Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Injecting Managed DLL into .net 4.0 Application

I have successfuly injected managed DLL's into a .net 3.5 application using a bootloader dll (in c++) and then my "payload" dll in (c#).

When i try and do this to a .net 4.0 application is always crashes.

Bootloader C++:

    #include "MSCorEE.h"

    void StartTheDotNetRuntime()
    {
        // Bind to the CLR runtime..
        ICLRRuntimeHost *pClrHost = NULL;
        HRESULT hr = CorBindToRuntimeEx(
        NULL, L"wks", 0, CLSID_CLRRuntimeHost,
        IID_ICLRRuntimeHost, (PVOID*)&pClrHost);

        hr = pClrHost->Start();

        // Okay, the CLR is up and running in this (previously native) process.
        // Now call a method on our managed C# class library.
        DWORD dwRet = 0;
        hr = pClrHost->ExecuteInDefaultAppDomain(
             L"payload.dll",
             L"MyNamespace.MyClass", L"MyMethod", L"MyParameter", &dwRet);

        // Optionally stop the CLR runtime (we could also leave it running)
        hr = pClrHost->Stop();

       // Don't forget to clean up.
       pClrHost->Release();
    }

Payload C#:

    using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Windows.Forms;

    namespace MyNamespace
    {
       public class MyClass
       {
          // This method will be called by native code inside the target process...
          public static int MyMethod(String pwzArgument)
         {
             MessageBox.Show("Hello World");
             return 0;
         }

       }
    }

I have tried using the below fix, but to no avail, any ideas? fix??:

  hr = pMetaHost->GetRuntime(L"v4.0.30319", IID_ICLRRuntimeInfo, (LPVOID*)&lpRuntimeInfo); 
like image 795
scott Avatar asked Sep 02 '11 00:09

scott


2 Answers

The interfaces changed with .NET 4.0. Instead of using CorBindToRuntimeEx you should use the new ICLRMetaHost interface.

Code could look something like the following (without error checking):

ICLRMetaHost *pMetaHost = NULL;
CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (LPVOID*)&pMetaHost);

ICLRRuntimeInfo *pRuntimeInfo = NULL;
pMetaHost->GetRuntime(L"v4.0.30319", IID_ICLRRuntimeInfo, (LPVOID*)&pRuntimeInfo);

ICLRRuntimeHost *pClrRuntimeHost = NULL;
pRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost, IID_ICLRRuntimeHost, (LPVOID*)&pClrRuntimeHost);

pClrRuntimeHost->Start();
like image 82
jeffora Avatar answered Sep 22 '22 12:09

jeffora


I see several "quirks" with your code - for example CorBindToRuntimeEx is according to MS deprecated for .NET 4 .

The .NET 4 runtime brings for the first the ability to load multiple runtime versions side-by-side into the same process so I suspect MS had to do some changes esp. to the CLR hosting to make this happen...

You can find the recommended new Interfaces here.

like image 24
Yahia Avatar answered Sep 19 '22 12:09

Yahia