Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Mar 19, 2022 6:19 am Post subject: Load .NET in process that doesn't use .NET |
|
|
This will add the loadDotNet() lua command which make the target process load a microsoft .NET environment (so not mono), which you can then use with functions like injectDotNetDLL to load your .NET dll's for whatever reason you may have...
(reason for making this: https://forum.cheatengine.org/viewtopic.php?p=5777687 )
Code: |
local dotnetloaderscript=[[
loadlibrary('mscoree.dll')
MSCOREE.CLRCreateInstance:
_ThisCLRCreateInstance@12: //Makes it work in 32-bit and used so the correct dll is used
_ThisCLRCreateInstance@24: //Makes it work in 64-bit and used so the correct dll is used
alloc(guids,128)
alloc(dotnetloadresult,4)
guids:
IID_ICLRMetaHost:
db 9E DB 32 D3 B3 B9 25 41 82 07 A1 48 84 F5 32 16
CLSID_CLRMetaHost:
db 8D 18 80 92 8E 0E 67 48 B3 0C 7F A8 38 84 E8 DE
IID_ICLRRuntimeHost:
db 6C A0 F1 90 12 77 62 47 86 B5 7A 5E BA 6B DB 02
CLSID_CLRRuntimeHost:
db 6E A0 F1 90 12 77 62 47 86 B5 7A 5E BA 6B DB 02
IID_ICLRRuntimeInfo:
db d2 d1 39 bd 2f ba 6a 48 89 B0 B4 B0 CB 46 68 91
dotnetloadresult:
dd ffffffff
dotnetloadresult2:
dq 0
{$c}
typedef unsigned int HRESULT;
typedef unsigned int ULONG;
typedef int LONG;
typedef unsigned int UINT;
typedef unsigned int DWORD;
typedef void* LPVOID;
typedef unsigned short * LPCWSTR;
typedef unsigned char * LPCSTR;
typedef unsigned short * LPWSTR;
typedef void * IEnumUnknown;
typedef int HANDLE;
typedef int BOOL;
typedef char * REFIID;
typedef char * REFCLSID;
typedef __SIZE_TYPE__ HMODULE;
#define STDMETHODCALLTYPE __attribute__((__stdcall__))
typedef struct
{
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(void * This, REFIID riid, void **ppvObject);
ULONG ( STDMETHODCALLTYPE *AddRef )(void * This);
ULONG ( STDMETHODCALLTYPE *Release )(void * This);
HRESULT ( STDMETHODCALLTYPE *GetRuntime )(void * This, LPCWSTR pwzVersion, REFIID riid, void *ppRuntime);
HRESULT ( STDMETHODCALLTYPE *GetVersionFromFile )(void * This, LPCWSTR pwzFilePath, LPCWSTR pwzBuffer, DWORD *pcchBuffer);
HRESULT ( STDMETHODCALLTYPE *EnumerateInstalledRuntimes )( void * This, IEnumUnknown **ppEnumerator);
HRESULT ( STDMETHODCALLTYPE *EnumerateLoadedRuntimes )( void * This,HANDLE hndProcess, IEnumUnknown **ppEnumerator);
HRESULT ( STDMETHODCALLTYPE *RequestRuntimeLoadedNotification )( void * This, void * pCallbackFunction);
HRESULT ( STDMETHODCALLTYPE *QueryLegacyV2RuntimeBinding )(void * This, REFIID riid, LPVOID *ppUnk);
HRESULT ( STDMETHODCALLTYPE *ExitProcess )(void * This, unsigned int iExitCode);
} *ICLRMetaHost, **PICLRMetaHost;
typedef struct
{
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(void * This, REFIID riid, void **ppvObject);
ULONG ( STDMETHODCALLTYPE *AddRef )(void * This);
ULONG ( STDMETHODCALLTYPE *Release )(void * This);
HRESULT ( STDMETHODCALLTYPE *GetVersionString )(void * This, LPWSTR pwzBuffer, DWORD *pcchBuffer);
HRESULT ( STDMETHODCALLTYPE *GetRuntimeDirectory )(void * This, LPWSTR pwzBuffer, DWORD *pcchBuffer);
HRESULT ( STDMETHODCALLTYPE *IsLoaded )(void * This, HANDLE hndProcess, BOOL *pbLoaded);
HRESULT ( STDMETHODCALLTYPE *LoadErrorString )(void * This, UINT iResourceID, LPWSTR pwzBuffer, DWORD *pcchBuffer, LONG iLocaleID);
HRESULT ( STDMETHODCALLTYPE *LoadLibrary )(void * This, LPCWSTR pwzDllName, HMODULE *phndModule);
HRESULT ( STDMETHODCALLTYPE *GetProcAddress )(void * This, LPCSTR pszProcName, LPVOID *ppProc);
HRESULT ( STDMETHODCALLTYPE *GetInterface )(void * This, REFCLSID rclsid, REFIID riid, LPVOID *ppUnk);
HRESULT ( STDMETHODCALLTYPE *IsLoadable )(void * This, BOOL *pbLoadable);
HRESULT ( STDMETHODCALLTYPE *SetDefaultStartupFlags )(void * This, DWORD dwStartupFlags, LPCWSTR pwzHostConfigFile);
HRESULT ( STDMETHODCALLTYPE *GetDefaultStartupFlags )(void * This, DWORD *pdwStartupFlags, LPWSTR pwzHostConfigFile, DWORD *pcchHostConfigFile);
HRESULT ( STDMETHODCALLTYPE *BindAsLegacyV2Runtime )(void * This);
HRESULT ( STDMETHODCALLTYPE *IsStarted )(void * This, BOOL *pbStarted, DWORD *pdwStartupFlags);
} *ICLRRuntimeInfo, **PICLRRuntimeInfo;
typedef struct
{
HRESULT ( STDMETHODCALLTYPE *QueryInterface )(void * This, REFIID riid, void **ppvObject);
ULONG ( STDMETHODCALLTYPE *AddRef )(void * This);
ULONG ( STDMETHODCALLTYPE *Release )(void * This);
HRESULT ( STDMETHODCALLTYPE *Start )(void * This);
HRESULT ( STDMETHODCALLTYPE *Stop )(void * This);
HRESULT ( STDMETHODCALLTYPE *SetHostControl )(void * This, void *pHostControl); //IHostControl
HRESULT ( STDMETHODCALLTYPE *GetCLRControl )(void * This, void **pCLRControl); //ICLRControl
HRESULT ( STDMETHODCALLTYPE *UnloadAppDomain )(void * This, DWORD dwAppDomainId, BOOL fWaitUntilDone);
HRESULT ( STDMETHODCALLTYPE *ExecuteInAppDomain )(void * This, DWORD dwAppDomainId, void* pCallback, void *cookie);
HRESULT ( STDMETHODCALLTYPE *GetCurrentAppDomainId )(void * This, DWORD *pdwAppDomainId);
HRESULT ( STDMETHODCALLTYPE *ExecuteApplication )(void * This, LPCWSTR pwzAppFullName, DWORD dwManifestPaths, LPCWSTR *ppwzManifestPaths, DWORD dwActivationData, LPCWSTR *ppwzActivationData, int *pReturnValue);
HRESULT ( STDMETHODCALLTYPE *ExecuteInDefaultAppDomain )(void * This, LPCWSTR pwzAssemblyPath, LPCWSTR pwzTypeName, LPCWSTR pwzMethodName, LPCWSTR pwzArgument, DWORD *pReturnValue);
} *ICLRRuntimeHost, **PICLRRuntimeHost;
int __attribute__((__stdcall__)) ThisCLRCreateInstance(void *clsid, void* riid, void* result);
extern int dotnetloadresult;
extern char CLSID_CLRRuntimeHost[16];
extern char IID_ICLRRuntimeHost[16];
extern char CLSID_CLRMetaHost[16];
extern char IID_ICLRMetaHost[16];
extern char IID_ICLRRuntimeInfo[16];
void StartDotNetHost(void)
{
PICLRMetaHost metahost;
int r=ThisCLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost,&metahost);
if (r==0)
{
PICLRRuntimeInfo rti;
r=(*metahost)->GetRuntime(metahost, L"v4.0.30319", IID_ICLRRuntimeInfo, &rti);
if (r==0)
{
BOOL loadable=0;
r=(*rti)->IsLoadable(rti, &loadable);
if ((r==0) && (loadable))
{
//can be used
PICLRRuntimeHost dnhost;
r=(*rti)->GetInterface(rti, CLSID_CLRRuntimeHost, IID_ICLRRuntimeHost, &dnhost);
if (r==0)
{
r=(*dnhost)->Start(dnhost);
if ((r==0) || (r==1))
dotnetloadresult=0;
else
dotnetloadresult=5;
}
else
dotnetloadresult=4;
}
else
dotnetloadresult=3;
}
else
dotnetloadresult=2;
}
else
dotnetloadresult=1;
}
{$asm}
createthread(StartDotNetHost)
]]
function loadDotNet()
local r,d=autoAssemble(dotnetloaderscript)
if r then
d.ccodesymbols.destroy() --to prevent contamination
local start=getTickCount()
while readInteger(d.allocs.dotnetloadresult.address)==0xffffffff do
checkSynchronize(100)
if getTickCount()>start+5000 then return false,'Timeout while waiting' end
end
r=readInteger(d.allocs.dotnetloadresult.address)
if r==0 then
mono_OpenProcessMT()
reinitializeDotNetSymbolhandler()
return true
else
if r==nil then --unreadable
return false,'Error: Target has crashed'
else
return false,'Error '..r
end
end
else
return false,'dotnetloaderscript failure'
end
end
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|