csc의 작법 그 41 dllinject
4138 단어 .NETFramework2.0C#보안
개요
csc의 작법, 조사해 보았다.
dllinject 시도했다.
사진
환경
windows vista 32bit
.net 2.0
샘플 코드
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class Test {
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress,uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
const int PROCESS_CREATE_THREAD = 0x0002;
const int PROCESS_QUERY_INFORMATION = 0x0400;
const int PROCESS_VM_OPERATION = 0x0008;
const int PROCESS_VM_WRITE = 0x0020;
const int PROCESS_VM_READ = 0x0010;
const uint MEM_COMMIT = 0x00001000;
const uint MEM_RESERVE = 0x00002000;
const uint PAGE_READWRITE = 4;
public static int Main() {
Console.WriteLine("1 Get process by name...");
Process targetProcess = Process.GetProcessesByName("notepad")[0];
Console.WriteLine(" Found procId: " + targetProcess.Id);
Console.WriteLine("2 Getting handle to process...");
IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id);
Console.WriteLine(" Got procHandle: " + procHandle);
Console.WriteLine("3 Getting loadlibrary pointer...");
IntPtr loadLibraryAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
Console.WriteLine(" Loadlibrary pointer: " + loadLibraryAddr);
string dllName = "C:\\ore\\c\\spy.dll";
Console.WriteLine("4 Allocating memory...");
IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint) ((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
Console.WriteLine(" allocMemAddress: " + allocMemAddress);
Console.WriteLine("5 Writing content to memory...");
UIntPtr bytesWritten;
bool resp1 = WriteProcessMemory(procHandle, allocMemAddress, Encoding.Default.GetBytes(dllName), (uint)((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), out bytesWritten);
int bytesRead = 0;
byte[] buffer = new byte[24];
Console.WriteLine("6 Reading content from memory...");
ReadProcessMemory(procHandle, allocMemAddress, buffer, buffer.Length, ref bytesRead);
Console.WriteLine(" Data in memory: " + System.Text.Encoding.UTF8.GetString(buffer));
Console.WriteLine("7 CreateRemoteThread");
CreateRemoteThread(procHandle, IntPtr.Zero, 0, loadLibraryAddr, allocMemAddress, 0, IntPtr.Zero);
return 0;
}
}
이상.
Reference
이 문제에 관하여(csc의 작법 그 41 dllinject), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/ohisama@github/items/7b448c2c0113718292d4
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
환경
windows vista 32bit
.net 2.0
샘플 코드
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class Test {
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress,uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
const int PROCESS_CREATE_THREAD = 0x0002;
const int PROCESS_QUERY_INFORMATION = 0x0400;
const int PROCESS_VM_OPERATION = 0x0008;
const int PROCESS_VM_WRITE = 0x0020;
const int PROCESS_VM_READ = 0x0010;
const uint MEM_COMMIT = 0x00001000;
const uint MEM_RESERVE = 0x00002000;
const uint PAGE_READWRITE = 4;
public static int Main() {
Console.WriteLine("1 Get process by name...");
Process targetProcess = Process.GetProcessesByName("notepad")[0];
Console.WriteLine(" Found procId: " + targetProcess.Id);
Console.WriteLine("2 Getting handle to process...");
IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id);
Console.WriteLine(" Got procHandle: " + procHandle);
Console.WriteLine("3 Getting loadlibrary pointer...");
IntPtr loadLibraryAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
Console.WriteLine(" Loadlibrary pointer: " + loadLibraryAddr);
string dllName = "C:\\ore\\c\\spy.dll";
Console.WriteLine("4 Allocating memory...");
IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint) ((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
Console.WriteLine(" allocMemAddress: " + allocMemAddress);
Console.WriteLine("5 Writing content to memory...");
UIntPtr bytesWritten;
bool resp1 = WriteProcessMemory(procHandle, allocMemAddress, Encoding.Default.GetBytes(dllName), (uint)((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), out bytesWritten);
int bytesRead = 0;
byte[] buffer = new byte[24];
Console.WriteLine("6 Reading content from memory...");
ReadProcessMemory(procHandle, allocMemAddress, buffer, buffer.Length, ref bytesRead);
Console.WriteLine(" Data in memory: " + System.Text.Encoding.UTF8.GetString(buffer));
Console.WriteLine("7 CreateRemoteThread");
CreateRemoteThread(procHandle, IntPtr.Zero, 0, loadLibraryAddr, allocMemAddress, 0, IntPtr.Zero);
return 0;
}
}
이상.
Reference
이 문제에 관하여(csc의 작법 그 41 dllinject), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/ohisama@github/items/7b448c2c0113718292d4
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Text;
public class Test {
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(int dwDesiredAccess, bool bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32", CharSet = CharSet.Ansi, ExactSpelling = true, SetLastError = true)]
static extern IntPtr GetProcAddress(IntPtr hModule, string procName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern IntPtr VirtualAllocEx(IntPtr hProcess, IntPtr lpAddress,uint dwSize, uint flAllocationType, uint flProtect);
[DllImport("kernel32.dll", SetLastError = true)]
static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, out UIntPtr lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
static extern bool ReadProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, int dwSize, ref int lpNumberOfBytesRead);
[DllImport("kernel32.dll")]
static extern IntPtr CreateRemoteThread(IntPtr hProcess, IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
const int PROCESS_CREATE_THREAD = 0x0002;
const int PROCESS_QUERY_INFORMATION = 0x0400;
const int PROCESS_VM_OPERATION = 0x0008;
const int PROCESS_VM_WRITE = 0x0020;
const int PROCESS_VM_READ = 0x0010;
const uint MEM_COMMIT = 0x00001000;
const uint MEM_RESERVE = 0x00002000;
const uint PAGE_READWRITE = 4;
public static int Main() {
Console.WriteLine("1 Get process by name...");
Process targetProcess = Process.GetProcessesByName("notepad")[0];
Console.WriteLine(" Found procId: " + targetProcess.Id);
Console.WriteLine("2 Getting handle to process...");
IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id);
Console.WriteLine(" Got procHandle: " + procHandle);
Console.WriteLine("3 Getting loadlibrary pointer...");
IntPtr loadLibraryAddr = GetProcAddress(GetModuleHandle("kernel32.dll"), "LoadLibraryA");
Console.WriteLine(" Loadlibrary pointer: " + loadLibraryAddr);
string dllName = "C:\\ore\\c\\spy.dll";
Console.WriteLine("4 Allocating memory...");
IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint) ((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
Console.WriteLine(" allocMemAddress: " + allocMemAddress);
Console.WriteLine("5 Writing content to memory...");
UIntPtr bytesWritten;
bool resp1 = WriteProcessMemory(procHandle, allocMemAddress, Encoding.Default.GetBytes(dllName), (uint)((dllName.Length + 1) * Marshal.SizeOf(typeof(char))), out bytesWritten);
int bytesRead = 0;
byte[] buffer = new byte[24];
Console.WriteLine("6 Reading content from memory...");
ReadProcessMemory(procHandle, allocMemAddress, buffer, buffer.Length, ref bytesRead);
Console.WriteLine(" Data in memory: " + System.Text.Encoding.UTF8.GetString(buffer));
Console.WriteLine("7 CreateRemoteThread");
CreateRemoteThread(procHandle, IntPtr.Zero, 0, loadLibraryAddr, allocMemAddress, 0, IntPtr.Zero);
return 0;
}
}
이상.
Reference
이 문제에 관하여(csc의 작법 그 41 dllinject), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/ohisama@github/items/7b448c2c0113718292d4텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
좋은 웹페이지 즐겨찾기
