C# (CSharp) WheresMyImplant Unmanaged.GetModuleHandle Examples

Programming Language: C# (CSharp)

Namespace/Package Name: WheresMyImplant

Class/Type: Unmanaged

Method/Function: GetModuleHandle

Examples at hotexamples.com: 1

C# (CSharp) WheresMyImplant Unmanaged.GetModuleHandle - 1 examples found. These are the top rated real world C# (CSharp) examples of WheresMyImplant.Unmanaged.GetModuleHandle extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

WriteProcessMemory(5)

CreateRemoteThread(4)

GetProcAddress(4)

VirtualAllocEx(4)

OpenProcess(4)

WaitForSingleObjectEx(3)

VirtualProtectEx(3)

GetModuleHandle(3)

VirtualAlloc(3)

OpenProcessToken(2)

CreateThread(2)

WaitForSingleObject(2)

VirtualProtect(2)

LoadLibrary(2)

ReadProcessMemory(2)

OpenThreadToken(1)

AdjustTokenPrivileges(1)

LookupPrivilegeValue(1)

CloseHandle(1)

ImpersonateSelf(1)

ImpersonateLoggedOnUser(1)

GetTokenInformation(1)

GetCurrentThread(1)

DuplicateTokenEx(1)

CreateProcessWithTokenW(1)

LookupPrivilegeName(1)

Example #1

Show file

File: BaseRemote.cs Project: zshell/WheresMyImplant

        public IntPtr LoadLibraryRemote(string library)
        {
            ////////////////////////////////////////////////////////////////////////////////
            IntPtr hmodule         = Unmanaged.GetModuleHandle("kernel32.dll");
            IntPtr loadLibraryAddr = Unmanaged.GetProcAddress(hmodule, "LoadLibraryA");

            ////////////////////////////////////////////////////////////////////////////////
            IntPtr lpAddress     = IntPtr.Zero;
            UInt32 dwSize        = (UInt32)((library.Length + 1) * Marshal.SizeOf(typeof(char)));
            IntPtr lpBaseAddress = Unmanaged.VirtualAllocEx(hProcess, lpAddress, dwSize, Unmanaged.MEM_COMMIT | Unmanaged.MEM_RESERVE, Unmanaged.PAGE_READWRITE);

            ////////////////////////////////////////////////////////////////////////////////
            UInt32  lpNumberOfBytesWritten   = 0;
            IntPtr  libraryPtr               = Marshal.StringToHGlobalAnsi(library);
            Boolean writeProcessMemoryResult = Unmanaged.WriteProcessMemory(hProcess, lpBaseAddress, libraryPtr, dwSize, ref lpNumberOfBytesWritten);

            ////////////////////////////////////////////////////////////////////////////////
            UInt32  lpflOldProtect         = 0;
            Boolean virtualProtectExResult = Unmanaged.VirtualProtectEx(hProcess, lpBaseAddress, dwSize, Unmanaged.PAGE_EXECUTE_READ, ref lpflOldProtect);

            ////////////////////////////////////////////////////////////////////////////////
            IntPtr lpThreadAttributes = IntPtr.Zero;
            UInt32 dwStackSize        = 0;
            IntPtr lpParameter        = IntPtr.Zero;
            UInt32 dwCreationFlags    = 0;
            UInt32 threadId           = 0;
            IntPtr hThread            = Unmanaged.CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, loadLibraryAddr, lpBaseAddress, dwCreationFlags, ref threadId);

            return(hThread);
        }