Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Load .NET in process that doesn't use .NET

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions
View previous topic :: View next topic  
Author Message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat Mar 19, 2022 6:19 am    Post subject: Load .NET in process that doesn't use .NET Reply with quote

This will add the loadDotNet() lua command which make the target process load a microsoft .NET environment (so not mono), which you can then use with functions like injectDotNetDLL to load your .NET dll's for whatever reason you may have...

(reason for making this: https://forum.cheatengine.org/viewtopic.php?p=5777687 )


Code:

local dotnetloaderscript=[[
loadlibrary('mscoree.dll')

MSCOREE.CLRCreateInstance:
_ThisCLRCreateInstance@12: //Makes it work in 32-bit and used so the correct dll is used
_ThisCLRCreateInstance@24: //Makes it work in 64-bit and used so the correct dll is used

alloc(guids,128)
alloc(dotnetloadresult,4)


guids:
IID_ICLRMetaHost:
db 9E DB 32 D3 B3 B9 25 41 82 07 A1 48 84 F5 32 16

CLSID_CLRMetaHost:
db 8D 18 80 92 8E 0E 67 48 B3 0C 7F A8 38 84 E8 DE

IID_ICLRRuntimeHost:
db 6C A0 F1 90 12 77 62 47 86 B5 7A 5E BA 6B DB 02

CLSID_CLRRuntimeHost:
db 6E A0 F1 90 12 77 62 47 86 B5 7A 5E BA 6B DB 02

IID_ICLRRuntimeInfo:
db d2 d1 39 bd 2f ba 6a 48 89 B0 B4 B0 CB 46 68 91



dotnetloadresult:
dd ffffffff

dotnetloadresult2:
dq 0

{$c}
  typedef unsigned int HRESULT;
  typedef unsigned int ULONG;
  typedef int LONG;
  typedef unsigned int UINT;
  typedef unsigned int DWORD;
  typedef void* LPVOID;
  typedef unsigned short * LPCWSTR;
  typedef unsigned char * LPCSTR;
  typedef unsigned short * LPWSTR;
  typedef void * IEnumUnknown;
  typedef int HANDLE;
  typedef int BOOL;
  typedef char * REFIID;
  typedef char * REFCLSID;
  typedef __SIZE_TYPE__ HMODULE;
  #define STDMETHODCALLTYPE __attribute__((__stdcall__))


  typedef struct
  {
       HRESULT ( STDMETHODCALLTYPE *QueryInterface )(void * This, REFIID riid, void **ppvObject);
       ULONG ( STDMETHODCALLTYPE *AddRef )(void * This);
       ULONG ( STDMETHODCALLTYPE *Release )(void * This);
       HRESULT ( STDMETHODCALLTYPE *GetRuntime )(void * This, LPCWSTR pwzVersion, REFIID riid, void *ppRuntime);
       HRESULT ( STDMETHODCALLTYPE *GetVersionFromFile )(void * This, LPCWSTR pwzFilePath, LPCWSTR pwzBuffer, DWORD *pcchBuffer);
       HRESULT ( STDMETHODCALLTYPE *EnumerateInstalledRuntimes )( void * This, IEnumUnknown **ppEnumerator);
       HRESULT ( STDMETHODCALLTYPE *EnumerateLoadedRuntimes )( void * This,HANDLE hndProcess, IEnumUnknown **ppEnumerator);
       HRESULT ( STDMETHODCALLTYPE *RequestRuntimeLoadedNotification )( void * This, void * pCallbackFunction);
       HRESULT ( STDMETHODCALLTYPE *QueryLegacyV2RuntimeBinding )(void * This, REFIID riid, LPVOID *ppUnk);
       HRESULT ( STDMETHODCALLTYPE *ExitProcess )(void * This, unsigned int iExitCode);
  } *ICLRMetaHost, **PICLRMetaHost;

  typedef struct
  {
       HRESULT ( STDMETHODCALLTYPE *QueryInterface )(void * This, REFIID riid, void **ppvObject);
       ULONG ( STDMETHODCALLTYPE *AddRef )(void * This);
       ULONG ( STDMETHODCALLTYPE *Release )(void * This);
       HRESULT ( STDMETHODCALLTYPE *GetVersionString )(void * This, LPWSTR pwzBuffer, DWORD *pcchBuffer);
       HRESULT ( STDMETHODCALLTYPE *GetRuntimeDirectory )(void * This, LPWSTR pwzBuffer, DWORD *pcchBuffer);
       HRESULT ( STDMETHODCALLTYPE *IsLoaded )(void * This, HANDLE hndProcess, BOOL *pbLoaded);
       HRESULT ( STDMETHODCALLTYPE *LoadErrorString )(void * This, UINT iResourceID, LPWSTR pwzBuffer, DWORD *pcchBuffer, LONG iLocaleID);
       HRESULT ( STDMETHODCALLTYPE *LoadLibrary )(void * This, LPCWSTR pwzDllName, HMODULE *phndModule);
       HRESULT ( STDMETHODCALLTYPE *GetProcAddress )(void * This, LPCSTR pszProcName, LPVOID *ppProc);
       HRESULT ( STDMETHODCALLTYPE *GetInterface )(void * This, REFCLSID rclsid, REFIID riid, LPVOID *ppUnk);
       HRESULT ( STDMETHODCALLTYPE *IsLoadable )(void * This, BOOL *pbLoadable);
       HRESULT ( STDMETHODCALLTYPE *SetDefaultStartupFlags )(void * This, DWORD dwStartupFlags, LPCWSTR pwzHostConfigFile);
       HRESULT ( STDMETHODCALLTYPE *GetDefaultStartupFlags )(void * This, DWORD *pdwStartupFlags, LPWSTR pwzHostConfigFile, DWORD *pcchHostConfigFile);
       HRESULT ( STDMETHODCALLTYPE *BindAsLegacyV2Runtime )(void * This);
       HRESULT ( STDMETHODCALLTYPE *IsStarted )(void * This, BOOL *pbStarted, DWORD *pdwStartupFlags);
  } *ICLRRuntimeInfo, **PICLRRuntimeInfo;

  typedef struct
  {
       HRESULT ( STDMETHODCALLTYPE *QueryInterface )(void * This, REFIID riid, void **ppvObject);
       ULONG ( STDMETHODCALLTYPE *AddRef )(void * This);
       ULONG ( STDMETHODCALLTYPE *Release )(void * This);
       HRESULT ( STDMETHODCALLTYPE *Start )(void * This);
       HRESULT ( STDMETHODCALLTYPE *Stop )(void * This);
       HRESULT ( STDMETHODCALLTYPE *SetHostControl )(void * This, void *pHostControl); //IHostControl
       HRESULT ( STDMETHODCALLTYPE *GetCLRControl )(void * This,  void **pCLRControl); //ICLRControl
       HRESULT ( STDMETHODCALLTYPE *UnloadAppDomain )(void * This,  DWORD dwAppDomainId, BOOL fWaitUntilDone);
       HRESULT ( STDMETHODCALLTYPE *ExecuteInAppDomain )(void * This, DWORD dwAppDomainId, void* pCallback, void *cookie);
       HRESULT ( STDMETHODCALLTYPE *GetCurrentAppDomainId )(void * This, DWORD *pdwAppDomainId);
       HRESULT ( STDMETHODCALLTYPE *ExecuteApplication )(void * This, LPCWSTR pwzAppFullName, DWORD dwManifestPaths, LPCWSTR *ppwzManifestPaths, DWORD dwActivationData, LPCWSTR *ppwzActivationData, int *pReturnValue);
       HRESULT ( STDMETHODCALLTYPE *ExecuteInDefaultAppDomain )(void * This, LPCWSTR pwzAssemblyPath, LPCWSTR pwzTypeName, LPCWSTR pwzMethodName, LPCWSTR pwzArgument, DWORD *pReturnValue);
  } *ICLRRuntimeHost, **PICLRRuntimeHost;


int __attribute__((__stdcall__)) ThisCLRCreateInstance(void *clsid, void* riid, void* result);

extern int dotnetloadresult;
extern char CLSID_CLRRuntimeHost[16];
extern char IID_ICLRRuntimeHost[16];

extern char CLSID_CLRMetaHost[16];
extern char IID_ICLRMetaHost[16];

extern char IID_ICLRRuntimeInfo[16];


void StartDotNetHost(void)
{
  PICLRMetaHost metahost;
  int r=ThisCLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost,&metahost);
  if (r==0)
  {
    PICLRRuntimeInfo rti;

    r=(*metahost)->GetRuntime(metahost, L"v4.0.30319", IID_ICLRRuntimeInfo, &rti);

    if (r==0)
    {
      BOOL loadable=0;
      r=(*rti)->IsLoadable(rti, &loadable);
      if ((r==0) && (loadable))
      {
        //can be used
        PICLRRuntimeHost dnhost;
        r=(*rti)->GetInterface(rti, CLSID_CLRRuntimeHost, IID_ICLRRuntimeHost, &dnhost);
        if (r==0)
        {
          r=(*dnhost)->Start(dnhost);
          if ((r==0) || (r==1))
            dotnetloadresult=0;
          else
            dotnetloadresult=5;
        }
        else
          dotnetloadresult=4;
      }
      else
        dotnetloadresult=3;
    }
    else
      dotnetloadresult=2;
  }
  else
    dotnetloadresult=1;
}
{$asm}

createthread(StartDotNetHost)
]]

function loadDotNet()
  local r,d=autoAssemble(dotnetloaderscript)
  if r then
    d.ccodesymbols.destroy() --to prevent contamination
    local start=getTickCount()
    while readInteger(d.allocs.dotnetloadresult.address)==0xffffffff do
      checkSynchronize(100)
      if getTickCount()>start+5000 then return false,'Timeout while waiting' end
    end

    r=readInteger(d.allocs.dotnetloadresult.address)
    if r==0 then
      mono_OpenProcessMT()
      reinitializeDotNetSymbolhandler()
      return true
    else
      if r==nil then --unreadable
        return false,'Error: Target has crashed'
      else
        return false,'Error '..r
      end
    end
  else
    return false,'dotnetloaderscript failure'
  end
end

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Extensions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites