Invoke function from DLL with parameters

Question

I try to invoke and load functions from an Shellcode looks like that

public static byte[] uc = { 
0x4D,0x5A,0x90,0x00,0x03,0x00};//example

In this code are my classes and functions

I have found some invoke methods for dll files ,but how to load the functions from my shellcode(Shellcode from an c# dll)?

As example:

I have an dll and get an shelcode from it via

public static void WriteShell()
    {
        using (StreamWriter fs = new StreamWriter("shellcode.cs"))
        {
           byte[] Data = ReadFile("now.dll", GetSize("now.dll"));
              int  Size = GetSize("now.dll");
            fs.Write("public static class ShellCode\n{\n\t");

            fs.Write("public static byte[] ucShell = {\t");
            for (int i = 0; i < Size; ++i)
            {
                if (i != 0)
                {
                    fs.Write(',');
                }

                if ((i % 15) == 0)
                    fs.Write("\n\t");

                fs.Write("0x" + Data[i].ToString("X2"));
            }
            fs.Write("};");
            fs.Write("\n\n\tpublic const int ulSize = {0};\n", Size);
            fs.Write("}");
        }

the output is like this

  public static byte[] uc = { 
0x4D,0x5A,0x90,0x00,0x03,0x00};

in the dll i have a class and some functions, example a msgbox or something similar.

example:

public static class now
{
static void run()
        {
            Messagebox.Show("test");
        }

}

now i try to call this function with an invoke like this, Dynamically calling a dll and method with arguments

Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the [How to Ask](http://stackoverflow.com/help/how-to-ask) page for help clarifying this question. — Matias Cicero, Aug 09 '16 at 12:56
This may help you out: http://stackoverflow.com/a/1228348/3537915 — Pseudo Sudo, Aug 09 '16 at 13:05
i hope my edit clearify the problem. sorry my english is not the best :) — greenhorn, Aug 09 '16 at 13:10

AlexDev · Answer 1 · 2016-08-09T13:33:18.420

0

You can load an assembly from a byte[]. Load the assembly, then use reflection to find the function you want to call.

    var assembly = System.Reflection.Assembly.Load(uc);
    var nowType = assembly.GetType("now");
    nowType.InvokeMember("run", ...)

edited Aug 09 '16 at 13:33

answered Aug 09 '16 at 13:19

AlexDev

4,049
31
36

yes its like here http://www.codeproject.com/Articles/19911/Dynamically-Invoke-A-Method-Given-Strings-with-Met but how to do it whit my byte[] ? – greenhorn Aug 09 '16 at 13:30
@greenhorn I edited the code, now you have the type, and can do something similar to the codeproject article – AlexDev Aug 09 '16 at 13:38
yes i have this Assembly ba = Assembly.Load(uc); Type t = ba.GetType("Run"); MethodInfo m = t.GetMethod("HandleRun"); object Result = (bool)m.Invoke(null, new object[] {"", string.Empty, file, true }); But this dont work it trow me Object reference not set to an object instance – greenhorn Aug 09 '16 at 13:39

greenhorn · Answer 2 · 2016-08-09T14:01:51.393

0

So far

Now i have tryed this

 RuntimeHelpers.GetObjectValue(Assembly.Load(uc).GetType("Classname").GetMethod("Functionname").Invoke(null, new object[] { "some ", "params", true, "blabla" }));

maybe i need pause..... -.-

Okay now i have it, it was my fold i had forgett to declare the namespace ..... Thank you guys for your help!!!

edited Aug 09 '16 at 14:01

answered Aug 09 '16 at 13:49

greenhorn

11
3

Invoke function from DLL with parameters

2 Answers2