CsWhispers 0.0.3
dotnet add package CsWhispers --version 0.0.3
NuGet\Install-Package CsWhispers -Version 0.0.3
<PackageReference Include="CsWhispers" Version="0.0.3" />
paket add CsWhispers --version 0.0.3
#r "nuget: CsWhispers, 0.0.3"
// Install CsWhispers as a Cake Addin
#addin nuget:?package=CsWhispers&version=0.0.3
// Install CsWhispers as a Cake Tool
#tool nuget:?package=CsWhispers&version=0.0.3
CsWhispers
Source generator to add D/Invoke and indirect syscall methods to a C# project.
Quick Start
Add the latest NuGet package to your project and allow unsafe code.
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net481</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LangVersion>12</LangVersion>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="CsWhispers" Version="0.0.3" />
</ItemGroup>
<PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
</PropertyGroup>
</Project>
Create a file in your project called CsWhispers.txt and set its build action properties to AdditionalFiles.
<ItemGroup>
<None Remove="CsWhispers.txt" />
<AdditionalFiles Include="CsWhispers.txt" />
</ItemGroup>
Add each NT API and any supporting structs/enums that you want to be included in your project. Each must be on its own line, for example:
NtOpenProcess
HANDLE
NTSTATUS
CLIENT_ID
UNICODE_STRING
OBJECT_ATTRIBUTES
PWSTR
PCWSTR
See the project Wiki for a full list of supported APIs.
Global namespaces are automatically added to allow for clean code.
public static unsafe void Main()
{
// use self as example
using var self = Process.GetCurrentProcess();
HANDLE hProcess;
OBJECT_ATTRIBUTES oa;
CLIENT_ID cid = new()
{
UniqueProcess = new HANDLE((IntPtr)self.Id)
};
var status = NtOpenProcess(
&hProcess,
PROCESS_ALL_ACCESS,
&oa,
&cid);
Console.WriteLine("Status: {0}", status.SeverityCode);
Console.WriteLine("HANDLE: 0x{0:X}", hProcess.Value.ToInt64());
}
D/Invoke
CsWhispers includes a minimalised version of D/Invoke, so you may also call Generic.GetLibraryAddress, Generic.DynamicFunctionInvoke, etc.
Extending
All of the generated code goes into a partial CsWhispers.Syscalls class, which you can extend to add your own APIs. For example, create MyAPIs.cs and add:
namespace CsWhispers;
public static partial class Syscalls
{
public static NTSTATUS NtCreateThreadEx()
{
// whatever
return new NTSTATUS(0);
}
}
This can then be called in your main code without having to add any additional using statements.
namespace ConsoleApp1;
internal static class Program
{
public static void Main()
{
var status = NtCreateThreadEx();
}
}
TODO
- Add 32-bit support.
- Randomise API hashes on each build.
- Add additional configuration options to choose between direct and indirect syscalls.
- Implicitly add structs/enums for APIs without having to declare them in
CsWhispers.txt.
Acknowledgements
This project was inspired by the previous versions of SysWhipsers and SharpWhispers in particular. So hat's off to @Jackson_T, @KlezVirus, @d_glenx, and everyone else that has contribured code and/or ideas.
Learn more about Target Frameworks and .NET Standard.
-
.NETStandard 2.0
- Microsoft.CodeAnalysis.CSharp (>= 4.8.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.