Universal Managed Injection-Clrinjection
CLR Software series Second send: Universal managed injection-Clrinjection
Software Introduction: This software can inject any managed DLL into a running. NET managed assembly in the form of a plug-in. Provides the SDK and reference source code written by the plugin. Users can write their own plug-in extension injection functionality.
: Http://pan.baidu.com/s/1i3Jb5FR
Instruction for use: http://files.cnblogs.com/files/chengchen/CLRInjection_Guide.pdf
FAQ: Http://files.cnblogs.com/files/chengchen/CLRInjection_AQ.pdf
Currently the system comes with two plugins:
1.PropertyView
Introduction: This plugin is the original Super Gray button Buster. You can display the properties of all of the current forms, which users can modify at any time.
This plugin is open source and can be found in the "Program root directory \sdk\plugin_source\propertyview".
2.InjectReflector
Summary: This is a plug-in that can look at classes, methods, properties, IL code in an assembly, and the user can even dump an assembly that has already been loaded. Because this plugin has been injected into the target program, it can evade some target program-specific detection and encryption.
the user can decompile the assembly in memory and can even Dump Assembly , the system automatically attempts to repair the encrypted assembly, but does not guarantee that all Dump after the assembly can run flawlessly. Some programs load an assembly in memory using the byte[] array, and such an assembly can also dump it directly from memory , a dump function for the overall encryption DOTNET program.
V2.0.1511.07-2015/11/07
* Super Gray Button Buster, officially renamed as: Clr_injection Universal managed injector. Incorporate the original functionality into the new tool using the plug-in form.
* Provide plug-ins and plugins written by the SDK and reference source code. Users can write their own plug-in extension injection functionality.
* Two plugins are provided by default, the first is the original property modification plug-in, the second is a plugin that can inject aggressive viewing IL code.
* The system can automatically identify and inject dotnet2.0/3.0/3.5/4.0/4.5/4.6 and other versions without manual selection.
* Increase the process list injection, so that no interface to the program can also implement injection operations.
* Support WIN10 platform.
* New skins and new interfaces are used.
* Cancel button activation on the traditional WIN32 platform, this program will only focus on the dotnet platform.
* Because DOTNET1.1 actually uses too few people, the support for DOTNET1.1 is canceled.
The CLR series will have a trilogy, the last one called Clrloader. Because the clrinjection ability is limited, after all, the injection operation after the program can be run. This is not very good for hook JIT, so clrloader is being perfected and developed, will be able to directly hookjit, you can directly view the decrypted il/c# code, so that the general method based on the encryption of the program has a better anti-compilation effect. Some technical difficulties are being solved and we hope to meet with you as soon as possible.
Clrinjection-Universal Managed Injection (Super Gray button Buster upgrade)