Injecting Managed DLL into .net 4.0 Application

Question

I have successfuly injected managed DLL's into a .net 3.5 application using a bootloader dll (in c++) and then my "payload" dll in (c#).

When i try and do this to a .net 4.0 application is always crashes.

Bootloader C++:

    #include "MSCorEE.h"

    void StartTheDotNetRuntime()
    {
        // Bind to the CLR runtime..
        ICLRRuntimeHost *pClrHost = NULL;
        HRESULT hr = CorBindToRuntimeEx(
        NULL, L"wks", 0, CLSID_CLRRuntimeHost,
        IID_ICLRRuntimeHost, (PVOID*)&pClrHost);

        hr = pClrHost->Start();

        // Okay, the CLR is up and running in this (previously native) process.
        // Now call a method on our managed C# class library.
        DWORD dwRet = 0;
        hr = pClrHost->ExecuteInDefaultAppDomain(
             L"payload.dll",
             L"MyNamespace.MyClass", L"MyMethod", L"MyParameter", &dwRet);

        // Optionally stop the CLR runtime (we could also leave it running)
        hr = pClrHost->Stop();

       // Don't forget to clean up.
       pClrHost->Release();
    }

Payload C#:

    using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Windows.Forms;

    namespace MyNamespace
    {
       public class MyClass
       {
          // This method will be called by native code inside the target process...
          public static int MyMethod(String pwzArgument)
         {
             MessageBox.Show("Hello World");
             return 0;
         }

       }
    }

I have tried using the below fix, but to no avail, any ideas? fix??:

  hr = pMetaHost->GetRuntime(L"v4.0.30319", IID_ICLRRuntimeInfo, (LPVOID*)&lpRuntimeInfo); 

Answer 1

The interfaces changed with .NET 4.0. Instead of using CorBindToRuntimeEx you should use the new ICLRMetaHost interface.

Code could look something like the following (without error checking):

ICLRMetaHost *pMetaHost = NULL;
CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (LPVOID*)&pMetaHost);

ICLRRuntimeInfo *pRuntimeInfo = NULL;
pMetaHost->GetRuntime(L"v4.0.30319", IID_ICLRRuntimeInfo, (LPVOID*)&pRuntimeInfo);

ICLRRuntimeHost *pClrRuntimeHost = NULL;
pRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost, IID_ICLRRuntimeHost, (LPVOID*)&pClrRuntimeHost);

pClrRuntimeHost->Start();

Answer 2

I see several "quirks" with your code - for example CorBindToRuntimeEx is according to MS deprecated for .NET 4 .

The .NET 4 runtime brings for the first the ability to load multiple runtime versions side-by-side into the same process so I suspect MS had to do some changes esp. to the CLR hosting to make this happen...

You can find the recommended new Interfaces here.