'Converting C# into Powershell with DllImport involved
I've recently been working on a little side project to see if I can get a little memory editing to work with PowerShell. I put together a small script in C# that doesn't require administrative privileges and when ran, gives you max coins and diamonds in Hill Climb Racing.
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace HCRtest2
{
public class Programmmm
{
public static void Main()
{
[DllImport("kernel32.dll")]
static extern bool WriteProcessMemory(IntPtr hProcess, long lpBaseAddress, byte[] lpBuffer, uint nSize, out uint lpNumberOfBytesRead);
long BaseAddress;
IntPtr ProcessHandle;
Process process = Process.GetProcessesByName("HillClimbRacing")[0];
if (process.Handle.ToInt64() != 0L)
{
BaseAddress = process.MainModule.BaseAddress.ToInt64();
ProcessHandle = process.Handle;
uint num = 0U;
WriteProcessMemory(ProcessHandle, BaseAddress + 0x28CAD4, BitConverter.GetBytes(2147483647), 4U, out num);
WriteProcessMemory(ProcessHandle, BaseAddress + 0x28CAEC, BitConverter.GetBytes(2147483647), 4U, out num);
}
}
}
}
My challenge right now is to see if I can find a way to execute this code on my school laptop which doesn't have admin privileges or access to open unknown executables, but it does have access to PowerShell (nonadmin of course). I've been doing a lot of research but cant find a good way to port this script into PowerShell. If anyone has any good ideas please let me know because this is seriously getting on my nerves right now.
Solution 1:[1]
It's been a couple of months of on and off work, but I found out that everything has to be labeled as public and static, and along with that I was missing a method that was required to make sure the process would be properly opened, here's the working code that can be executed in Powershell.
$code = @"
using System;
using System.ComponentModel;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace HelloWorld
{
public class Program
{
public const int ProcessVMWrite = 0x0020;
public const int ProcessVMOperation = 0x0008;
[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool WriteProcessMemory
(
IntPtr hProcess,
long lpBaseAddress,
byte[] lpBuffer,
int nSize,
out int lpNumberOfBytesRead
);
[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess
(
int dwDesiredAccess,
bool bInheritHandle,
int dwProcessId
);
public static IntPtr Handle;
public static long BaseAddress;
public static void Main(){
Process process = Process.GetProcessesByName("HillClimbRacing")[0];
Handle = OpenProcess(ProcessVMOperation | ProcessVMWrite, false, process.Id);
BaseAddress = process.MainModule.BaseAddress.ToInt64();
int thingy = 0;
WriteProcessMemory(Handle, BaseAddress + 0x28CAD4L, BitConverter.GetBytes(2147483647), 4, out thingy);
WriteProcessMemory(Handle, BaseAddress + 0x28CAECL, BitConverter.GetBytes(2147483647), 4, out thingy);
}
}
}
"@
Add-Type -TypeDefinition $code -Language CSharp
iex "[HelloWorld.Program]::Main()"
Solution 2:[2]
This website provides an answer on how to play c# within a powershell session.
$code = @"
using System;
namespace HelloWorld
{
public class Program
{
public static void Main(){
Console.WriteLine("Hello world!");
}
}
}
"@
Add-Type -TypeDefinition $code -Language CSharp
iex "[HelloWorld.Program]::Main()"
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Nick |
| Solution 2 | 6ark |