Click here to Skip to main content
11,491,598 members (73,946 online)
Click here to Skip to main content

Execute Native Code From .NET

, 29 Aug 2004 76.1K 27
Rate this:
Please Sign up or sign in to vote.
Explains how to execute native code from a .NET program.

Introduction

If you want to prevent your program from being cracked by hackers, you can use native code. You can cipher/decipher this code, or it may be self-modifying code for more safety. Now, I'll show how you can execute such native code from your C# programs.

Source code

This example retrieves CPU information.

private void button1_Click(object sender, System.EventArgs e)
{
  // native function's compiled code

  byte[] proc = new byte[] {

               0x55, 0x8B, 0xEC, 0x83, 0xEC, 0x00, 0x53, 0x51, 
               0x52, 0x57, 0x8B, 0x7D, 0x08, 0x33, 0xC0, 0x0F, 
               0xA2, 0x89, 0x07, 0x89, 0x5F, 0x04, 0x89, 0x57, 
               0x08, 0x89, 0x4F, 0x0C, 0xB8, 0x01, 0x00, 0x00, 
               0x00, 0x0F, 0xA2, 0x89, 0x47, 0x10, 0x89, 0x57, 
               0x14, 0xB8, 0x00, 0x00, 0x00, 0x80, 0x0F, 0xA2, 
               0x3D, 0x00, 0x00, 0x00, 0x80, 0x72, 0x0A, 0xB8, 
               0x01, 0x00, 0x00, 0x80, 0x0F, 0xA2, 0x89, 0x57, 
               0x18, 0x5F, 0x59, 0x5B, 0x5A, 0x8B, 0xE5, 0x5D, 
               0x33, 0xC0, 0xC2, 0x04, 0x00
                                  };
  UInt32 funcAddr = VirtualAlloc(0, (UInt32)proc.Length, 
                    MEM_COMMIT, PAGE_EXECUTE_READWRITE);
  Marshal.Copy(proc, 0, (IntPtr)(funcAddr), proc.Length);
  IntPtr hThread = IntPtr.Zero;
  UInt32 threadId = 0;
  // prepare data

  PROCESSOR_INFO info = new PROCESSOR_INFO();

  IntPtr pinfo = 
    Marshal.AllocHGlobal(Marshal.SizeOf(typeof(PROCESSOR_INFO)));

  Marshal.StructureToPtr(info, pinfo, false);

  // execute native code

  hThread = CreateThread(0, 0, funcAddr, pinfo, 0, ref threadId);

  WaitForSingleObject(hThread, 0xFFFFFFFF);
  // retrive data

  info = (PROCESSOR_INFO)Marshal.PtrToStructure(pinfo, 
                              typeof(PROCESSOR_INFO));

  Marshal.FreeHGlobal(pinfo);
  CloseHandle(hThread);
  VirtualFree((IntPtr)funcAddr, 0, MEM_RELEASE);
}

private UInt32 MEM_COMMIT = 0x1000;

private UInt32 PAGE_EXECUTE_READWRITE = 0x40;

private UInt32 MEM_RELEASE = 0x8000;

[DllImport("kernel32")]
private static extern UInt32 VirtualAlloc(UInt32 lpStartAddr, 
     UInt32 size, UInt32 flAllocationType, UInt32 flProtect);

[DllImport("kernel32")]
private static extern bool VirtualFree(IntPtr lpAddress, 
                      UInt32 dwSize, UInt32 dwFreeType);

[DllImport("kernel32")]
private static extern IntPtr CreateThread(

  UInt32 lpThreadAttributes,
  UInt32 dwStackSize,
  UInt32 lpStartAddress,
  IntPtr param,
  UInt32 dwCreationFlags,
  ref UInt32 lpThreadId

  );
[DllImport("kernel32")]
private static extern bool CloseHandle(IntPtr handle);

[DllImport("kernel32")]
private static extern UInt32 WaitForSingleObject(

  IntPtr hHandle,
  UInt32 dwMilliseconds
  );
[DllImport("kernel32")]
private static extern IntPtr GetModuleHandle(

  string moduleName

  );
[DllImport("kernel32")]
private static extern UInt32 GetProcAddress(

  IntPtr hModule,
  string procName

  );
[DllImport("kernel32")]
private static extern UInt32 LoadLibrary(

  string lpFileName

  );
[DllImport("kernel32")]
private static extern UInt32 GetLastError();

[StructLayout(LayoutKind.Sequential)]
internal struct PROCESSOR_INFO 
{
  public UInt32 dwMax; 
  public UInt32 id0;
  public UInt32 id1;
  public UInt32 id2;

  public UInt32 dwStandard;
  public UInt32 dwFeature;

  // if AMD
  public UInt32 dwExt;
}

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author

Maxim Alekseykin
Team Leader
Russian Federation Russian Federation
MCAD

Now is looking for remote job.

- C++/C#, VB/VBA, SQL Server/Access databases.
- automatic testing, code review
- performance tuning
max.uk2005@gmail.com
-

Comments and Discussions

 
GeneralPROCESSOR_INFO SIZE!!!! Pin
fuck bill gates22-Jan-09 1:49
memberfuck bill gates22-Jan-09 1:49 
on WinCe 5.0
PROCESSOR_INFO has 576 bytes length Smile | :)
and a lot of WCHAR fields each 40 chars Smile | :)
Questionhow I do to execute a EXE from inside my application? Pin
sebastiannielsen12-Jul-08 3:43
membersebastiannielsen12-Jul-08 3:43 
AnswerRe: how I do to execute a EXE from inside my application? Pin
Maxim Alekseykin14-Jul-08 4:04
memberMaxim Alekseykin14-Jul-08 4:04 
GeneralWhere did you get the proc binary Pin
I like it2-Nov-05 7:18
memberI like it2-Nov-05 7:18 
GeneralRe: Where did you get the proc binary Pin
Maxim Alekseikin2-Nov-05 10:14
memberMaxim Alekseikin2-Nov-05 10:14 
QuestionHow to use CStringArray in C# using p/invoke Pin
shusong18-Apr-05 16:50
membershusong18-Apr-05 16:50 
AnswerRe: How to use CStringArray in C# using p/invoke Pin
Maxim Alekseikin, MCAD19-Apr-05 2:11
memberMaxim Alekseikin, MCAD19-Apr-05 2:11 
GeneralRe: How to use CStringArray in C# using p/invoke Pin
shusong19-Apr-05 17:16
membershusong19-Apr-05 17:16 
GeneralLegacy plug-ins Pin
Harkos8-Sep-04 10:13
memberHarkos8-Sep-04 10:13 
GeneralInteresting Technique Pin
Lim Bio Liong30-Aug-04 19:57
memberLim Bio Liong30-Aug-04 19:57 
GeneralRe: Interesting Technique Pin
Maxim Alekseikin30-Aug-04 23:09
memberMaxim Alekseikin30-Aug-04 23:09 
GeneralGood Technique (for me!) Pin
Marcello Cantelmo30-Aug-04 11:41
sussMarcello Cantelmo30-Aug-04 11:41 
GeneralRe: Good Technique (for me!) Pin
Maxim Alekseikin30-Aug-04 23:22
memberMaxim Alekseikin30-Aug-04 23:22 
GeneralRe: Good Technique (for me!) Pin
Marcello Cantelmo31-Aug-04 0:30
sussMarcello Cantelmo31-Aug-04 0:30 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150520.1 | Last Updated 30 Aug 2004
Article Copyright 2004 by Maxim Alekseykin
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid