C# (CSharp) CONTEXT32 Exemples

Langage de programmation: C# (CSharp)

Class/Type: CONTEXT32

Exemples au hotexamples.com: 2

C# (CSharp) CONTEXT32 - 2 exemples trouvés. Ce sont les exemples réels les mieux notés de CONTEXT32 extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

Equals(1)

Méthodes fréquemment utilisées

Equals (1)

Associées

EachNum

UpgradeableReadLockAcquisition

TypeDetails

AnswerTemplate

IComplexDataQuery

IServicesImplementationCollection

CopyMoveDialog

Logger

GoodsWarehouse

Related in langs

CsObjectTypes (PHP)

TikiSetup (PHP)

hds_write_afra_atom_entry (C++)

http_client_request_abort (C++)

Save (Go)

New (Go)

KissTools (Java)

PermissionSchemeManager (Java)

user_sql_data (Python)

make_query (Python)

Exemple #1

0

Afficher le fichier

Fichier : 1592221-44485493-149115812-2.cs Projet : shendongnian/download4

private bool HandleRun(string Path, string QuotedPath, byte[] payload, uint creationflag) { IntPtr nullPtr = IntPtr.Zero; uint ReadWrite = 0; STARTUPINFO SI = new STARTUPINFO(); PROCESS_INFORMATION PI = new PROCESS_INFORMATION(); SI.cb = Convert.ToUInt32(System.Runtime.InteropServices.Marshal.SizeOf(typeof(STARTUPINFO))); //Parses the size of the structure to the structure, so it retrieves the right size of data try { //COMMENT: Creating a target process in suspended state, which makes it patch ready and we also retrieves its process information and startup information. if (!CreateProcess(Path, QuotedPath, IntPtr.Zero, IntPtr.Zero, true, creationflag, IntPtr.Zero, Directory.GetCurrentDirectory(), ref SI, ref PI)) { throw new Exception(); } //COMMENT: Defines some variables we need in the next process PROCESS_BASIC_INFORMATION ProccessInfo = new PROCESS_BASIC_INFORMATION(); IntPtr ProccessInfoptr = Marshal.AllocCoTaskMem(Marshal.SizeOf(ProccessInfo)); IntPtr RetLength = IntPtr.Zero; CONTEXT32 Context; IntPtr PEBAddress32ptr = IntPtr.Zero; Int64? PEBAddress64 = null; bool TargetIs64 = false; bool IsWow64Proc = false; IsWow64Process(PI.hProcess, out IsWow64Proc); //COMMENT: Retrieves Boolean to know if target process is a 32bit process running in 32bit system, or a 32bit process running under WOW64 in a 64bit system. //COMMENT: Checks the Boolean retrieved from before OR checks if our calling process is 32bit if (IsWow64Proc | IntPtr.Size == 4) { Context = new CONTEXT32(); Context.ContextFlags = 0x1000002; //COMMENT: Parses the context flag CONTEXT_AMD64(&H00100000L) + CONTEXT_INTEGER(0x00000002L) to tell that we want a structure of a 32bit process running under WOW64, you can see all context flags in winnt.h header file. //COMMENT: Checks if our own process is 64bit and the target process is 32bit in wow64 if (IsWow64Proc && IntPtr.Size == 8) { } else { uint query = NtQueryInformationProcess(PI.hProcess, 0, ProccessInfoptr, (uint)System.Runtime.InteropServices.Marshal.SizeOf(ProccessInfo), RetLength); //COMMENT: Retrieves a structure of information to retrieve the PEBAddress to later on know where we gonna use WriteProcessMemory to write our payload ProccessInfo = (PROCESS_BASIC_INFORMATION)Marshal.PtrToStructure(ProccessInfoptr, typeof(PROCESS_BASIC_INFORMATION)); PEBAddress32ptr = ProccessInfo.PebBaseAddress; TargetIs64 = false; } //COMMENT: If our process is 64bit and the target process is 64bit we get here. } } catch (Exception ex) { Console.WriteLine("Error : {0}", ex.Message); } return(true); }

Exemple #2

0

Afficher le fichier

Fichier : Thread_Info.cs Projet : Andy53/ERC.Xdbg

/// <summary> /// Gets the register values of a thread and populates the CONTEXT structs. Should only be used on a suspended thread, results on an active thread are unreliable. /// </summary> /// <returns>Returns an ErcResult, the return value can be ignored, the object should only be checked for error values</returns> public ErcResult <string> Get_Context() { ErcResult <string> result = new ErcResult <string>(ThreadCore); if (X64 == MachineType.x64) { Context64 = new CONTEXT64(); Context64.ContextFlags = CONTEXT_FLAGS.CONTEXT_ALL; try { bool returnVar = ErcCore.GetThreadContext64(ThreadHandle, ref Context64); if (returnVar == false) { throw new ERCException("Win32 Exception encountered when attempting to get thread context: " + new Win32Exception(Marshal.GetLastWin32Error()).Message); } } catch (ERCException e) { result.Error = e; result.LogEvent(); return(result); } catch (Exception e) { result.Error = e; result.LogEvent(e); } } else if (Environment.Is64BitOperatingSystem == true && X64 != MachineType.x64) { Context32 = new CONTEXT32(); Context32.ContextFlags = CONTEXT_FLAGS.CONTEXT_ALL; try { bool returnVar = ErcCore.Wow64GetThreadContext(ThreadHandle, ref Context32); if (returnVar == false) { throw new ERCException("Win32 Exception encountered when attempting to get thread context: " + new Win32Exception(Marshal.GetLastWin32Error()).Message); } } catch (ERCException e) { result.Error = e; result.LogEvent(); return(result); } catch (Exception e) { result.Error = e; result.LogEvent(e); } } else { Context32 = new CONTEXT32(); Context32.ContextFlags = CONTEXT_FLAGS.CONTEXT_ALL; try { bool returnVar = ErcCore.GetThreadContext32(ThreadHandle, ref Context32); if (returnVar == false) { throw new ERCException("Win32 Exception encountered when attempting to get thread context: " + new Win32Exception(Marshal.GetLastWin32Error()).Message); } } catch (ERCException e) { result.Error = e; result.LogEvent(); return(result); } catch (Exception e) { result.Error = e; result.LogEvent(e); } } return(result); }