Source generator to add D/Invoke and indirect syscall methods to a C# project.
A game-changer for C# developers, CsWhispers is a source generator that effortlessly integrates D/Invoke and indirect syscall methods into your projects.
This article provides a quick start guide, demonstrates its powerful features, and explores the potential for extending its capabilities.
Join us on a journey to enhance your C# coding experience with CsWhispers.
Add the latest NuGet package to your project and allow unsafe code.
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net481</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>12</LangVersion>
</PropertyGroup>
<!-- CsWhispers package -->
<ItemGroup>
<PackageReference Include="CsWhispers" Version="0.0.2" />
</ItemGroup>
<!-- Allow unsafe code -->
<PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
</Project>
Create a file in your project called CsWhispers.txt
and set its build action properties to AdditionalFiles
.
<ItemGroup>
<None Remove="CsWhispers.txt" />
<AdditionalFiles Include="CsWhispers.txt" />
</ItemGroup>
Add each NT API and any supporting structs/enums that you want to be included in your project. Each must be on its own line, for example:
NtOpenProcess
HANDLE
NTSTATUS
CLIENT_ID
UNICODE_STRING
OBJECT_ATTRIBUTES
PWSTR
PCWSTR
Global namespaces are automatically added to allow for clean code.
public static unsafe void Main()
{
// use self as example
using var self = Process.GetCurrentProcess();
HANDLE hProcess;
OBJECT_ATTRIBUTES oa;
CLIENT_ID cid = new()
{
UniqueProcess = new HANDLE((IntPtr)self.Id)
};
var status = NtOpenProcess(
&hProcess,
PROCESS_ALL_ACCESS,
&oa,
&cid);
Console.WriteLine("Status: {0}", status.SeverityCode);
Console.WriteLine("HANDLE: 0x{0:X}", hProcess.Value.ToInt64());
}
CsWhispers includes a minimalised version of D/Invoke, so you may also call Generic.GetLibraryAddress
, Generic.DynamicFunctionInvoke
, etc.
All of the generated code goes into a partial CsWhispers.Syscalls
class, which you can extend to add your own APIs. For example, create MyAPIs.cs
and add:
namespace CsWhispers;
public static partial class Syscalls
{
public static NTSTATUS NtCreateThreadEx()
{
// whatever
return new NTSTATUS(0);
}
}
This can then be called in your main code without having to add any additional using statements.
namespace ConsoleApp1;
internal static class Program
{
public static void Main()
{
var status = NtCreateThreadEx();
}
}
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…