DInvoke 1.0.2

There is a newer version of this package available.
See the version list below for details.

dotnet add package DInvoke --version 1.0.2

NuGet\Install-Package DInvoke -Version 1.0.2

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="DInvoke" Version="1.0.2" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add DInvoke --version 1.0.2

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: DInvoke, 1.0.2"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install DInvoke as a Cake Addin
#addin nuget:?package=DInvoke&version=1.0.2

// Install DInvoke as a Cake Tool
#tool nuget:?package=DInvoke&version=1.0.2

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

DInvoke

Dynamic replacement for PInvoke on Windows. DInvoke contains powerful primitives that may be combined intelligently to dynamically invoke unmanaged code from disk or from memory with careful precision. This may be used for many purposes such as PE parsing, intelligent dynamic API resolution, dynamically loading PE plugins at runtime, process injection, and avoiding API hooks.

Features:

Dynamically invoke unmanaged APIs without PInvoke
Primitives allowing for strategic API hook evasion
Manually map unmanaged PE modules from managed code
Map PE modules into sections backed by arbitrary modules on disk
Modular process injection API
Growing library of data structures, delegates, and function wrappers (please share 😃
.NET v3.5+ support

Conference talk (Staying # & Bringing Covert Injection Tradecraft to .NET): https://www.youtube.com/watch?v=FuxpMXTgV9s

Blog posts:

Emulating Covert Operations - Dynamic Invocation (Avoiding PInvoke & API Hooks): https://thewover.github.io/Dynamic-Invoke/
Coming soon.

This project was originally created for SharpSploit (https://github.com/cobbr/SharpSploit). With permission from the author(s), it is not hosted here as a standalone library and NuGet.

Credit

The Wover
FuzzySec (b33f)
cobbr

Product	Compatible and additional computed target framework versions.
.NET Framework	net35 is compatible. net40 was computed. net403 was computed. net45 was computed. net451 was computed. net452 was computed. net46 was computed. net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories (5)

Showing the top 5 popular GitHub repositories that depend on DInvoke:

Repository	Stars
jfmaes/SharpZipRunner Executes position independent shellcode from an encrypted zip	299
Hagrid29/DuplicateDump Dumping LSASS with a duplicated handle from custom LSA plugin	191
jfmaes/SharpHandler	181
ChoiSG/UuidShellcodeExec PoC for UUID shellcode execution using DInvoke	149
fraktalcyber/Fransom Fraktal's Ransomware Emulator	100

Version	Downloads	Last updated
1.0.4	4,799	10/29/2020
1.0.2	536	10/26/2020

Initial release.