Included in this directory script is a helper utility allowing one to quickly generate desired csharp source code file to be used for further `csc` compilation.
inputFile Input file to embedded into C# source code for --type regasm|plain. If --type exec was given, this parameter specifies command line to execute by the resulting assembly (environment variables will get expanded). May be either Powershell script, raw binary Shellcode or .NET Assembly (PE/EXE) file.
Specifies type of payload to generate. "plain" - assembly with embedded shellcode/ps1/exe, "exec" - assembly that hardcodes supplied shell command in "inputFile|cmdline" parameter and then runs it, "run-command" exposes a method named --method which takes one string parameter being a command to run, "regasm" - produces
executable compatible with Regasm/Regsvcs/InstallUtil code execution primitives. Default: plain
-c {default,x86,x64}, --compile {default,x86,x64}
Compile the source code using x86 or x64 csc.exe and generate output EXE/DLL file depending on --output extension. Default: default - CPU independent executable will be produced.
-o PATH, --output PATH
Output path where to write produced assembly/C# code. Default: print resulting C# code to stdout
-s NAME, --namespace NAME
Specifies custom C# module namespace for the generated Task (for needs of shellcode loaders such as DotNetToJScript or Donut). Default: ProgramNamespace.
-n NAME, --module NAME
Specifies custom C# module name for the generated Task (for needs of shellcode loaders such as DotNetToJScript or Donut). Default: Program.
-m NAME, --method NAME
Specifies method name that could be used by DotNetToJS and alike deserialization techniques to invoke our shellcode. Default: Foo
-e, --exe Specified input file is an Mono/.Net assembly PE/EXE. WARNING: Launching EXE is currently possible ONLY WITH MONO/.NET assembly EXE/DLL files, not an ordinary native PE/EXE!
-r, --raw (OBSOLETED) Specified input file is a raw Shellcode to be injected in self process in a separate Thread (VirtualAlloc + CreateThread)
-M, --msi-mode Compiled .NET assembly is to be used with MSI installer
-A, --appdomainmanager-mode
Defines additional public sealed class inheriting from AppDomainManager with name: "MyAppDomainManager". Useful for side-loading .NET applications through the AppDomainManager Injection attack (google up: TheWover/GhostLoader)
-C PARAMS, --extra-params PARAMS
Additional parameters to add to CSC compiler
--dotnet-ver {v2,v4,2,4}
Use specific .NET version for compilation (with --compile given). Default: v2
--queue-apc If --raw was specified, generate C# code template with CreateProcess + WriteProcessMemory + QueueUserAPC process injection technique instead of default CreateThread.
--target-process PATH
This option specifies target process path for remote process injection in --queue-apc technique. May use environment variables. May also contain command line for spawned process, example: --target-process "%windir%\system32\werfault.exe -l -u 1234"
