C# (CSharp) CallDllMainX64示例

编程语言: C# (CSharp)

类/类型: CallDllMainX64

hotexamples.com的示例: 2

C# (CSharp) CallDllMainX64 - 已找到2个示例。这些是从开源项目中提取的最受好评的CallDllMainX64现实C# (CSharp)示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

GetShellcode(2)

示例#1

显示文件

文件： ManualMap.cs 项目： hjbfa/Bleak

        private void CallEntryPoint(InjectionProperties injectionProperties, IntPtr remoteDllAddress, IntPtr entryPointAddress)
        {
            // Write the shellcode used to call the entry point of the DLL or TLS callback in the target process

            var shellcode = injectionProperties.RemoteProcess.IsWow64
                          ? CallDllMainX86.GetShellcode(remoteDllAddress, entryPointAddress)
                          : CallDllMainX64.GetShellcode(remoteDllAddress, entryPointAddress);

            var shellcodeBuffer = injectionProperties.MemoryManager.AllocateVirtualMemory(IntPtr.Zero, shellcode.Length, Enumerations.MemoryProtectionType.ExecuteReadWrite);

            injectionProperties.MemoryManager.WriteVirtualMemory(shellcodeBuffer, shellcode);

            // Create a thread to call the shellcode in the target process

            var remoteThreadHandle = (SafeThreadHandle)injectionProperties.SyscallManager.InvokeSyscall <NtCreateThreadEx>(injectionProperties.RemoteProcess.Handle, shellcodeBuffer, IntPtr.Zero);

            PInvoke.WaitForSingleObject(remoteThreadHandle, uint.MaxValue);

            injectionProperties.MemoryManager.FreeVirtualMemory(shellcodeBuffer);

            remoteThreadHandle.Dispose();
        }

示例#2

显示文件

文件： ManualMap.cs 项目： nocturnalx1/Bleak

        private void CallEntryPoint(IntPtr remoteDllBaseAddress, IntPtr dllEntryPointAddress)
        {
            // Write the shellcode used to call the entry point of the DLL into the target process

            var shellcode = _propertyWrapper.TargetProcess.IsWow64 ? CallDllMainX86.GetShellcode(remoteDllBaseAddress, dllEntryPointAddress) : CallDllMainX64.GetShellcode(remoteDllBaseAddress, dllEntryPointAddress);

            var shellcodeBuffer = _propertyWrapper.MemoryManager.AllocateVirtualMemory(shellcode.Length, Enumerations.MemoryProtectionType.ExecuteReadWrite);

            _propertyWrapper.MemoryManager.WriteVirtualMemory(shellcodeBuffer, shellcode);

            // Create a thread to call the shellcode in the target process

            var threadHandle = (SafeThreadHandle)_propertyWrapper.SyscallManager.InvokeSyscall <NtCreateThreadEx>(_propertyWrapper.TargetProcess.Handle, shellcodeBuffer, IntPtr.Zero);

            PInvoke.WaitForSingleObject(threadHandle, uint.MaxValue);

            _propertyWrapper.MemoryManager.FreeVirtualMemory(shellcodeBuffer);

            threadHandle.Dispose();
        }