In memory injection

Question

In memory injection

Closed this issue 2 years ago · 1 comments

ymg2006 commented 2 years ago

Hello, I created an injector dll with dnlib inside the memory and wanted to inject the byte array into process without writing it to a temp directory. It seems in the function WriteMachineCode is not able to loadlibrary without assemblyPath.
return pRuntimeHost->ExecuteInDefaultAppDomain(L"assemblyPath", L"typeName", L"methodName", L"argument", pReturnValue);

I think if you write the dll into process memory and change that function wrapper to this

_AppDomainPtr spDefaultAppDomain = NULL;
if (pCorRuntimeHost->GetDefaultDomain(&spAppDomainThunk) != S_OK)
{
    _AssemblyPtr spAssembly = NULL;
    return  spDefaultAppDomain->Load_3(safeArray, &spAssembly)) {
    }
}

we shall use in memory injection and benefit from faster execution and eliminating the unnecessary use of reading and writing form hard drive and keeping the injector more covert.
here is the link to the full article.
Common Language Runtime In Memory Execution
CLR.hpp
Thanks in advance.

Answer 1 · 2022-06-03T04:01:08.000Z

Maybe I have no time to implement it. There was a previous issue requesting support for .NET Core, which also required changes to the injector. PR welcome.