/// <summary>
/// Call a manually mapped DLL by Export.
/// </summary>
/// <author>Ruben Boonen (@FuzzySec)</author>
/// <param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>
/// <param name="ModuleMemoryBase">Base address of the module in memory.</param>
/// <param name="ExportName">The name of the export to search for (e.g. "NtAlertResumeThread").</param>
/// <param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>
/// <param name="Parameters">Arbitrary set of parameters to pass to the function. Can be modified if function uses call by reference.</param>
/// <param name="CallEntry">Specify whether to invoke the module's entry point.</param>
/// <returns>void</returns>
public static object CallMappedDLLModuleExport(PE_META_DATA PEINFO, IntPtr ModuleMemoryBase, string ExportName, Type FunctionDelegateType, ref object[] Parameters, bool CallEntry = true)
{
// Call entry point if user has specified
if (CallEntry)
{
CallMappedDLLModule(PEINFO, ModuleMemoryBase);
}
// Get export pointer
IntPtr pFunc = ModuleMapper.GetExportAddress(ModuleMemoryBase, ExportName);
// Call export
return(DynamicFunctionInvoke(pFunc, FunctionDelegateType, ref Parameters));
}
/// <summary>
/// Call a manually mapped DLL by Export. Will load the dll in question if not already loaded, and execute an exported function from it.
/// </summary>
public static object ManualInvoke(string dllPath, string ExportName, Type FunctionDelegateType, ref object[] Parameters, bool CallEntry = true)
{
PE_MANUAL_MAP mapData = ModuleMapper.MapModuleToMemory(dllPath);
return(CallMappedDLLModuleExport(mapData.PEINFO, mapData.ModuleBase, ExportName, FunctionDelegateType, ref Parameters, CallEntry));
}
// NOTE: For security, it is better to use CallMappedDLLModuleExport. The number of references to this type of d/invoke should be minimized
/// <summary>
/// Dynamically invoke an arbitrary function from a DLL, providing its name, function prototype, and arguments.
/// </summary>
/// <author>The Wover (@TheRealWover)</author>
/// <param name="DLLName">Name of the DLL.</param>
/// <param name="FunctionName">Name of the function.</param>
/// <param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>
/// <param name="Parameters">Parameters to pass to the function. Can be modified if function uses call by reference.</param>
/// <returns>Object returned by the function. Must be unmarshalled by the caller.</returns>
public static object DynamicAPIInvoke(string DLLName, string FunctionName, Type FunctionDelegateType, ref object[] Parameters)
{
IntPtr pFunction = ModuleMapper.GetLibraryAddress(DLLName, FunctionName);
return(DynamicFunctionInvoke(pFunction, FunctionDelegateType, ref Parameters));
}