C#汇编类(一)(转)_My only happiness is near you.

查看文章

C#汇编类(一)(转)

2009-06-10 19:17

http://lotyong.googlepages.com/CsharpAsmClassLibrary.htm

using System;

using System.Collections.Generic;

using System.Text;

using System.Runtime.InteropServices;

namespace AsmClassLibrary
{

    public class AsmClass
    {
        #region API
        [DllImport("kernel32.dll", EntryPoint = "CloseHandle")]
        public static extern int CloseHandle(int hObject);

[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(

IntPtr hProcess,

IntPtr lpBaseAddress,

[In, Out] byte[] buffer,

int size,

out IntPtr lpNumberOfBytesWritten);

[DllImport("kernel32.dll")]
public static extern Int32 WriteProcessMemory(

int hProcess,

int lpBaseAddress,

byte[] buffer,

int size,

int lpNumberOfBytesWritten);

[DllImport("kernel32", EntryPoint = "CreateRemoteThread")]
public static extern int CreateRemoteThread(

int hProcess,

int lpThreadAttributes,

int dwStackSize,

int lpStartAddress,

int lpParameter,

int dwCreationFlags,

ref int lpThreadId

);

[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(

System.IntPtr hProcess,

System.Int32 lpAddress,

System.Int32 dwSize,

System.Int16 flAllocationType,

System.Int16 flProtect

);

[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualAllocEx(

int hProcess,

int lpAddress,

int dwSize,

int flAllocationType,

int flProtect

);

[DllImport("Kernel32.dll")]
public static extern System.Int32 VirtualFreeEx(

int hProcess,

int lpAddress,

int dwSize,

int flAllocationType

);

        /// <summary>
        /// 启动API
        /// </summary>
        /// <param name="dwDesiredAccess"></param>
        /// <param name="bInheritHandle"></param>
        /// <param name="dwProcessId"></param>
        /// <returns></returns>
        [DllImport("kernel32.dll", EntryPoint = "OpenProcess")]
        public static extern int OpenProcess(

int dwDesiredAccess,

int bInheritHandle,

int dwProcessId

);
#endregion

private const int PAGE_EXECUTE_READWRITE = 0x4;

private const int MEM_COMMIT = 4096;

private const int MEM_RELEASE = 0x8000;

private const int MEM_DECOMMIT = 0x4000;

private const int PROCESS_ALL_ACCESS = 0x1F0FFF;

private const int PROCESS_CREATE_THREAD = 0x2;

private const int PROCESS_VM_OPERATION = 0x8;

private const int PROCESS_VM_WRITE = 0x20;

        #region Asmcode
        private string _asmcode = "";
        public string AsmCode
        {
            get { return _asmcode; }
            set { _asmcode = value; }
        }
        #endregion

private string hex(int address)
{

string str = address.ToString("X");

return str;

}

public string intTohex(int value, int num)
{

string str1;

string str2 = "";

str1 = "0000000" + this.hex(value);

str1 = str1.Substring(str1.Length - num, num);

for (int i = 0; i < str1.Length / 2; i++)
{

str2 = str2 + str1.Substring(str1.Length - 2 - 2 * i, 2);

}

return str2;

}

public void SUB_ESP(int addre)
{

if ((addre <= 127) && (addre >= -128))
{

this.AsmCode = this.AsmCode + "83EC" + intTohex(addre, 2);

}

else
{

this.AsmCode = this.AsmCode + "81EC" + intTohex(addre, 8);

}

public void Nop()
{

this.AsmCode = this.AsmCode + "90";

}

public void RetA(int addre)
{

this.AsmCode = this.AsmCode + intTohex(addre, 4);

}

public void IN_AL_DX()
{

this.AsmCode = this.AsmCode + "EC";

}

public void TEST_EAX_EAX()
{

this.AsmCode = this.AsmCode + "85C0";

}

public void Leave()
{

this.AsmCode = this.AsmCode + "C9";

}

public void Pushad()
{

this.AsmCode = this.AsmCode + "60";

}

public void Popad()
{

this.AsmCode = this.AsmCode + "61";

}

public void Ret()
{

this.AsmCode = this.AsmCode + "C3";

}

类别：c#.net相关 | 添加到搜藏 | 浏览() | 评论 (0)

姓　名：	*姓名最长为50字节

网址或邮箱：	(选填)

内　容：

验证码：	请点击后输入四位验证码，字母不区分大小写看不清?
	取消回复