• C# Execute assembly sequence and other os function


    1,execute Assembly sequence

    using System;
    using System.Reflection;
    
    class Program
    {
        public delegate uint Ret1ArgDelegate(uint arg1);
        static uint PlaceHolder1(uint arg1) { return 0; }
    
        public static byte[] asmBytes = new byte[]
        {        
    0x89,0xD0, // MOV EAX,EDX
    0xD1,0xC8, // ROR EAX,1
    0xC3       // RET
        };
    
        unsafe static void Main(string[] args)
        {
        fixed(byte* startAddress = &asmBytes[0]) // Take the address of our x86 code
        {
            // Get the FieldInfo for "_methodPtr"
            Type delType = typeof(Delegate);
            FieldInfo _methodPtr = delType.GetField("_methodPtr", BindingFlags.NonPublic | BindingFlags.Instance);
    
            // Set our delegate to our x86 code
            Ret1ArgDelegate del = new Ret1ArgDelegate(PlaceHolder1);
            _methodPtr.SetValue(del, (IntPtr)startAddress);
    
            // Enjoy
            uint n = (uint)0xFFFFFFFC;
            n = del(n);
            Console.WriteLine("{0:x}", n);
        }
        }
    }
    

      

    using System;
    using System.Collections.Generic;
    using System.Runtime.InteropServices;
    
    namespace DynamicX86
    {
        class Program
        {
            const uint PAGE_EXECUTE_READWRITE = 0x40;
            const uint MEM_COMMIT = 0x1000;
    
            [DllImport("kernel32.dll", SetLastError = true)]
            static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
    
            private delegate int IntReturner();
    
            static void Main(string[] args)
            {
                List<byte> bodyBuilder = new List<byte>();
                bodyBuilder.Add(0xb8);
                bodyBuilder.AddRange(BitConverter.GetBytes(42));
                bodyBuilder.Add(0xc3);
                byte[] body = bodyBuilder.ToArray();
                IntPtr buf = VirtualAlloc(IntPtr.Zero, (uint)body.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
                Marshal.Copy(body, 0, buf, body.Length);
    
                IntReturner ptr = (IntReturner)Marshal.GetDelegateForFunctionPointer(buf, typeof(IntReturner));
                Console.WriteLine(ptr());
            }
        }
    }
  • 相关阅读:
    [bzoj4239]巴士走读
    [bzoj1146]网络管理
    [luogu3292]幸运数字
    [51nod1597]有限背包计数问题
    [bzoj2654]tree
    [bzoj2668]交换棋子
    [bzoj3173]最长上升子序列
    [hdu6715]算术
    [bzoj3784]树上的路径
    [bzoj1221]软件开发
  • 原文地址:https://www.cnblogs.com/netact/p/2855448.html
Copyright © 2020-2023  润新知