As mentioned above, DOTNETProgramThe shelling is closely related to the shelling of common PE files.
Most of the Traditional PE file dump is out-of-process dump. Here we will introduce the DOTNET Assembly shelling.
Use in-process dump.
So the first step is to inject the problem. How can we run our program in the target process?
I believe everyone is familiar with the traditional Win32 injection DLL,
Thanks to the features of C ++/CLI, we can inject our program into the target process in a traditional way.
Use vs2005 to create an mfc dll and enable CLR support in the project properties so that CLR can be used in this DLL.
This dll can be injected into the target process like a traditional DLL.
For how injection works, see here
Http://bbs.pediy.com/showthread.php? S = & threadid = 21123.
Another method of shellcode (Remote thread injection shellcode)
After the injection is started, our dumper dialog box is displayed.
Here, I use reflection to enumerate all programs in the current process and display their paths in the list.
You can refer to the textures in the previous post.