Is it possible to execute an x86 build sequence from C #?

Question

Is it possible to execute an x86 build sequence from C #?

Continuing my reverse engineering education, I often wanted to be able to copy part of the x86 assembler code and call it from a high-level language of my choice for testing.

Does anyone know of a way to invoke a sequence of x86 instructions from a C # method? I know this can be done using C ++, but I'm curious if this can be done in C #?

Note. I am not talking about executing MSIL instructions. I am talking about following a series of raw x86 build instructions.

+22

assembly c #

mmcdole Jun 06 '09 at 5:48

source share

5 answers

Yes, see my detailed answer here
Main body: (without any P / Invoke or external links)

 public static unsafe int? InjectAndRunX86ASM(this Func<int> del, byte[] asm) { if (del != null) fixed (byte* ptr = &asm[0]) { FieldInfo _methodPtr = typeof(Delegate).GetField("_methodPtr", BindingFlags.NonPublic | BindingFlags.Instance); FieldInfo _methodPtrAux = typeof(Delegate).GetField("_methodPtrAux", BindingFlags.NonPublic | BindingFlags.Instance); _methodPtr.SetValue(del, ptr); _methodPtrAux.SetValue(del, ptr); return del(); } else return null; }

What can be used as follows:

 Func<int> del = () => 0; byte[] asm_bytes = new byte[] { 0xb8, 0x15, 0x03, 0x00, 0x00, 0xbb, 0x42, 0x00, 0x00, 0x00, 0x03, 0xc3 }; // mov eax, 315h // mov ebx, 42h // add eax, ebx // ret int? res = del.InjectAndRunX86ASM(asm_bytes); // should be 789 + 66 = 855

+2

Unknown6656 Sep 21 '16 at 20:26

source share

I suppose you can add a managed C ++ project to your solution and set the method using asm instructions. You can reference this project from any .Net project (and not just C #), so you can call this method from there.

0

okutane Jun 06 '09 at 6:08

source share

Yes.

Just use P / Invoke for winapi functions.

WriteProcessMemory or find a pointer to your buffer. Turn on the execution bit on the page (do not remember this function).

CreateThread on a pointer. WaitForObject (if you want it to be single-threaded).

0

Unknown Jun 06 '09 at 6:18

source share

No, but you can write an assembly in C ++ and call it from C #. See this example .

-one

Brian Jun 06 '09 at 6:10

source share

okutane · Accepted Answer · 2009-06-06 06:51

Just to answer Brian's request, the code from the leppie answer is rewritten link :

using System; using System.Collections.Generic; using System.Runtime.InteropServices; namespace DynamicX86 { class Program { const uint PAGE_EXECUTE_READWRITE = 0x40; const uint MEM_COMMIT = 0x1000; [DllImport("kernel32.dll", SetLastError = true)] static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect); private delegate int IntReturner(); static void Main(string[] args) { List<byte> bodyBuilder = new List<byte>(); bodyBuilder.Add(0xb8); bodyBuilder.AddRange(BitConverter.GetBytes(42)); bodyBuilder.Add(0xc3); byte[] body = bodyBuilder.ToArray(); IntPtr buf = VirtualAlloc(IntPtr.Zero, (uint)body.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE); Marshal.Copy(body, 0, buf, body.Length); IntReturner ptr = (IntReturner)Marshal.GetDelegateForFunctionPointer(buf, typeof(IntReturner)); Console.WriteLine(ptr()); } } }

Is it possible to execute an x86 build sequence from C #?

More articles: