extern "C" __declspec(dllexport) HRESULT Inject(_In_ LPCSTR param)
{
DWORD pReturnValue;
ICLRMetaHost* pMetaHost = NULL;
ICLRRuntimeInfo* pRuntimeInfo = NULL;
ICLRRuntimeHost* pClrRuntimeHost = NULL;
if (CLRCreateInstance(CLSID_CLRMetaHost, IID_PPV_ARGS(&pMetaHost)) != S_OK)
{
return -1;
}
if (pMetaHost->GetRuntime(L"v4.0.30319", IID_PPV_ARGS(&pRuntimeInfo)) != S_OK)
{
return -1;
}
if (pRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost, IID_PPV_ARGS(&pClrRuntimeHost)) != S_OK)
{
return -1;
}
if (pClrRuntimeHost->Start() != S_OK)
{
return -1;
}
WCHAR wsz[MAX_PATH];
MultiByteToWideChar(CP_ACP, 0, param, -1, wsz, MAX_PATH);
HRESULT hr = pClrRuntimeHost->ExecuteInDefaultAppDomain(
wsz,
L"FakePacketSender.InjectedEntry",
L"Run",
wsz,
&pReturnValue);
if (hr = pClrRuntimeHost->Stop() != S_OK)
{
_com_error err(hr);
MessageBox(0, err.ErrorMessage(), L"Error", 0);
return -1;
}
if (hr != S_OK)
{
_com_error err(hr);
MessageBox(0, err.ErrorMessage(), L"Error", 0);
return -1;
}
pMetaHost->Release();
pRuntimeInfo->Release();
pClrRuntimeHost->Release();
return hr;
}
/// <summary>
/// Starts the dot net runtime.
/// </summary>
/// <remarks>http://www.codingthewheel.com/archives/how-to-inject-a-managed-assembly-dll/</remarks>
HRESULT StartTheDotNetRuntime(_In_ LPCTSTR lpCommand)
{
FILE *file;
fopen_s(&file, logPath, "a+");
fprintf(file, "binding runtime.\r\n");
fflush(file);
fprintf(file, "Loading the .NET runtime host.\n");
fflush(file);
ICLRMetaHost *pMetaHost = NULL;
auto result = CLRCreateInstance(CLSID_CLRMetaHost, IID_PPV_ARGS(&pMetaHost));
if (FAILED(result))
{
fprintf(file, "Error: failed to create CLR instance.\n");
fflush(file);
return result;
}
fprintf(file, "Loading the .NET runtime.\n");
fflush(file);
ICLRRuntimeInfo *pRuntimeInfo = NULL;
result = pMetaHost->GetRuntime(L"v4.0.30319", IID_PPV_ARGS(&pRuntimeInfo));
if (FAILED(result))
{
fprintf(file, "Error: failed to create CLR instance.\n");
fflush(file);
pMetaHost->Release();
return result;
}
fprintf(file, "Acquiring the .NET runtime.\n");
fflush(file);
ICLRRuntimeHost *pClrRuntimeHost = NULL;
result = pRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost, IID_PPV_ARGS(&pClrRuntimeHost));
if (FAILED(result))
{
fprintf(file, "Error: failed to acquire CLR runtime.\n");
fflush(file);
pMetaHost->Release();
return result;
}
fprintf(file, "Starting the .NET runtime.\n");
fflush(file);
result = pClrRuntimeHost->Start();
if (FAILED(result))
{
fprintf(file, "Error: failed to start CLR runtime.\n");
fflush(file);
pClrRuntimeHost->Release();
pMetaHost->Release();
return result;
}
fprintf(file, "Executing payload assembly.\n");
fflush(file);
DWORD dwRet = 0;
result = pClrRuntimeHost->ExecuteInDefaultAppDomain(
assemblyPath,
classFqn, methodName, parameter, &dwRet);
if (FAILED(result))
{
fprintf(file, "Error: unable to execute example code.\n");
fflush(file);
pClrRuntimeHost->Stop();
pClrRuntimeHost->Release();
pMetaHost->Release();
return result;
}
fprintf(file, "Stopping the .NET runtime.\n");
fflush(file);
pClrRuntimeHost->Stop();
fprintf(file, "Releasing the .NET runtime.\n");
fflush(file);
pClrRuntimeHost->Release();
pMetaHost->Release();
fclose(file);
return ERROR_SUCCESS;
}
int _tmain(int argc, _TCHAR* argv[])
{
// Bind to the runtime.
ICLRRuntimeHost *pClrHost = NULL;
HRESULT hrCorBind = CorBindToRuntimeEx(
NULL, // Load the latest CLR version available
L"wks", // Workstation GC ("wks" or "svr" overrides)
0, // No flags needed
CLSID_CLRRuntimeHost,
IID_ICLRRuntimeHost,
(PVOID*)&pClrHost);
CheckFail(hrCorBind, "Bind to runtime failed (0x%x)");
// Construct our host control object.
DHHostControl *pHostControl = new DHHostControl(pClrHost);
if (!pHostControl)
Fail("Host control allocation failed");
pClrHost->SetHostControl(pHostControl);
// Now, begin the CLR.
HRESULT hrStart = pClrHost->Start();
if (hrStart == S_FALSE)
_ASSERTE(!L"Runtime already started; probably OK to proceed");
else
CheckFail(hrStart, "Runtime startup failed (0x%x)");
// Construct the shim path (i.e. shim.exe).
WCHAR wcShimPath[MAX_PATH];
if (!GetCurrentDirectoryW(MAX_PATH, wcShimPath))
CheckFail(HRESULT_FROM_WIN32(GetLastError()), "GetCurrentDirectory failed (0x%x)");
wcsncat_s(wcShimPath, sizeof(wcShimPath) / sizeof(WCHAR), L"\\shim.exe", MAX_PATH - wcslen(wcShimPath) - 1);
// Gather the arguments to pass to the shim.
LPWSTR wcShimArgs = NULL;
if (argc > 1)
{
SIZE_T totalLength = 1; // 1 is the NULL terminator
for(int i = 1; i < argc; i++)
{
// TODO: add characters for quotes around args w/ spaces inside them
if (i != 1)
totalLength++; // add a space between args
totalLength += _tcslen(argv[i]) + 1;
}
wcShimArgs = new WCHAR[totalLength];
wcShimArgs[0] = '\0';
for(int i = 1; i < argc; i++)
{
if (i != 1)
wcscat_s(wcShimArgs, totalLength, L" ");
wcsncat_s(wcShimArgs, totalLength, argv[i], wcslen(argv[i]));
}
}
if (wcShimArgs == NULL)
Fail("Missing program path (host.exe <exePath>)\r\n");
// And execute the program...
DWORD retVal;
HRESULT hrExecute = pClrHost->ExecuteInDefaultAppDomain(
wcShimPath,
L"Shim",
L"Start",
wcShimArgs,
&retVal);
CheckFail(hrExecute, "Execution of shim failed (0x%x)\r\n");
if (wcShimArgs)
delete wcShimArgs;
// Stop the CLR and cleanup.
pHostControl->ShuttingDown();
pClrHost->Stop();
pClrHost->Release();
return retVal;
}
VOID StartAssembly(vector<wstring> const& params)
{
ICLRMetaHost *pMetaHost = NULL;
HRESULT hr;
hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost,
(LPVOID*)&pMetaHost);
if (SUCCEEDED(hr))
{
IEnumUnknown *peunkRuntimes;
hr = pMetaHost->EnumerateInstalledRuntimes(&peunkRuntimes);
if (SUCCEEDED(hr))
{
// *** FINDING LATEST RUNTIME ***
IUnknown *punkRuntime;
ICLRRuntimeInfo *prtiLatest = NULL;
WCHAR szLatestRuntimeVersion[MAX_PATH];
while (peunkRuntimes->Next(1, &punkRuntime, NULL) == S_OK)
{
ICLRRuntimeInfo *prtiCurrent;
hr = punkRuntime->QueryInterface(IID_PPV_ARGS(&prtiCurrent));
if (SUCCEEDED(hr))
{
if (!prtiLatest)
{
hr = prtiCurrent->QueryInterface(IID_PPV_ARGS(&prtiLatest));
if (SUCCEEDED(hr))
{
DWORD cch = ARRAYSIZE(szLatestRuntimeVersion);
hr = prtiLatest->GetVersionString(szLatestRuntimeVersion, &cch);
}
}
else
{
WCHAR szCurrentRuntimeVersion[MAX_PATH];
DWORD cch = ARRAYSIZE(szCurrentRuntimeVersion);
hr = prtiCurrent->GetVersionString(szCurrentRuntimeVersion, &cch);
if (SUCCEEDED(hr))
{
if (wcsncmp(szLatestRuntimeVersion, szCurrentRuntimeVersion, cch) < 0)
{
hr = prtiCurrent->GetVersionString(szLatestRuntimeVersion, &cch);
if (SUCCEEDED(hr))
{
prtiLatest->Release();
hr = prtiCurrent->QueryInterface(IID_PPV_ARGS(&prtiLatest));
}
}
}
}
prtiCurrent->Release();
}
punkRuntime->Release();
}
peunkRuntimes->Release();
// *** STARTING CLR ***
if (SUCCEEDED(hr))
{
ICLRRuntimeHost *prth;
hr = prtiLatest->GetInterface(CLSID_CLRRuntimeHost, IID_ICLRRuntimeHost, (LPVOID*)&prth);
if (SUCCEEDED(hr))
{
hr = prth->Start();
if (SUCCEEDED(hr))
{
DWORD dwRet = 0;
hr = prth->ExecuteInDefaultAppDomain(params.at(0).c_str(), params.at(1).c_str(),
params.at(2).c_str(), params.at(3).c_str(), &dwRet);
// hr = 0x80131513 (System.MissingMethodException)
if (SUCCEEDED(hr))
{
// *** Success ***
MessageBox(GetDesktopWindow(), L"Successfully called managed function.", L"Success", MB_OK);
}
hr = prth->Stop();
}
prth->Release();
}
}
}
pMetaHost->Release();
}
}