API tools faq
paste
Advertisement
rasmusfaber

Execute machine code from C#

rasmusfaber
Mar 5th, 2012
1,209
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 2.40 KB | None | 0 0
raw download clone embed print report diff
  1. using System;
  2. using System.Runtime.InteropServices;
  3.  
  4. class Program
  5. {
  6.     [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
  7.     public delegate uint Ret1ArgDelegate(uint arg1);
  8.  
  9.     [DllImport("kernel32.dll", SetLastError=true)]
  10.     static extern IntPtr VirtualAlloc(IntPtr lpAddress, UIntPtr dwSize,
  11.                                       AllocationType flAllocationType, MemoryProtection flProtect);
  12.                                      
  13.     [DllImport("kernel32.dll", SetLastError=true)]
  14.     static extern bool VirtualFree(IntPtr lpAddress, UIntPtr dwSize,
  15.                                    FreeType freeType);
  16.                                    
  17.   [Flags]
  18.   public enum AllocationType:uint
  19.   {
  20.     COMMIT=0x1000,
  21.     RESERVE=0x2000,
  22.     RESET=0x80000,
  23.     LARGE_PAGES=0x20000000,
  24.     PHYSICAL=0x400000,
  25.     TOP_DOWN=0x100000,
  26.     WRITE_WATCH=0x200000
  27.   }
  28.  
  29.   [Flags]
  30.   public enum MemoryProtection:uint
  31.   {
  32.     EXECUTE=0x10,
  33.     EXECUTE_READ=0x20,
  34.     EXECUTE_READWRITE=0x40,
  35.     EXECUTE_WRITECOPY=0x80,
  36.     NOACCESS=0x01,
  37.     READONLY=0x02,
  38.     READWRITE=0x04,
  39.     WRITECOPY=0x08,
  40.     GUARD_Modifierflag=0x100,
  41.     NOCACHE_Modifierflag = 0x200,
  42.     WRITECOMBINE_Modifierflag = 0x400
  43.   }
  44.  
  45.   [Flags]
  46.   public enum FreeType:uint
  47.   {
  48.     DECOMMIT = 0x4000,
  49.     RELEASE = 0x8000
  50.   }    
  51.  
  52.   public static byte[] asmBytesX86 = new byte[]
  53.         {        
  54. 0x55,             // push ebp
  55. 0x8B, 0xEC,       // mov ebp, esp
  56. 0x8B, 0x45, 0x08, // mov eax, [ebp+8]
  57. 0xD1, 0xC8,       // ror eax, 1
  58. 0x5D,             // pop ebp
  59. 0xC3              // ret
  60.         };
  61.        
  62.   public static byte[] asmBytesX64 = new byte[]
  63.         {        
  64. 0x89, 0xC8,       // mov rax, rcx
  65. 0xD1, 0xC8,       // ror eax, 1
  66. 0xC3              // ret
  67.         };
  68.        
  69.   static void Main(string[] args)
  70.   {
  71.         byte[] asmBytes = (IntPtr.Size == 4)?asmBytesX86:asmBytesX64;
  72.         IntPtr executableMemory = VirtualAlloc(IntPtr.Zero, (UIntPtr) asmBytes.Length, AllocationType.COMMIT, MemoryProtection.EXECUTE_READWRITE);
  73.         Marshal.Copy(asmBytes, 0, executableMemory, asmBytes.Length);
  74.         Ret1ArgDelegate del = (Ret1ArgDelegate) Marshal.GetDelegateForFunctionPointer (executableMemory, typeof(Ret1ArgDelegate));
  75.    
  76.         uint n = (uint)0xFFFFFFFC;
  77.         n = del(n);
  78.         Console.WriteLine("{0:x}", n);
  79.          
  80.         VirtualFree(executableMemory, UIntPtr.Zero, FreeType.DECOMMIT);
  81.     }
  82. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!