DInvoke 1.0.2

.NET Framework 3.5 This package targets .NET Framework 3.5. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet add package DInvoke --version 1.0.2                

                    
                

            
NuGet\Install-Package DInvoke -Version 1.0.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="DInvoke" Version="1.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add DInvoke --version 1.0.2                

                    
                

            
#r "nuget: DInvoke, 1.0.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install DInvoke as a Cake Addin
#addin nuget:?package=DInvoke&version=1.0.2

// Install DInvoke as a Cake Tool
#tool nuget:?package=DInvoke&version=1.0.2

DInvoke

Dynamic replacement for PInvoke on Windows. DInvoke contains powerful primitives that may be combined intelligently to dynamically invoke unmanaged code from disk or from memory with careful precision. This may be used for many purposes such as PE parsing, intelligent dynamic API resolution, dynamically loading PE plugins at runtime, process injection, and avoiding API hooks.

Features:

  • Dynamically invoke unmanaged APIs without PInvoke
  • Primitives allowing for strategic API hook evasion
  • Manually map unmanaged PE modules from managed code
  • Map PE modules into sections backed by arbitrary modules on disk
  • Modular process injection API
  • Growing library of data structures, delegates, and function wrappers (please share 😃
  • .NET v3.5+ support

Conference talk (Staying # & Bringing Covert Injection Tradecraft to .NET): https://www.youtube.com/watch?v=FuxpMXTgV9s

Blog posts:

  1. Emulating Covert Operations - Dynamic Invocation (Avoiding PInvoke & API Hooks): https://thewover.github.io/Dynamic-Invoke/
  2. Coming soon.

This project was originally created for SharpSploit (https://github.com/cobbr/SharpSploit). With permission from the author(s), it is not hosted here as a standalone library and NuGet.

Credit

  • The Wover
  • FuzzySec (b33f)
  • cobbr
Product Compatible and additional computed target framework versions.
.NET Framework net35 is compatible.  net40 was computed.  net403 was computed.  net45 was computed.  net451 was computed.  net452 was computed.  net46 was computed.  net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories (5)

Showing the top 5 popular GitHub repositories that depend on DInvoke:

Repository Stars
jfmaes/SharpZipRunner
Executes position independent shellcode from an encrypted zip
Hagrid29/DuplicateDump
Dumping LSASS with a duplicated handle from custom LSA plugin
jfmaes/SharpHandler
ChoiSG/UuidShellcodeExec
PoC for UUID shellcode execution using DInvoke
fraktalcyber/Fransom
Fraktal's Ransomware Emulator
Version Downloads Last updated
1.0.4 5,372 10/29/2020
1.0.2 582 10/26/2020

Initial release.