LoadLibraryHelper C# (CSharp) Exemples de code

Exemple #1

0

Afficher le fichier

        internal static bool SupportsWin7Identifiers()
        {
            IntPtr automationCoreHandle = LoadLibraryHelper.SecureLoadLibraryEx(DllImport.UIAutomationCore, IntPtr.Zero, UnsafeNativeMethods.LoadLibraryFlags.LOAD_LIBRARY_SEARCH_SYSTEM32);

            if (automationCoreHandle != IntPtr.Zero)
            {
                IntPtr entryPoint = UnsafeNativeMethods.GetProcAddressNoThrow(new HandleRef(null, automationCoreHandle), StartListeningExportName);
                if (entryPoint != IntPtr.Zero)
                {
                    return(true);
                }
            }
            return(false);
        }

Exemple #2

0

Afficher le fichier

        public ModulePointer LoadLibrary(string pathToDll, bool resolveReferences = true)
        {
            byte[] loadLibraryOpcodes = LoadLibraryHelper.LoadLibraryPayload(pathToDll);

            MemoryPointer allocatedMemory = AllocateManagedMemory(loadLibraryOpcodes.Length);

            if (Kernel32.WriteProcessMemory(Native.Handle, allocatedMemory.Address, loadLibraryOpcodes, loadLibraryOpcodes.Length, out IntPtr _))
            {
                ModulePointer kernel32Module = Modules["kernel32.dll"];
                MemoryPointer loadLibraryAddress;
                if (resolveReferences)
                {
                    loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryW");
                }
                else
                {
                    loadLibraryAddress = kernel32Module.GetProcAddress("LoadLibraryExW");
                }

                if (loadLibraryAddress == null)
                {
                    throw new Win32Exception($"Couldn't get proc address, error code: {Marshal.GetLastWin32Error()}.");
                }

                if (Kernel32.CreateRemoteThread(Native.Handle, IntPtr.Zero, 0, loadLibraryAddress.Address, allocatedMemory.Address, 0, IntPtr.Zero) == IntPtr.Zero)
                {
                    throw new Win32Exception($"Couldn't create a remote thread, error code: {Marshal.GetLastWin32Error()}.");
                }
            }

            ModulePointer injectedModule;

            while (!Modules.TryGetValue(Path.GetFileName(pathToDll).ToLower(), out injectedModule))
            {
                Thread.Sleep(1);
            }

            return(injectedModule);
        }

Exemple #3

0

Afficher le fichier

        /// <summary>
        /// Loads Wldp.dll and looks for WldpIsDynamicCodePolicyEnabled to determine whether DeviceGuard is enabled.
        /// </summary>
        private static bool IsDynamicCodePolicyEnabled()
        {
            bool isEnabled = false;

            IntPtr hModule = IntPtr.Zero;

            try
            {
                hModule = LoadLibraryHelper.SecureLoadLibraryEx(ExternDll.Wldp, IntPtr.Zero, UnsafeNativeMethods.LoadLibraryFlags.LOAD_LIBRARY_SEARCH_SYSTEM32);
                if (hModule != IntPtr.Zero)
                {
                    IntPtr entryPoint = UnsafeNativeMethods.GetProcAddressNoThrow(new HandleRef(null, hModule), "WldpIsDynamicCodePolicyEnabled");
                    if (entryPoint != IntPtr.Zero)
                    {
                        int hResult = UnsafeNativeMethods.WldpIsDynamicCodePolicyEnabled(out isEnabled);

                        if (hResult != NativeMethods.S_OK)
                        {
                            isEnabled = false;
                        }
                    }
                }
            }
            catch
            {
            }
            finally
            {
                if (hModule != IntPtr.Zero)
                {
                    UnsafeNativeMethods.FreeLibrary(hModule);
                }
            }

            return(isEnabled);
        }

C# (CSharp) LoadLibraryHelper Exemples