This post will introduce a few new (related) projects that I’ve started to work on.
Let’s start with my D/Invoke fork.
The aim of this fork is to provide D/Invoke in a more minimalist form. It only contains the core DynamicInvoke and ManualMap functionality, without all the additional helper methods, delegates, structs or enums. This help keeps the packages (yes, plural) small and lowers the detection surface for AV. I’ve also retargeted the solution to .NET Standard 2.0 to maximise compatibility with your own projects.
The second project is dinvoke.net.
Since I’ve stripped a lot of content out of the vanilla D/Invoke, this Wiki is a new place to document useful API signatures. Think of it as the D/Invoke equivalent to pinvoke.net. For each API, my goal is to provide the delegate and a usage example. See the entry for NtOpenProcess to get a feel for what I’m going for. For now, this is a solo effort but I’m open to having some trusted collaborators in the future.
The final project is nuget.code-offensive.net.
This is a self-hosted NuGet server powered by BaGet (pronounced “baguette”). The main impetus behind this was the forceful removal of DonutCore from nuget.org. For now, the packages I’ve pushed include my DInvoke fork and the original DonutCore. You can add https://nuget.code-offensive.net/v3/index.json to your nuget package manager and away you go.
For the foreseeable future, I’m maintaining sole control over pushing packages. The goal here is not to duplicate all infosec-related packages from nuget.org, it’s just to provide an alternative option for the community.
If you wish to get in touch regarding dinvoke.net or nuget.code-offensive.net, send me a Tweet.