
+dll-syringe = "*"
 poggers = { version = "*", path = "../poggers" }
 crossbeam = "0.8.2"
diff --git a/gdkeinj/src/lib.rs b/gdkeinj/src/lib.rs
index 4d6737c..2ac8794 100644
--- a/gdkeinj/src/lib.rs
+++ b/gdkeinj/src/lib.rs
@@ -1,4 +1,12 @@
+use std::{net::UdpSocket, time::Duration};
+
 #[poggers_derive::create_entry(no_free)]
 pub fn main() {
-    println!("hi");
+    let sock = UdpSocket::bind("127.0.0.1:29849").unwrap();
+    let mut buf = [1; 1];
+    sock.connect("127.0.0.1:28713").expect("uanble to connect");
+
+    println!("sending data");
+    std::thread::sleep(Duration::from_secs(2));
+    sock.send(&buf);
 }
diff --git a/src/lib.rs b/src/lib.rs
index 0597834..fd0479c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -3,16 +3,13 @@ use std::{
     error::Error,
     ffi::{c_void, CStr, CString},
     mem::{size_of, transmute},
+    net::UdpSocket,
     ptr::{addr_of, null, null_mut},
     time::Duration,
 };
 
 use dll_syringe::{process::OwnedProcess, Syringe};
 use poggers::{structures::process::Process, traits::Mem};
-use windows::Win32::System::{
-    Diagnostics::Debug::{GetThreadContext, CONTEXT, IMAGE_NT_HEADERS64},
-    Threading::{ResumeThread, SuspendThread},
-};
 use windows::{
     core::{PCSTR, PSTR},
     Win32::{
@@ -21,13 +18,19 @@ use windows::{
             ProcessStatus::{K32GetModuleInformation, MODULEINFO},
             SystemServices::IMAGE_DOS_HEADER,
             Threading::{
-                CreateProcessA, NtQueryInformationProcess, ProcessBasicInformation,
-                TerminateProcess, CREATE_SUSPENDED, PEB, PROCESS_BASIC_INFORMATION,
+                CreateProcessA, TerminateProcess, CREATE_SUSPENDED, PEB, PROCESS_BASIC_INFORMATION,
                 PROCESS_INFORMATION, STARTUPINFOA,
             },
         },
     },
 };
+use windows::{
+    Wdk::System::Threading::{NtQueryInformationProcess, ProcessBasicInformation},
+    Win32::System::{
+        Diagnostics::Debug::{GetThreadContext, CONTEXT, IMAGE_NT_HEADERS64},
+        Threading::{ResumeThread, SuspendThread},
+    },
+};
 
 fn create_pstr(c_str: &CStr) -> PSTR {
     PSTR::from_raw(c_str.as_ptr() as *mut u8)
@@ -82,20 +85,23 @@ pub unsafe fn spawn_and_inject(proc: &str) {
     let entry_insts: [u8; 2] = proc.read(entry).expect("failed to read entry");
     let pay_load: [u8; 2] = [0xEB, 0xFE];
     proc.write(entry, &pay_load);
-    println!("{:x?}", entry_insts);
     //
     // resume the thread
     ResumeThread(proc_info.hThread);
     // wait until trapped... and inject
-    let target = OwnedProcess::from_pid(proc.get_pid()).unwrap();
-    let syrnge = Syringe::for_process(target);
-    let injmod = syrnge.inject("./gdkeinj.dll").unwrap();
+    {
+        let sock = UdpSocket::bind("127.0.0.1:28713").expect("failed to bind socket");
 
+        let target = OwnedProcess::from_pid(proc.get_pid()).unwrap();
+        let syrnge = Syringe::for_process(target);
+        let injmod = syrnge.inject("./target/debug/gdkeinj.dll").unwrap();
+
+        println!("waiting until udp is ok ");
+
+        sock.recv(&mut [0]);
+    }
     // we're done. let's kill the process.
-    println!("waiting 2secs ");
-    std::thread::sleep(Duration::from_secs(2));
-    println!("waited 2secs, restoring..",);
-    println!("{:?}", injmod.handle());
+    println!("done, restoring..",);
     proc.write(entry, &entry_insts);
-    // TerminateProcess(proc_info.hProcess, 1);
+    TerminateProcess(proc_info.hProcess, 1);
 }