Exemplos de NativeExecution.CreateRemoteThread em C# (CSharp)

Linguagem de programação: C# (CSharp)

Classe / Tipo: NativeExecution

Método / Função: CreateRemoteThread

Exemplos em hotexamples.com: 2

NativeExecution.CreateRemoteThread em C# (CSharp) - 2 exemplos encontrados. Esses são os exemplos do mundo real mais bem avaliados de NativeExecution.CreateRemoteThread em C# (CSharp) extraídos de projetos de código aberto. Você pode avaliar os exemplos para nos ajudar a melhorar a qualidade deles.

Métodos Frequentes

Exibir Ocultar

ProcessCommand(3)

GetProcAddress(3)

CloseHandle(3)

GetModuleHandle(2)

CreateRemoteThread(2)

AutoLoadCommand(1)

OpenProcess(1)

WaitForSingleObject(1)

VirtualFreeEx(1)

VirtualAllocEx(1)

LoadLibrary(1)

Module32Next(1)

Module32First(1)

GetProcessId(1)

GetExitCodeThread(1)

FreeLibrary(1)

CreateToolhelp32Snapshot(1)

WriteProcessMemory(1)

Métodos Frequentes

ProcessCommand (3)

GetProcAddress (3)

CloseHandle (3)

GetModuleHandle (2)

CreateRemoteThread (2)

AutoLoadCommand (1)

OpenProcess (1)

WaitForSingleObject (1)

VirtualFreeEx (1)

VirtualAllocEx (1)

Métodos Frequentes

LoadLibrary (1)

Module32Next (1)

Module32First (1)

GetProcessId (1)

GetExitCodeThread (1)

FreeLibrary (1)

CreateToolhelp32Snapshot (1)

WriteProcessMemory (1)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: Injector.cs Projeto: yssam-mtibaa/DNCI

/// <summary> /// Removes from Target Process Memory the DNCIClrLoader /// </summary> /// <param name="targetProcessHandle">Target Process Handle</param> /// <param name="dnciModuleHandle">DNCIClrLoader Module Handle</param> private void EraseRemoteModules(IntPtr targetProcessHandle, IntPtr dnciModuleHandle) { // Resolve FreeLibrary function pointer into kernel32 address space IntPtr freeLibraryHandle = NativeExecution.GetProcAddress(NativeExecution.GetModuleHandle("Kernel32"), "FreeLibrary"); // Unload DNCIClrLoader.dll from Remote Process NativeExecution.CreateRemoteThread(targetProcessHandle, IntPtr.Zero, 0, freeLibraryHandle, dnciModuleHandle, 0, IntPtr.Zero); }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: Injector.cs Projeto: yssam-mtibaa/DNCI

/// <summary> /// Inject the "functionPointer" with "parameters" into Remote Process /// </summary> /// <param name="processHandle">Remote Process Handle</param> /// <param name="functionPointer">LoadLibraryW Function Pointer</param> /// <param name="clrLoaderFullPath">DNCIClrLoader.exe Full Path</param> private Int32 Inject(IntPtr processHandle, IntPtr functionPointer, String parameters) { // Set Array to Write byte[] toWriteData = Encoding.Unicode.GetBytes(parameters); // Compute Required Space on Remote Process uint requiredRemoteMemorySize = (uint)( (toWriteData.Length) * Marshal.SizeOf(typeof(char)) ) + (uint)Marshal.SizeOf(typeof(char)); // Alocate Required Memory Space on Remote Process IntPtr allocMemAddress = NativeExecution.VirtualAllocEx( processHandle, IntPtr.Zero, requiredRemoteMemorySize, NativeConstants.MEM_RESERVE | NativeConstants.MEM_COMMIT, NativeConstants.PAGE_READWRITE ); // Write Argument on Remote Process UIntPtr bytesWritten; bool success = NativeExecution.WriteProcessMemory( processHandle, allocMemAddress, toWriteData, requiredRemoteMemorySize, out bytesWritten ); // Create Remote Thread IntPtr createRemoteThread = NativeExecution.CreateRemoteThread( processHandle, IntPtr.Zero, 0, functionPointer, allocMemAddress, 0, IntPtr.Zero ); // Wait Thread to Exit NativeExecution.WaitForSingleObject(createRemoteThread, NativeConstants.INFINITE); // Release Memory in Remote Process NativeExecution.VirtualFreeEx(processHandle, allocMemAddress, 0, NativeConstants.MEM_RELEASE); // Get Thread Exit Code Int32 exitCode; NativeExecution.GetExitCodeThread(createRemoteThread, out exitCode); // Close Remote Handle NativeExecution.CloseHandle(createRemoteThread); return(exitCode); }