Class Payloads
A collecton of methods which generate payloads.
Inheritance
Inherited Members
Namespace: ERC.Utilities
Assembly: ERC.Net.dll
Syntax
public static class PayloadsFields
DefaultEgg
Default egg hunter tag.
Declaration
public static string DefaultEggField Value
| Type | Description |
|---|---|
| System.String |
EggHunter32
A 32 bit egg hunter.
Declaration
public static byte[] EggHunter32Field Value
| Type | Description |
|---|---|
| System.Byte[] |
EggHunter641
A 64 bit egg hunter.
Declaration
public static byte[] EggHunter641Field Value
| Type | Description |
|---|---|
| System.Byte[] |
EggHunter642
A second 64 bit egg hunter.
Declaration
public static byte[] EggHunter642Field Value
| Type | Description |
|---|---|
| System.Byte[] |
EggHunterWOW64
An egg hunter that will work on 32 bit systems or 32 bit processes running under WOW64.
Declaration
public static byte[] EggHunterWOW64Field Value
| Type | Description |
|---|---|
| System.Byte[] |
Methods
ByteArrayConstructor(Byte[])
Creates an array of all possible byte values except those passed to the function.
Declaration
public static byte[] ByteArrayConstructor(byte[] unwantedBytes)Parameters
| Type | Name | Description |
|---|---|---|
| System.Byte[] | unwantedBytes | Takes a byte array of bytes to be excluded |
Returns
| Type | Description |
|---|---|
| System.Byte[] | Returns an array of all other possible bytes. |
ByteCompare(ProcessInfo, IntPtr, Byte[])
Compares a byte array with an area in memory of equal size. This method should be used in conjunction with the ByteArrayConstructor to identify bytes which can not be passed into a program without corrupting the input.
Declaration
public static Tuple<bool, byte[], byte[]> ByteCompare(ProcessInfo info, IntPtr startAddress, byte[] bytes)Parameters
| Type | Name | Description |
|---|---|---|
| ProcessInfo | info | The process to compare memory from |
| System.IntPtr | startAddress | The address at which to start the comparison |
| System.Byte[] | bytes | The byte array containing the bytes to be compared |
Returns
| Type | Description |
|---|---|
| System.Tuple<System.Boolean, System.Byte[], System.Byte[]> | Returns a Tuple containing a bool which is true if the comparison was identical and false if it was not, a byte array containing the bytes provided and a byte array containing the bytes read from process memory |
ByteCompare(ProcessInfo, IntPtr, String)
Compares a byte array with an area in memory of equal size. This method should be used in conjunction with the ByteArrayConstructor to identify bytes which can not be passed into a program without corrupting the input.
Declaration
public static Tuple<bool, byte[], byte[]> ByteCompare(ProcessInfo info, IntPtr startAddress, string byteFilePath)Parameters
| Type | Name | Description |
|---|---|---|
| ProcessInfo | info | The process to compare memory from |
| System.IntPtr | startAddress | The address at which to start the comparison |
| System.String | byteFilePath | The path to a file containing the bytes to be compared |
Returns
| Type | Description |
|---|---|
| System.Tuple<System.Boolean, System.Byte[], System.Byte[]> | Returns a Tuple containing a bool which is true if the comparison was identical and false if it was not, a byte array containing the bytes provided and a byte array containing the bytes read from process memory |
EggHunterConstructor(String)
Generates a selection of EggHunter payloads. A custom tag can be specified, if no tag is specified EggHunters will search for the default tag (ERCD)
Declaration
public static Dictionary<string, byte[]> EggHunterConstructor(string tag = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | tag | A custom tag which the egg hunters will search for. |
Returns
| Type | Description |
|---|---|
| System.Collections.Generic.Dictionary<System.String, System.Byte[]> | Returns a dictionary containing a list of EggHunters and string detailing them |
PopPopRet(Byte[])
Finds all instances of POP X POP X RET in a given byte array.
Declaration
public static List<int> PopPopRet(byte[] data)Parameters
| Type | Name | Description |
|---|---|---|
| System.Byte[] | data | Byte array to be searched |
Returns
| Type | Description |
|---|---|
| System.Collections.Generic.List<System.Int32> | Returns an array of integers containing the offsets of the instruction sets. |