Saturday 17 November 2012

Injecting a .NET REPL into an Unmanaged/C++ application (Notepad)

Using Windows Messages (and some O2 Platform glue) I found a way to 'inject' a window (i.e. a windows control) from one process into another one.

Its is actually quite easy, the key is to use the user32.dll setParent API call to change the location (and rendering) of a particular control.

Here is an example of injecting an .NET TextBox into Notepad (on the left is the .NET Textbox and on the right is the Notepad's Textbox)

And since this works for any .NET control, here is the O2's C# REPL editor inside notepad (scripting the Notepad's textbox in realtime)

This works for C++, .NET and Java process, and it is possible to mix and match those process' windows (i.e. controls)  into themselves or into another process.

For more details on how this PoC was created, take a this pdf: