API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 17th, 2017
71
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.51 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. //using System;
  4. //using System.Collections.Generic;
  5. //using System.ComponentModel;
  6. //using System.Data;
  7. //using System.Drawing;
  8. //using System.Linq;
  9. //using System.Text;
  10. //using System.Threading.Tasks;
  11. //using System.Windows.Forms;
  12.  
  13. //using System.Threading;
  14. //using System.Runtime.InteropServices;
  15. //using System.Diagnostics;
  16. //using System.IO;
  17. //using System.Reflection;
  18.  
  19.  
  20.  
  21. //namespace kursOS
  22. //{
  23.  
  24. // public partial class Form1 : Form
  25. // {
  26. // public Form1()
  27. // {
  28. // InitializeComponent();
  29. // }
  30.  
  31.  
  32.  
  33.  
  34. // private void button1_Click(object sender, EventArgs e)
  35. // {
  36. // // MessageBox.Show(Convert.ToString( ));
  37. // Injection.Execute();
  38.  
  39.  
  40.  
  41. // }
  42. // }
  43. //}
  44.  
  45.  
  46.  
  47.  
  48.  
  49. //public class Injection
  50. //{
  51. // [DllImport("kernel32.dll")]
  52. // public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
  53.  
  54. // [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
  55. // public static extern IntPtr GetModuleHandle(string lpModuleName);
  56.  
  57. // [DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
  58. // static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
  59.  
  60. // [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
  61. // static extern IntPtr VirtualAllocEx(IntPtr hProcess,
  62. // IntPtr lpAddress,
  63. // uint dwSize,
  64. // uint flAllocationType,
  65. // uint flProtect);
  66.  
  67. // [DllImport("kernel32.dll", SetLastError = true)]
  68. // static extern bool WriteProcessMemory(IntPtr hProcess,
  69. // IntPtr lpBaseAddress,
  70. // byte[] lpBuffer,
  71. // uint nSize,
  72. // out UIntPtr lpNumberOfBytesWritten);
  73.  
  74. // [DllImport("kernel32.dll")]
  75. // static extern IntPtr CreateRemoteThread(IntPtr hProcess,
  76. // IntPtr lpThreadAttributes,
  77. // uint dwStackSize,
  78. // IntPtr lpStartAddress,
  79. // IntPtr lpParameter,
  80. // uint dwCreationFlags,
  81. // IntPtr lpThreadId);
  82.  
  83. // // privileges
  84. // const int PROCESS_CREATE_THREAD = 0x0002;
  85. // const int PROCESS_QUERY_INFORMATION = 0x0400;
  86. // const int PROCESS_VM_OPERATION = 0x0008;
  87. // const int PROCESS_VM_WRITE = 0x0020;
  88. // const int PROCESS_VM_READ = 0x0010;
  89.  
  90. // // used for memory allocation
  91. // const uint MEM_COMMIT = 0x00001000;
  92. // const uint MEM_RESERVE = 0x00002000;
  93. // const uint PAGE_READWRITE = 4;
  94.  
  95. // public static bool isInjected = false;
  96. // [DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)]
  97. // [return: MarshalAs(UnmanagedType.Bool)]
  98. // private static extern bool IsWow64Process(
  99. // [In] IntPtr hProcess,
  100. // [Out] out bool wow64Process
  101. // );
  102.  
  103. // static bool is64BitProcess = (IntPtr.Size == 8);
  104. // static bool is64BitOperatingSystem = is64BitProcess || InternalCheckIsWow64();
  105.  
  106. // public static int inject(string dllPath, Process tProcess)
  107. // {
  108. // Process targetProcess = tProcess;
  109. // string dllName = dllPath;
  110. // IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id);
  111. // IntPtr loadLibraryAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
  112. // IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
  113. // UIntPtr bytesWritten;
  114. // WriteProcessMemory(procHandle, allocMemAddress, Encoding.Default.GetBytes(dllName), (uint)((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), out bytesWritten);
  115. // CreateRemoteThread(procHandle, IntPtr.Zero, 0, loadLibraryAddr, allocMemAddress, 0, IntPtr.Zero);
  116. // return 0;
  117. // }
  118.  
  119. // public static void Execute()
  120. // {
  121. // string rawDLL = String.Empty;
  122. // if (is64BitOperatingSystem)
  123. // {
  124. // rawDLL = Path.Combine(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location), "dllproj.dll");
  125. // }
  126. // else
  127. // {
  128. // rawDLL = Path.Combine(Path.GetDirectoryName(Assembly.GetEntryAssembly().Location), "dllproj.dll");
  129. // }
  130. // // Execution of injection
  131. // Process proc = Process.GetProcessesByName("mspaint")[0];
  132. // Injection.inject(rawDLL, proc);
  133. // isInjected = true;
  134. // }
  135. // public static Boolean isInjectedAlready()
  136. // {
  137. // if (isInjected)
  138. // {
  139. // return true;
  140. // }
  141. // else
  142. // {
  143. // return false;
  144. // }
  145. // }
  146. // public static bool InternalCheckIsWow64()
  147. // {
  148. // if ((Environment.OSVersion.Version.Major == 5 && Environment.OSVersion.Version.Minor >= 1) ||
  149. // Environment.OSVersion.Version.Major >= 6)
  150. // {
  151. // using (Process p = Process.GetCurrentProcess())
  152. // {
  153. // bool retVal;
  154. // if (!IsWow64Process(p.Handle, out retVal))
  155. // {
  156. // return false;
  157. // }
  158. // return retVal;
  159. // }
  160. // }
  161. // else
  162. // {
  163. // return false;
  164. // }
  165. // }
  166. //}
  167. /*
  168. using System;
  169. using System.Collections.Generic;
  170. using System.ComponentModel;
  171. using System.Data;
  172. using System.Drawing;
  173. using System.Text;
  174. using System.Windows.Forms;
  175. using System.Diagnostics;
  176. using System.Runtime.InteropServices;
  177. using System.Threading;
  178.  
  179. namespace kursOS
  180. {
  181.  
  182. public partial class Form1 : Form
  183. {
  184. public Form1()
  185. {
  186. InitializeComponent();
  187. }
  188.  
  189.  
  190.  
  191. [DllImport("kernel32")]
  192. public static extern IntPtr CreateRemoteThread(
  193. IntPtr hProcess,
  194. IntPtr lpThreadAttributes,
  195. uint dwStackSize,
  196. UIntPtr lpStartAddress, // raw Pointer into remote process
  197. IntPtr lpParameter,
  198. uint dwCreationFlags,
  199. out IntPtr lpThreadId
  200. );
  201.  
  202. [DllImport("kernel32.dll")]
  203. public static extern IntPtr OpenProcess(
  204. UInt32 dwDesiredAccess,
  205. Int32 bInheritHandle,
  206. Int32 dwProcessId
  207. );
  208.  
  209. [DllImport("kernel32.dll")]
  210. public static extern Int32 CloseHandle(
  211. IntPtr hObject
  212. );
  213.  
  214. [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
  215. static extern bool VirtualFreeEx(
  216. IntPtr hProcess,
  217. IntPtr lpAddress,
  218. UIntPtr dwSize,
  219. uint dwFreeType
  220. );
  221.  
  222. [DllImport("kernel32.dll", CharSet = CharSet.Ansi, ExactSpelling = true)]
  223. public static extern UIntPtr GetProcAddress(
  224. IntPtr hModule,
  225. string procName
  226. );
  227.  
  228. [DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
  229. static extern IntPtr VirtualAllocEx(
  230. IntPtr hProcess,
  231. IntPtr lpAddress,
  232. uint dwSize,
  233. uint flAllocationType,
  234. uint flProtect
  235. );
  236.  
  237. [DllImport("kernel32.dll")]
  238. static extern bool WriteProcessMemory(
  239. IntPtr hProcess,
  240. IntPtr lpBaseAddress,
  241. string lpBuffer,
  242. UIntPtr nSize,
  243. out IntPtr lpNumberOfBytesWritten
  244. );
  245.  
  246. [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
  247. public static extern IntPtr GetModuleHandle(
  248. string lpModuleName
  249. );
  250.  
  251. [DllImport("kernel32", SetLastError = true, ExactSpelling = true)]
  252. internal static extern Int32 WaitForSingleObject(
  253. IntPtr handle,
  254. Int32 milliseconds
  255. );
  256.  
  257. public Int32 GetProcessId(String proc)
  258. {
  259. Process[] ProcList;
  260. ProcList = Process.GetProcessesByName(proc);
  261. return ProcList[0].Id;
  262. }
  263.  
  264. public void InjectDLL(IntPtr hProcess, String strDLLName)
  265. {
  266. IntPtr bytesout;
  267.  
  268. // Length of string containing the DLL file name +1 byte padding
  269. Int32 LenWrite = strDLLName.Length + 1;
  270. // Allocate memory within the virtual address space of the target process
  271. IntPtr AllocMem = (IntPtr)VirtualAllocEx(hProcess, (IntPtr)null, (uint)LenWrite, 0x1000, 0x40); //allocation pour WriteProcessMemory
  272.  
  273. // Write DLL file name to allocated memory in target process
  274. WriteProcessMemory(hProcess, AllocMem, strDLLName, (UIntPtr)LenWrite, out bytesout);
  275. // Function pointer "Injector"
  276. UIntPtr Injector = (UIntPtr)GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
  277.  
  278. if (Injector == null)
  279. {
  280. MessageBox.Show(" Injector Error! \n ");
  281. // return failed
  282. return;
  283. }
  284.  
  285. // Create thread in target process, and store handle in hThread
  286. IntPtr hThread = (IntPtr)CreateRemoteThread(hProcess, (IntPtr)null, 0, Injector, AllocMem, 0, out bytesout);
  287. // Make sure thread handle is valid
  288. if (hThread == null)
  289. {
  290. //incorrect thread handle ... return failed
  291. MessageBox.Show(" hThread [ 1 ] Error! \n ");
  292. return;
  293. }
  294. // Time-out is 10 seconds...
  295. int Result = WaitForSingleObject(hThread, 10 * 1000);
  296. // Check whether thread timed out...
  297. if (Result == 0x00000080L || Result == 0x00000102L || Result == 0xFFFFFFFF)
  298. {
  299. /* Thread timed out...
  300. MessageBox.Show(" hThread [ 2 ] Error! \n ");
  301. // Make sure thread handle is valid before closing... prevents crashes.
  302. if (hThread != null)
  303. {
  304. //Close thread in target process
  305. CloseHandle(hThread);
  306. }
  307. return;
  308. }
  309. // Sleep thread for 1 second
  310. Thread.Sleep(1000);
  311. // Clear up allocated space ( Allocmem )
  312. VirtualFreeEx(hProcess, AllocMem, (UIntPtr)0, 0x8000);
  313. // Make sure thread handle is valid before closing... prevents crashes.
  314. if (hThread != null)
  315. {
  316. //Close thread in target process
  317. CloseHandle(hThread);
  318. }
  319. // return succeeded
  320. return;
  321. }
  322.  
  323. private void button1_Click(object sender, EventArgs e)
  324. {
  325. String strDLLName = "C:\\Users\\user\\source\\repos\\kursOS\\kursOS\\bin\\Debug\\dllproj.dll";
  326. String strProcessName = "mspaint";
  327.  
  328. Int32 ProcID = GetProcessId(strProcessName);
  329. if (ProcID >= 0)
  330. {
  331. IntPtr hProcess = (IntPtr)OpenProcess(0x1F0FFF, 1, ProcID);
  332. if (hProcess == null)
  333. {
  334. MessageBox.Show("OpenProcess() Failed!");
  335. return;
  336. }
  337. else
  338. InjectDLL(hProcess, strDLLName);
  339. }
  340.  
  341. }
  342. }
  343. }
  344. */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!