[solitaryElite]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

[N1k7]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

Don't know about C#, but you can check this out. It's in C++, it's very trivial but gets the job done. Try porting it to C# to have fun.

https://cocomelonc.github.io/tutorial/20...ion-7.html

[putrid]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Scamming | Last IP: 172.7.7.248 | https://breachforums.hn/Forum-Ban-Appeals if you feel this is incorrect.

[N1k7]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

Exactly. Tools like dnSpy undresses the code with no effort.

[Vapulame]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

so in short , and am too tired to explain now but do your research, everything u said is wrong and/or outdated ideas.

[putrid]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

so in short , and am too tired to explain now but do your research, everything u said is wrong and/or outdated ideas.

You said everything I said is wrong, yet these are the true basics of PE injection.
With this being said, there are various methods for PE injection, some of which are more basic than others.
Process Hallowing consists of creating the targeted process in a suspended state and then following up with injection.
ATOM Bombing is another method used for process injection.
UserApcInject() can also be utilized.

a code injection technique that leverages Native APIs NtCreateSection, NtMapViewOfSection and RtlCreateUserThread.


Section is a memory block that is shared between processes and can be created with NtCreateSection API
Before a process can read/write to that block of memory, it has to map a view of the said section, which can be done with NtMapViewOfSection
Multiple processes can read from and write to the section through the mapped views.

High level overview of the technique:
Create a new memory section with RWX protection.
Map a view of the previously created section to the local malicious process with RW protection.
Map a view of the previously created section to a remote target process with RX protection.
Note that by mapping the views with RW (locally) and RX (in the target process) we do not need to allocate memory pages with RWX, which may be frowned upon by some EDRs.
Fill the view mapped in the local process with shellcode. By definition, the mapped view in the target process will get filled with the same shellcode
Create a remote thread in the target process and point it to the mapped view in the target process to trigger the shellcode

Best Regards, skid.

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Scamming | Last IP: 172.7.7.248 | https://breachforums.hn/Forum-Ban-Appeals if you feel this is incorrect.

[0x27]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

Not necessarily... but you sort of got the point across. <3

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: File an appeal

[notagh0st]

This is exactly what you're looking for: https://github.com/CuckooEXE/PopCalc

[Vapulame]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

so in short , and am too tired to explain now but do your research, everything u said is wrong and/or outdated ideas.

You said everything I said is wrong, yet these are the true basics of PE injection.
With this being said, there are various methods for PE injection, some of which are more basic than others.
Process Hallowing consists of creating the targeted process in a suspended state and then following up with injection.
ATOM Bombing is another method used for process injection.
UserApcInject() can also be utilized.

a code injection technique that leverages Native APIs NtCreateSection, NtMapViewOfSection and RtlCreateUserThread.


Section is a memory block that is shared between processes and can be created with NtCreateSection API
Before a process can read/write to that block of memory, it has to map a view of the said section, which can be done with NtMapViewOfSection
Multiple processes can read from and write to the section through the mapped views.

High level overview of the technique:
Create a new memory section with RWX protection.
Map a view of the previously created section to the local malicious process with RW protection.
Map a view of the previously created section to a remote target process with RX protection.
Note that by mapping the views with RW (locally) and RX (in the target process) we do not need to allocate memory pages with RWX, which may be frowned upon by some EDRs.
Fill the view mapped in the local process with shellcode. By definition, the mapped view in the target process will get filled with the same shellcode
Create a remote thread in the target process and point it to the mapped view in the target process to trigger the shellcode

Best Regards, skid.

so i'll explain why i said you're ideas are either outdated and or wrong, and instead of taking the opportunity to search on your own what could be that you're missing, u decided to get hurt and paste in the most chat gpt like explanation of the oldest and most detected injection technique and end it with "best regards, skid" xDDDD lol , ok since u won't do your research , one of the things you're missing is u can litearlly invoke unmanaged code from managed code , so u can call those APIs from c# as if it's in C/C++, while u said "there's no way to call these APIs", another wrong thing u said "c# is bad for malware in general" all am gonna say is BRUUUH  xDD , also " this is because of the dependencies that it requires to run cross-platform. " this is what i was referring to as out dated , plz do ur own research i don't even have time for this .net does compile natively , and am not eeeeeven gonna get into dount and shellcode that will load the CLR which will run .net assemblies, take it in a good way u might learn smthing new am not trying to insult u ffs i just wanted to point out that some ideas are soo outdated and u might learn smthing new if u put those ideas aside

peace out , your friendly skid from the hood xDD

[0x27]

hey,
hopefully I'm allowed to ask questions here

does anyone have an idea of how to make a simple DLL (class library) in C# that will run calculator or run any shell command when injected into any process.

In malware development specifically C# is not a native language; Meaning that there are no way to natively make system calls.
The entire .NET framework in general is bad to write malware in, this is because of the dependencies that it requires to run cross-platform.
What you're looking for is simple PE injection, which can be down with a few simple calls in a native language like C or C++.
...
OpenProcess()
VirtualAllocEx()
WriteProcessMemory()

https://learn.microsoft.com/en-us/window...cessmemory

so in short , and am too tired to explain now but do your research, everything u said is wrong and/or outdated ideas.

You said everything I said is wrong, yet these are the true basics of PE injection.
With this being said, there are various methods for PE injection, some of which are more basic than others.
Process Hallowing consists of creating the targeted process in a suspended state and then following up with injection.
ATOM Bombing is another method used for process injection.
UserApcInject() can also be utilized.

a code injection technique that leverages Native APIs NtCreateSection, NtMapViewOfSection and RtlCreateUserThread.


Section is a memory block that is shared between processes and can be created with NtCreateSection API
Before a process can read/write to that block of memory, it has to map a view of the said section, which can be done with NtMapViewOfSection
Multiple processes can read from and write to the section through the mapped views.

High level overview of the technique:
Create a new memory section with RWX protection.
Map a view of the previously created section to the local malicious process with RW protection.
Map a view of the previously created section to a remote target process with RX protection.
Note that by mapping the views with RW (locally) and RX (in the target process) we do not need to allocate memory pages with RWX, which may be frowned upon by some EDRs.
Fill the view mapped in the local process with shellcode. By definition, the mapped view in the target process will get filled with the same shellcode
Create a remote thread in the target process and point it to the mapped view in the target process to trigger the shellcode

Best Regards, skid.

so i'll explain why i said you're ideas are either outdated and or wrong, and instead of taking the opportunity to search on your own what could be that you're missing, u decided to get hurt and paste in the most chat gpt like explanation of the oldest and most detected injection technique and end it with "best regards, skid" xDDDD lol , ok since u won't do your research , one of the things you're missing is u can litearlly invoke unmanaged code from managed code , so u can call those APIs from c# as if it's in C/C++, while u said "there's no way to call these APIs", another wrong thing u said "c# is bad for malware in general" all am gonna say is BRUUUH  xDD , also " this is because of the dependencies that it requires to run cross-platform. " this is what i was referring to as out dated , plz do ur own research i don't even have time for this .net does compile natively , and am not eeeeeven gonna get into dount and shellcode that will load the CLR which will run .net assemblies, take it in a good way u might learn smthing new am not trying to insult u ffs i just wanted to point out that some ideas are soo outdated and u might learn smthing new if u put those ideas aside

peace out , your friendly skid from the hood xDD

Well said.

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: File an appeal