<?xml version="1.0"?>

<doc>

<assembly>

<name>SharpSploit</name>

</assembly>

<members>

<member name="T:SharpSploit.Execution.Assembly">

<summary>

Assembly is a library for loading .NET assemblies and executing methods contained within them.

</summary>

</member>

<member name="M:SharpSploit.Execution.Assembly.AssemblyExecute(System.Byte[],System.Object[])">

<summary>

Loads a specified .NET assembly byte array and executes the EntryPoint.

</summary>

<param name="AssemblyBytes">The .NET assembly byte array.</param>

<param name="Args">The arguments to pass to the assembly's EntryPoint.</param>

</member>

<member name="M:SharpSploit.Execution.Assembly.AssemblyExecute(System.Byte[],System.String,System.String,System.Object[])">

<summary>

Loads a specified .NET assembly byte array and executes a specified method within a

specified type with specified parameters.

</summary>

<param name="AssemblyBytes">The .NET assembly byte array.</param>

<param name="TypeName">The name of the type that contains the method to execute.</param>

<param name="MethodName">The name of the method to execute.</param>

<param name="Parameters">The parameters to pass to the method.</param>

<returns>GenericObjectResult of the method.</returns>

</member>

<member name="M:SharpSploit.Execution.Assembly.AssemblyExecute(System.String,System.String,System.String,System.Object[])">

<summary>

Loads a specified base64-encoded .NET assembly and executes a specified method within a

specified type with specified parameters.

</summary>

<param name="EncodedAssembly">The base64-encoded .NET assembly byte array.</param>

<param name="TypeName">The name of the type that contains the method to execute.</param>

<param name="MethodName">The name of the method to execute.</param>

<param name="Parameters">The parameters to pass to the method.</param>

<returns>GenericObjectResult of the method.</returns>

</member>

<member name="M:SharpSploit.Execution.Assembly.AssemblyExecute(System.String,System.Object[])">

<summary>

Loads a specified base64-encoded .NET assembly and executes the EntryPoint.

</summary>

<param name="EncodedAssembly">The base64-encoded .NET assembly byte array.</param>

<param name="Args">The arguments to pass to the assembly's EntryPoint.</param>

</member>

<member name="M:SharpSploit.Execution.Assembly.Load(System.Byte[])">

<summary>

Loads a specified .NET assembly byte array.

</summary>

<param name="AssemblyBytes">The .NET assembly byte array.</param>

<returns>Loaded assembly.</returns>

</member>

<member name="M:SharpSploit.Execution.Assembly.Load(System.String)">

<summary>

Loads a specified .NET assembly byte array.

</summary>

<param name="EncodedAssembly">The base64-encoded .NET assembly byte array.</param>

<returns>Loaded assembly.</returns>

</member>

<member name="T:SharpSploit.Execution.DynamicInvoke.Generic">

<summary>

Generic is a class for dynamically invoking arbitrary API calls from memory or disk. DynamicInvoke avoids suspicious

P/Invoke signatures, imports, and IAT entries by loading modules and invoking their functions at runtime.

</summary>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.DynamicAPIInvoke(System.String,System.String,System.Type,System.Object[]@)">

<summary>

Dynamically invoke an arbitrary function from a DLL, providing its name, function prototype, and arguments.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="DLLName">Name of the DLL.</param>

<param name="FunctionName">Name of the function.</param>

<param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>

<param name="Parameters">Parameters to pass to the function. Can be modified if function uses call by reference.</param>

<returns>Object returned by the function. Must be unmarshalled by the caller.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.DynamicFunctionInvoke(System.IntPtr,System.Type,System.Object[]@)">

<summary>

Dynamically invokes an arbitrary function from a pointer. Useful for manually mapped modules or loading/invoking unmanaged code from memory.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="FunctionPointer">A pointer to the unmanaged function.</param>

<param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>

<param name="Parameters">Arbitrary set of parameters to pass to the function. Can be modified if function uses call by reference.</param>

<returns>Object returned by the function. Must be unmarshalled by the caller.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.LoadModuleFromDisk(System.String)">

<summary>

Resolves LdrLoadDll and uses that function to load a DLL from disk.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="DLLPath">The path to the DLL on disk. Uses the LoadLibrary convention.</param>

<returns>IntPtr base address of the loaded module or IntPtr.Zero if the module was not loaded successfully.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetLibraryAddress(System.String,System.String,System.Boolean)">

<summary>

Helper for getting the pointer to a function from a DLL loaded by the process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="DLLName">The name of the DLL (e.g. "ntdll.dll" or "C:\Windows\System32\ntdll.dll").</param>

<param name="FunctionName">Name of the exported procedure.</param>

<param name="CanLoadFromDisk">Optional, indicates if the function can try to load the DLL from disk if it is not found in the loaded module list.</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetLibraryAddress(System.String,System.Int16,System.Boolean)">

<summary>

Helper for getting the pointer to a function from a DLL loaded by the process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="DLLName">The name of the DLL (e.g. "ntdll.dll" or "C:\Windows\System32\ntdll.dll").</param>

<param name="Ordinal">Ordinal of the exported procedure.</param>

<param name="CanLoadFromDisk">Optional, indicates if the function can try to load the DLL from disk if it is not found in the loaded module list.</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetLibraryAddress(System.String,System.String,System.Int64,System.Boolean)">

<summary>

Helper for getting the pointer to a function from a DLL loaded by the process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="DLLName">The name of the DLL (e.g. "ntdll.dll" or "C:\Windows\System32\ntdll.dll").</param>

<param name="FunctionHash">Hash of the exported procedure.</param>

<param name="Key">64-bit integer to initialize the keyed hash object (e.g. 0xabc or 0x1122334455667788).</param>

<param name="CanLoadFromDisk">Optional, indicates if the function can try to load the DLL from disk if it is not found in the loaded module list.</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetLoadedModuleAddress(System.String)">

<summary>

Helper for getting the base address of a module loaded by the current process. This base

address could be passed to GetProcAddress/LdrGetProcedureAddress or it could be used for

manual export parsing. This function uses the .NET System.Diagnostics.Process class.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="DLLName">The name of the DLL (e.g. "ntdll.dll").</param>

<returns>IntPtr base address of the loaded module or IntPtr.Zero if the module is not found.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetPebLdrModuleEntry(System.String)">

<summary>

Helper for getting the base address of a module loaded by the current process. This base

address could be passed to GetProcAddress/LdrGetProcedureAddress or it could be used for

manual export parsing. This function parses the _PEB_LDR_DATA structure.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="DLLName">The name of the DLL (e.g. "ntdll.dll").</param>

<returns>IntPtr base address of the loaded module or IntPtr.Zero if the module is not found.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetAPIHash(System.String,System.Int64)">

<summary>

Generate an HMAC-MD5 hash of the supplied string using an Int64 as the key. This is useful for unique hash based API lookups.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="APIName">API name to hash.</param>

<param name="Key">64-bit integer to initialize the keyed hash object (e.g. 0xabc or 0x1122334455667788).</param>

<returns>string, the computed MD5 hash value.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetExportAddress(System.IntPtr,System.String)">

<summary>

Given a module base address, resolve the address of a function by manually walking the module export table.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="ModuleBase">A pointer to the base address where the module is loaded in the current process.</param>

<param name="ExportName">The name of the export to search for (e.g. "NtAlertResumeThread").</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetExportAddress(System.IntPtr,System.Int16)">

<summary>

Given a module base address, resolve the address of a function by manually walking the module export table.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="ModuleBase">A pointer to the base address where the module is loaded in the current process.</param>

<param name="Ordinal">The ordinal number to search for (e.g. 0x136 -> ntdll!NtCreateThreadEx).</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetExportAddress(System.IntPtr,System.String,System.Int64)">

<summary>

Given a module base address, resolve the address of a function by manually walking the module export table.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="ModuleBase">A pointer to the base address where the module is loaded in the current process.</param>

<param name="FunctionHash">Hash of the exported procedure.</param>

<param name="Key">64-bit integer to initialize the keyed hash object (e.g. 0xabc or 0x1122334455667788).</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetNativeExportAddress(System.IntPtr,System.String)">

<summary>

Given a module base address, resolve the address of a function by calling LdrGetProcedureAddress.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="ModuleBase">A pointer to the base address where the module is loaded in the current process.</param>

<param name="ExportName">The name of the export to search for (e.g. "NtAlertResumeThread").</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetNativeExportAddress(System.IntPtr,System.Int16)">

<summary>

Given a module base address, resolve the address of a function by calling LdrGetProcedureAddress.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="ModuleBase">A pointer to the base address where the module is loaded in the current process.</param>

<param name="Ordinal">The ordinal number to search for (e.g. 0x136 -> ntdll!NtCreateThreadEx).</param>

<returns>IntPtr for the desired function.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetPeMetaData(System.IntPtr)">

<summary>

Retrieve PE header information from the module base pointer.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="pModule">Pointer to the module base.</param>

<returns>PE.PE_META_DATA</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetApiSetMapping">

<summary>

Resolve host DLL for API Set DLL.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<returns>Dictionary, a combination of Key:APISetDLL and Val:HostDLL.</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.CallMappedPEModule(SharpSploit.Execution.PE.PE_META_DATA,System.IntPtr)">

<summary>

Call a manually mapped PE by its EntryPoint.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>

<param name="ModuleMemoryBase">Base address of the module in memory.</param>

<returns>void</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.CallMappedDLLModule(SharpSploit.Execution.PE.PE_META_DATA,System.IntPtr)">

<summary>

Call a manually mapped DLL by DllMain -> DLL_PROCESS_ATTACH.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>

<param name="ModuleMemoryBase">Base address of the module in memory.</param>

<returns>void</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.CallMappedDLLModuleExport(SharpSploit.Execution.PE.PE_META_DATA,System.IntPtr,System.String,System.Type,System.Object[])">

<summary>

Call a manually mapped DLL by Export.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>

<param name="ModuleMemoryBase">Base address of the module in memory.</param>

<param name="ExportName">The name of the export to search for (e.g. "NtAlertResumeThread").</param>

<param name="FunctionDelegateType">Prototype for the function, represented as a Delegate object.</param>

<param name="Parameters">Arbitrary set of parameters to pass to the function. Can be modified if function uses call by reference.</param>

<returns>void</returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Generic.GetSyscallStub(System.String)">

<summary>

Read ntdll from disk, find/copy the appropriate syscall stub and free ntdll.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="FunctionName">The name of the function to search for (e.g. "NtAlertResumeThread").</param>

<returns>IntPtr, Syscall stub</returns>

</member>

<member name="T:SharpSploit.Execution.DynamicInvoke.Native">

<summary>

Contains function prototypes and wrapper functions for dynamically invoking NT API Calls.

</summary>

</member>

<member name="T:SharpSploit.Execution.DynamicInvoke.Native.DELEGATES">

<summary>

Holds delegates for API calls in the NT Layer.

Must be public so that they may be used with SharpSploit.Execution.DynamicInvoke.Generic.DynamicFunctionInvoke

</summary>

<example>

// These delegates may also be used directly.

// Get a pointer to the NtCreateThreadEx function.

IntPtr pFunction = Execution.DynamicInvoke.Generic.GetLibraryAddress(@"ntdll.dll", "NtCreateThreadEx");

// Create an instance of a NtCreateThreadEx delegate from our function pointer.

DELEGATES.NtCreateThreadEx createThread = (NATIVE_DELEGATES.NtCreateThreadEx)Marshal.GetDelegateForFunctionPointer(

pFunction, typeof(NATIVE_DELEGATES.NtCreateThreadEx));

// Invoke NtCreateThreadEx using the delegate

createThread(ref threadHandle, Execute.Win32.WinNT.ACCESS_MASK.SPECIFIC_RIGHTS_ALL | Execute.Win32.WinNT.ACCESS_MASK.STANDARD_RIGHTS_ALL, IntPtr.Zero,

procHandle, startAddress, IntPtr.Zero, Execute.Native.NT_CREATION_FLAGS.HIDE_FROM_DEBUGGER, 0, 0, 0, IntPtr.Zero);

</example>

</member>

<member name="T:SharpSploit.Execution.DynamicInvoke.Win32">

<summary>

Contains function prototypes and wrapper functions for dynamically invoking Win32 API Calls.

</summary>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Win32.OpenProcess(SharpSploit.Execution.Win32.Kernel32.ProcessAccessFlags,System.Boolean,System.UInt32)">

<summary>

Uses DynamicInvocation to call the OpenProcess Win32 API. https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="dwDesiredAccess"></param>

<param name="bInheritHandle"></param>

<param name="dwProcessId"></param>

<returns></returns>

</member>

<member name="M:SharpSploit.Execution.DynamicInvoke.Win32.IsWow64Process(System.IntPtr,System.Boolean@)">

<summary>

Uses DynamicInvocation to call the IsWow64Process Win32 API. https://docs.microsoft.com/en-us/windows/win32/api/wow64apiset/nf-wow64apiset-iswow64process

</summary>

<returns>Returns true if process is WOW64, and false if not (64-bit, or 32-bit on a 32-bit machine).</returns>

</member>

<member name="T:SharpSploit.Execution.Injection.AllocationTechnique">

<summary>

Base class for allocation techniques.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.AllocationTechnique.IsSupportedPayloadType(SharpSploit.Execution.Injection.PayloadType)">

<summary>

Informs objects using this technique whether or not it supports the type of a particular payload.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">A payload.</param>

<returns>Whether or not the payload is of a supported type for this strategy.</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.AllocationTechnique.DefineSupportedPayloadTypes">

<summary>

Internal method for setting the supported payload types. Used in constructors.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="M:SharpSploit.Execution.Injection.AllocationTechnique.Allocate(SharpSploit.Execution.Injection.PayloadType,System.Diagnostics.Process,System.IntPtr)">

<summary>

Allocate the payload to the target process at a specified address.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The payload to allocate to the target process.</param>

<param name="Process">The target process.</param>

<param name="Address">The address at which to allocate the payload in the target process.</param>

<returns>True when allocation was successful. Otherwise, throws relevant exceptions.</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.AllocationTechnique.Allocate(SharpSploit.Execution.Injection.PayloadType,System.Diagnostics.Process)">

<summary>

Allocate the payload to the target process.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The payload to allocate to the target process.</param>

<param name="Process">The target process.</param>

<returns>Base address of allocated memory within the target process's virtual memory space.</returns>

</member>

<member name="T:SharpSploit.Execution.Injection.SectionMapAlloc">

<summary>

Allocates a payload to a target process using locally-written, remotely-copied shared memory sections.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.#ctor">

<summary>

Default constructor.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.#ctor(System.UInt32,System.UInt32,System.UInt32)">

<summary>

Constructor allowing options as arguments.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.IsSupportedPayloadType(SharpSploit.Execution.Injection.PayloadType)">

<summary>

States whether the payload is supported.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">Payload that will be allocated.</param>

<returns></returns>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.DefineSupportedPayloadTypes">

<summary>

Internal method for setting the supported payload types. Used in constructors.

Update when new types of payloads are added.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.Allocate(SharpSploit.Execution.Injection.PayloadType,System.Diagnostics.Process)">

<summary>

Allocate the payload to the target process. Handles unknown payload types.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The payload to allocate to the target process.</param>

<param name="Process">The target process.</param>

<returns>Base address of allocated memory within the target process's virtual memory space.</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.Allocate(SharpSploit.Execution.Injection.PICPayload,System.Diagnostics.Process,System.IntPtr)">

<summary>

Allocate the payload in the target process.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The PIC payload to allocate to the target process.</param>

<param name="Process">The target process.</param>

<param name="PreferredAddress">The preferred address at which to allocate the payload in the target process.</param>

<returns>Base address of allocated memory within the target process's virtual memory space.</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.CreateSection(System.UInt64,System.UInt32)">

<summary>

Creates a new Section.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="size">Max size of the Section.</param>

<param name="allocationAttributes">Section attributes (eg. Win32.WinNT.SEC_COMMIT).</param>

<returns></returns>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.MapSection(System.IntPtr,System.IntPtr,System.UInt32,System.IntPtr,System.UInt64)">

<summary>

Maps a view of a section to the target process.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="procHandle">Handle the process that the section will be mapped to.</param>

<param name="sectionHandle">Handle to the section.</param>

<param name="protection">What permissions to use on the view.</param>

<param name="addr">Optional parameter to specify the address of where to map the view.</param>

<param name="sizeData">Size of the view to map. Must be smaller than the max Section size.</param>

<returns>A struct containing address and size of the mapped view.</returns>

</member>

<member name="T:SharpSploit.Execution.Injection.SectionMapAlloc.SectionDetails">

<summary>

Holds the data returned from NtMapViewOfSection.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.SectionMapAlloc.UnmapSection(System.IntPtr,System.IntPtr)">

<summary>

Unmaps a view of a section from a process.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="hProc">Process to which the view has been mapped.</param>

<param name="baseAddr">Address of the view (relative to the target process)</param>

<returns></returns>

</member>

<member name="T:SharpSploit.Execution.Injection.ExecutionTechnique">

<summary>

Base class for Injection strategies.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.ExecutionTechnique.IsSupportedPayloadType(SharpSploit.Execution.Injection.PayloadType)">

<summary>

Informs objects using this technique whether or not it supports the type of a particular payload.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="payload">A payload.</param>

<returns>Whether or not the payload is of a supported type for this strategy.</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.ExecutionTechnique.DefineSupportedPayloadTypes">

<summary>

Internal method for setting the supported payload types. Used in constructors.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="M:SharpSploit.Execution.Injection.ExecutionTechnique.Inject(SharpSploit.Execution.Injection.PayloadType,SharpSploit.Execution.Injection.AllocationTechnique,System.Diagnostics.Process)">

<summary>

Inject and execute a payload in the target process using a specific allocation technique.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The type of payload to execute.</param>

<param name="AllocationTechnique">The allocation technique to use.</param>

<param name="Process">The target process.</param>

<returns>bool</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.ExecutionTechnique.Inject(SharpSploit.Execution.Injection.PayloadType,System.IntPtr,System.Diagnostics.Process)">

<summary>

Execute a payload in the target process at a specified address.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The type of payload to execute.</param>

<param name="BaseAddress">The base address of the payload.</param>

<param name="Process">The target process.</param>

<returns>bool</returns>

</member>

<member name="M:SharpSploit.Execution.Injection.ExecutionTechnique.Inject(SharpSploit.Execution.Injection.PayloadType,SharpSploit.Execution.Injection.AllocationTechnique)">

<summary>

Execute a payload in the current process using a specific allocation technique.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The type of payload to execute.</param>

<param name="AllocationTechnique">The allocation technique to use.</param>

<returns></returns>

</member>

<member name="T:SharpSploit.Execution.Injection.RemoteThreadCreate">

<summary>

Executes a payload in a remote process by creating a new thread. Allows the user to specify which API call to use for remote thread creation.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.RemoteThreadCreate.#ctor">

<summary>

Default constructor.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.RemoteThreadCreate.#ctor(System.Boolean,SharpSploit.Execution.Injection.RemoteThreadCreate.APIS)">

<summary>

Constructor allowing options as arguments.

</summary>

</member>

<member name="M:SharpSploit.Execution.Injection.RemoteThreadCreate.IsSupportedPayloadType(SharpSploit.Execution.Injection.PayloadType)">

<summary>

States whether the payload is supported.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">Payload that will be allocated.</param>

<returns></returns>

</member>

<member name="M:SharpSploit.Execution.Injection.RemoteThreadCreate.DefineSupportedPayloadTypes">

<summary>

Internal method for setting the supported payload types. Used in constructors.

Update when new types of payloads are added.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="M:SharpSploit.Execution.Injection.RemoteThreadCreate.Inject(SharpSploit.Execution.Injection.PICPayload,System.IntPtr,System.Diagnostics.Process)">

<summary>

Create a thread in the remote process.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload">The shellcode payload to execute in the target process.</param>

<param name="BaseAddress">The address of the shellcode in the target process.</param>

<param name="Process">The target process to inject into.</param>

<returns></returns>

</member>

<member name="T:SharpSploit.Execution.Injection.Injector">

<summary>

Provides static functions for performing injection using a combination of Allocation and Execution components.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="M:SharpSploit.Execution.Injection.Injector.Inject(SharpSploit.Execution.Injection.PayloadType,SharpSploit.Execution.Injection.AllocationTechnique,SharpSploit.Execution.Injection.ExecutionTechnique,System.Diagnostics.Process)">

<summary>

Inject a payload into a target process using a specified allocation and execution technique.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="Payload"></param>

<param name="AllocationTechnique"></param>

<param name="ExecutionTechnique"></param>

<param name="Process"></param>

<returns></returns>

</member>

<member name="M:SharpSploit.Execution.Injection.Injector.Inject(SharpSploit.Execution.Injection.PayloadType,SharpSploit.Execution.Injection.AllocationTechnique,SharpSploit.Execution.Injection.ExecutionTechnique)">

<summary>

Inject a payload into the current process using a specified allocation and execution technique.

</summary>

<param name="Payload"></param>

<param name="AllocationTechnique"></param>

<param name="ExecutionTechnique"></param>

<returns></returns>

</member>

<member name="T:SharpSploit.Execution.Injection.PayloadType">

<summary>

Base class for all types of payloads.

Variants are responsible for specifying what types of payloads they support.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="T:SharpSploit.Execution.Injection.PICPayload">

<summary>

Represents payloads that are position-independent-code.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="T:SharpSploit.Execution.Injection.PayloadTypeNotSupported">

<summary>

Exception thrown when the type of a payload is not supported by a injection variant.

</summary>

<author>The Wover (@TheRealWover)</author>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleFromDisk(System.String)">

<summary>

Maps a DLL from disk into a Section using NtCreateSection.

</summary>

<author>The Wover (@TheRealWover), Ruben Boonen (@FuzzySec)</author>

<param name="DLLPath">Full path fo the DLL on disk.</param>

<returns>PE.PE_MANUAL_MAP</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.AllocateFileToMemory(System.String)">

<summary>

Allocate file to memory from disk

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="FilePath">Full path to the file to be alloacted.</param>

<returns>IntPtr base address of the allocated file.</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.AllocateBytesToMemory(System.Byte[])">

<summary>

Allocate a byte array to memory

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="FileByteArray">Byte array to be allocated.</param>

<returns>IntPtr base address of the allocated file.</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.RelocateModule(SharpSploit.Execution.PE.PE_META_DATA,System.IntPtr,System.IntPtr)">

<summary>

Relocates a module in memory.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>

<param name="ModuleMemoryBase">Base address of the module in memory.</param>

<returns>void</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.RewriteModuleIAT(SharpSploit.Execution.PE.PE_META_DATA,System.IntPtr)">

<summary>

Rewrite IAT for manually mapped module.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>

<param name="ModuleMemoryBase">Base address of the module in memory.</param>

<returns>void</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.SetModuleSectionPermissions(SharpSploit.Execution.PE.PE_META_DATA,System.IntPtr)">

<summary>

Set correct module section permissions.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="PEINFO">Module meta data struct (PE.PE_META_DATA).</param>

<param name="ModuleMemoryBase">Base address of the module in memory.</param>

<returns>void</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleToMemory(System.String)">

<summary>

Manually map module into current process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="ModulePath">Full path to the module on disk.</param>

<returns>PE_MANUAL_MAP object</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleToMemory(System.Byte[])">

<summary>

Manually map module into current process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="Module">Full byte array of the module.</param>

<returns>PE_MANUAL_MAP object</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleToMemory(System.Byte[],System.IntPtr)">

<summary>

Manually map module into current process starting at the specified base address.

</summary>

<author>The Wover (@TheRealWover), Ruben Boonen (@FuzzySec)</author>

<param name="Module">Full byte array of the module.</param>

<param name="pImage">Address in memory to map module to.</param>

<returns>PE_MANUAL_MAP object</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleToMemory(System.IntPtr)">

<summary>

Manually map module into current process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="pModule">Pointer to the module base.</param>

<returns>PE_MANUAL_MAP object</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleToMemory(System.IntPtr,System.IntPtr)">

<summary>

Manually map module into current process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="pModule">Pointer to the module base.</param>

<param name="pImage">Pointer to the PEINFO image.</param>

<returns>PE_MANUAL_MAP object</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Map.MapModuleToMemory(System.IntPtr,System.IntPtr,SharpSploit.Execution.PE.PE_META_DATA)">

<summary>

Manually map module into current process.

</summary>

<author>Ruben Boonen (@FuzzySec)</author>

<param name="pModule">Pointer to the module base.</param>

<param name="pImage">Pointer to the PEINFO image.</param>

<param name="PEINFO">PE_META_DATA of the module being mapped.</param>

<returns>PE_MANUAL_MAP object</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Overload.FindDecoyModule(System.Int64)">

<summary>

Locate a signed module with a minimum size which can be used for overloading.

</summary>

<author>The Wover (@TheRealWover)</author>

<param name="MinSize">Minimum module byte size.</param>

<returns>

String, the full path for the candidate module if one is found, or an empty string if one is not found.

</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Overload.OverloadModule(System.String,System.String)">

<summary>

Load a signed decoy module into memory, creating legitimate file-backed memory sections within the process. Afterwards overload that

module by manually mapping a payload in it's place causing the payload to execute from what appears to be file-backed memory.

</summary>

<author>The Wover (@TheRealWover), Ruben Boonen (@FuzzySec)</author>

<param name="PayloadPath">Full path to the payload module on disk.</param>

<param name="DecoyModulePath">Optional, full path the decoy module to overload in memory.</param>

<returns>PE.PE_MANUAL_MAP</returns>

</member>

<member name="M:SharpSploit.Execution.ManualMap.Overload.OverloadModule(System.Byte[],System.String)">

<summary>

Load a signed decoy module into memory creating legitimate file-backed memory sections within the process. Afterwards overload that

module by manually mapping a payload in it's place causing the payload to execute from what appears to be file-backed memory.

</summary>

<author>The Wover (@TheRealWover), Ruben Boonen (@FuzzySec)</author>

<param name="Payload">Full byte array for the payload module.</param>

<param name="DecoyModulePath">Optional, full path the decoy module to overload in memory.</param>

<returns>PE.PE_MANUAL_MAP</returns>

</member>

<member name="T:SharpSploit.Execution.Native">

<summary>

Native is a library of enums and structures for Native (NtDll) API functions.

</summary>

<remarks>

A majority of this library is adapted from signatures found at www.pinvoke.net.

</remarks>

</member>

<member name="T:SharpSploit.Execution.Native.NT_CREATION_FLAGS">

<summary>

NT_CREATION_FLAGS is an undocumented enum. https://processhacker.sourceforge.io/doc/ntpsapi_8h_source.html

</summary>

</member>

<member name="T:SharpSploit.Execution.Native.NTSTATUS">

<summary>

NTSTATUS is an undocument enum. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55

https://www.pinvoke.net/default.aspx/Enums/NtStatus.html

</summary>

</member>

<member name="T:SharpSploit.Execution.PE">

<summary>

PE is a library for loading PEs in memory. It currently only work for the Mimikatz PE, not for arbitrary PEs.

</summary>

<remarks>

PE has been adapted from Casey Smith's (@subtee) PELoader which is no longer available online. However, Chris Ross'

(@xorrior) fork is available here: https://github.com/xorrior/Random-CSharpTools/tree/master/DllLoader/DllLoader

</remarks>

</member>

<member name="P:SharpSploit.Execution.PE.OptionalHeader32">

Gets the optional header

</member>

<member name="P:SharpSploit.Execution.PE.OptionalHeader64">

Gets the optional header

</member>

<member name="F:SharpSploit.Execution.PE.dosHeader">

The DOS header

</member>

<member name="M:SharpSploit.Execution.PE.#ctor(System.Byte[])">

<summary>

PE Constructor

</summary>

<param name="PEBytes">PE raw bytes.</param>

</member>

<member name="M:SharpSploit.Execution.PE.Load(System.Byte[])">

<summary>

Loads a PE with a specified byte array. (Requires Admin) **(*Currently broken. Works for Mimikatz, but not arbitrary PEs*)

</summary>

<param name="PEBytes"></param>

<returns>PE</returns>

</member>

<member name="M:SharpSploit.Execution.PE.GetFunctionExport(System.String)">

<summary>

Gets a pointer to an exported function in the PE. Useful to call specific exported functions after loading the PE.

</summary>

<param name="funcName">Name of the function to get a pointer for.</param>

<returns>Pointer to the function.</returns>

</member>

<member name="M:SharpSploit.Execution.PlatformInvoke.Native.NtCreateThreadEx(System.IntPtr@,SharpSploit.Execution.Win32.WinNT.ACCESS_MASK,System.IntPtr,System.IntPtr,System.IntPtr,System.IntPtr,System.Boolean,System.Int32,System.Int32,System.Int32,System.IntPtr)">

<summary>

NTCreateThreadEx is an undocumented function. Created by Microsoft to be a universal, cross-session solution

for remote thread creation.

</summary>

<param name="threadHandle"></param>

<param name="desiredAccess"></param>

<param name="objectAttributes"></param>

<param name="processHandle"></param>

<param name="startAddress"></param>

<param name="parameter"></param>

<param name="createSuspended"></param>

<param name="stackZeroBits"></param>

<param name="sizeOfStack"></param>

<param name="maximumStackSize"></param>

<param name="attributeList"></param>

<returns></returns>

</member>

<member name="T:SharpSploit.Execution.PlatformInvoke.Win32">

<summary>

Win32 is a library of PInvoke signatures for Win32 API functions.

</summary>

<remarks>

A majority of this library is adapted from signatures found at www.pinvoke.net.

</remarks>

</member>

<member name="T:SharpSploit.Execution.ShellCode">

<summary>

ShellCode includes a method for executing shellcode.

</summary>

</member>

<member name="M:SharpSploit.Execution.ShellCode.ShellCodeExecute(System.Byte[])">

<summary>

Executes a specified ShellCode byte array by copying it to pinned memory, modifying the memory

permissions with VirtualProtect(), and executing using a delegate.

</summary>

<param name="ShellCode">ShellCode byte array to execute.</param>

<returns>Boolean. True if execution succeeds, false otherwise.</returns>

<remarks>Based upon code written by Matt Nelson (@enigma0x3) and Matt Graeber (@mattifestation).</remarks>

</member>

<member name="T:SharpSploit.Execution.Win32">

<summary>

Win32 is a library of enums and structures for Win32 API functions.

</summary>

<remarks>

A majority of this library is adapted from signatures found at www.pinvoke.net.

</remarks>

</member>

<member name="T:SharpSploit.Generic.GenericObjectResult">

<summary>

GenericObjectResult for listing objects whose type is unknown at compile time.

</summary>

</member>

<member name="T:SharpSploit.Generic.SharpSploitResultList`1">

<summary>

SharpSploitResultList extends the IList interface for SharpSploitResults to easily

format a list of results from various SharpSploit functions.

</summary>

<typeparam name="T"></typeparam>

</member>

<member name="M:SharpSploit.Generic.SharpSploitResultList`1.FormatList">

<summary>

Formats a SharpSploitResultList to a string similar to PowerShell's Format-List function.

</summary>

<returns>string</returns>

</member>

<member name="M:SharpSploit.Generic.SharpSploitResultList`1.ToString">

<summary>

Formats a SharpSploitResultList as a string. Overrides ToString() for convenience.

</summary>

<returns>string</returns>

</member>

<member name="T:SharpSploit.Generic.SharpSploitResult">

<summary>

Abstract class that represents a result from a SharpSploit function.

</summary>

</member>

<member name="T:SharpSploit.Generic.SharpSploitResultProperty">

<summary>

SharpSploitResultProperty represents a property that is a member of a SharpSploitResult's ResultProperties.

</summary>

</member>

<member name="T:SharpSploit.Misc.CountdownEvent">

<summary>

CountdownEvent is used for counting Asynchronous operations

</summary>

<remarks>

Adapted from https://stackoverflow.com/questions/6790499

</remarks>

</member>

<member name="M:SharpSploit.Misc.Utilities.FileHasValidSignature(System.String)">

<summary>

Checks that a file is signed and has a valid signature.

</summary>

<param name="FilePath">Path of file to check.</param>

<returns></returns>

</member>

</members>

</doc>