Beispiel #1
0
        /// <summary>
        /// Call a manually mapped DLL by Export.
        /// </summary>
        /// <author>Ruben Boonen (@FuzzySec)</author>
        /// <param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>
        /// <param name="ModuleMemoryBase">Base address of the module in memory.</param>
        /// <param name="ExportName">The name of the export to search for (e.g. "NtAlertResumeThread").</param>
        /// <param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>
        /// <param name="Parameters">Arbitrary set of parameters to pass to the function. Can be modified if function uses call by reference.</param>
        /// <param name="CallEntry">Specify whether to invoke the module's entry point.</param>
        /// <returns>void</returns>
        public static object CallMappedDLLModuleExport(PE_META_DATA PEINFO, IntPtr ModuleMemoryBase, string ExportName, Type FunctionDelegateType, ref object[] Parameters, bool CallEntry = true)
        {
            // Call entry point if user has specified
            if (CallEntry)
            {
                CallMappedDLLModule(PEINFO, ModuleMemoryBase);
            }

            // Get export pointer
            IntPtr pFunc = ModuleMapper.GetExportAddress(ModuleMemoryBase, ExportName);

            // Call export
            return(DynamicFunctionInvoke(pFunc, FunctionDelegateType, ref Parameters));
        }
Beispiel #2
0
        /// <summary>
        /// Call a manually mapped DLL by Export. Will load the dll in question if not already loaded, and execute an exported function from it.
        /// </summary>
        public static object ManualInvoke(string dllPath, string ExportName, Type FunctionDelegateType, ref object[] Parameters, bool CallEntry = true)
        {
            PE_MANUAL_MAP mapData = ModuleMapper.MapModuleToMemory(dllPath);

            return(CallMappedDLLModuleExport(mapData.PEINFO, mapData.ModuleBase, ExportName, FunctionDelegateType, ref Parameters, CallEntry));
        }
Beispiel #3
0
        // NOTE: For security, it is better to use CallMappedDLLModuleExport. The number of references to this type of d/invoke should be minimized
        /// <summary>
        /// Dynamically invoke an arbitrary function from a DLL, providing its name, function prototype, and arguments.
        /// </summary>
        /// <author>The Wover (@TheRealWover)</author>
        /// <param name="DLLName">Name of the DLL.</param>
        /// <param name="FunctionName">Name of the function.</param>
        /// <param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>
        /// <param name="Parameters">Parameters to pass to the function. Can be modified if function uses call by reference.</param>
        /// <returns>Object returned by the function. Must be unmarshalled by the caller.</returns>
        public static object DynamicAPIInvoke(string DLLName, string FunctionName, Type FunctionDelegateType, ref object[] Parameters)
        {
            IntPtr pFunction = ModuleMapper.GetLibraryAddress(DLLName, FunctionName);

            return(DynamicFunctionInvoke(pFunction, FunctionDelegateType, ref Parameters));
        }