-
-
Save dedmen/d97b70556866a235e2ee3efdeb977357 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "stdafx.h" | |
| #include <assert.h> | |
| #include <windows.h> | |
| #include <tchar.h> | |
| #include <stdio.h> | |
| #include <malloc.h> | |
| #include <locale> | |
| #include <codecvt> | |
| #include <string> | |
| #include "MemoryModule.h" | |
| #include <mscoree.h> | |
| #include <winnls.h> | |
| #include <windows.h> | |
| #include "md5.h" | |
| // C RunTime Header Files | |
| #include <stdlib.h> | |
| #include <malloc.h> | |
| #include <memory.h> | |
| #include <tchar.h> | |
| #include <fstream> | |
| #import <mscorlib.tlb> raw_interfaces_only | |
| using namespace mscorlib; | |
| typedef void(*DLLMainProc)(); | |
| extern "C++" { | |
| inline void base64_decode_decryptFilekey(char* input, int inputlen, char* output, unsigned long outputlen) { | |
| base64url_decode((const unsigned char*) input, inputlen, (unsigned char*) output, &outputlen); | |
| }; | |
| } | |
| #define atl | |
| #ifdef atl | |
| #include <atlsafe.h> | |
| #endif | |
| void testLoad(char* data, int length) { | |
| #ifdef atl | |
| CComPtr<ICorRuntimeHost> pHost; | |
| #else | |
| ICorRuntimeHost* pHost; | |
| #endif | |
| HRESULT hr = CorBindToRuntimeEx(L"v4.0.30319", | |
| NULL, | |
| NULL, | |
| CLSID_CorRuntimeHost, | |
| IID_ICorRuntimeHost, | |
| (void **) &pHost); | |
| if (FAILED(hr)) | |
| return; | |
| hr = pHost->Start(); | |
| if (FAILED(hr)) | |
| return; | |
| #ifdef atl | |
| CComPtr<IUnknown> pUnk; | |
| #else | |
| IUnknown* pUnk; | |
| #endif | |
| hr = pHost->GetDefaultDomain(&pUnk); | |
| if (FAILED(hr)) | |
| return; | |
| #ifdef atl | |
| CComPtr<_AppDomain> appDomain; | |
| hr = pUnk->QueryInterface(&appDomain.p); | |
| #else | |
| _AppDomain *appDomain; | |
| hr = pUnk->QueryInterface(&appDomain); | |
| #endif | |
| if (FAILED(hr)) | |
| return; | |
| //std::ifstream is("T:\\CSNET2ClassLibrary\\bin\\x86\\Release\\CSNET2ClassLibrary.dll", std::ifstream::binary); | |
| //is.seekg(0, is.end); | |
| //long size = is.tellg(); | |
| //is.seekg(0); | |
| //allocate memory for file content | |
| //char* buffer = new char[size]; | |
| //char* outBuffer = new char[size]; | |
| //read content of infile | |
| //is.read(buffer, size); | |
| //is.close(); | |
| #ifdef atl | |
| CComSafeArray<unsigned char> *rawAssembly = new CComSafeArray<unsigned char>(); | |
| rawAssembly->Add((int) key128[1], (unsigned char*) key128[0]); | |
| //rawAssembly->Add((int) size, (unsigned char*) buffer); | |
| CComPtr<mscorlib::_Assembly> assembly; | |
| hr = appDomain->Load_3( *rawAssembly, &assembly); | |
| #else | |
| mscorlib::_Assembly *assembly; | |
| hr = appDomain->Load_3(SafeArrayCreateEx(VT_BSTR, (int) key128[1], 0, (unsigned char*) key128[0]), &assembly); | |
| #endif | |
| delete (char*)key128[0]; | |
| if (FAILED(hr)) { | |
| return; | |
| } | |
| #ifdef atl | |
| CComVariant launcher; | |
| #else | |
| VARIANT launcher; | |
| #endif | |
| char* entClass = "ThisIsTheEntryPointClassAddressInBase64########################################"; | |
| char* entryClassDecrypted = (char*)malloc(strlen(entClass)); | |
| base64_decode_decryptFilekey(entClass, strlen(entClass), entryClassDecrypted, strlen(entClass)); | |
| hr = assembly->CreateInstance(_bstr_t(entryClassDecrypted), &launcher); //"Cellbi.AppPacker.Api.NetLauncher" | |
| // hr = assembly->CreateInstance(_bstr_t("CSNET2ClassLibrary.testClass"), &launcher); | |
| if (FAILED(hr)) | |
| return; | |
| if (launcher.vt != VT_DISPATCH) | |
| return; | |
| #ifdef atl | |
| CComPtr<IDispatch> disp = launcher.pdispVal; | |
| #else | |
| IDispatch* disp = launcher.pdispVal; | |
| #endif | |
| DISPID dispid; | |
| char* entFunc = "ThisIsTheEntryPointFunctionAddressInBase64########################################"; | |
| char* entryFuncDecrypted = (char*) malloc(32); //strlen(entFunc) | |
| base64_decode_decryptFilekey(entFunc, 32, entryFuncDecrypted, 32); | |
| std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter; | |
| std::wstring wide = converter.from_bytes(std::string(entryFuncDecrypted)); | |
| OLECHAR FAR* methodName = (wchar_t*)wide.c_str(); //Launch | |
| hr = disp->GetIDsOfNames(IID_NULL, &methodName, 1, LOCALE_SYSTEM_DEFAULT, &dispid); | |
| if (FAILED(hr)) | |
| return; | |
| TCHAR szPath[MAX_PATH]; | |
| if (!GetModuleFileName(NULL, szPath, MAX_PATH)) | |
| return; | |
| typedef struct myDISPPARAMS { | |
| VARIANTARG *rgvarg; | |
| DISPID *rgdispidNamedArgs; | |
| UINT cArgs; | |
| UINT cNamedArgs; | |
| }; | |
| #ifdef atl | |
| CComVariant *path = new CComVariant(szPath); | |
| CComVariant *cmdLineArg = new CComVariant("hd"); | |
| CComVariant FAR args[] = { *cmdLineArg, *path }; | |
| myDISPPARAMS noArgs = { args, NULL, 2, 0 }; | |
| #else | |
| //CComVariant *path = new CComVariant(szPath); | |
| //CComVariant *cmdLineArg = new CComVariant("hd"); | |
| //CComVariant FAR args[] = { *cmdLineArg, *path }; | |
| myDISPPARAMS noArgs = { NULL, NULL, 2, 0 }; | |
| #endif | |
| hr = disp->Invoke(dispid, IID_NULL, LOCALE_SYSTEM_DEFAULT, DISPATCH_METHOD, (tagDISPPARAMS*)&noArgs, NULL, NULL, NULL); | |
| //if (FAILED(hr)) | |
| // return; | |
| hr = pHost->Stop(); | |
| ExitProcess(1); | |
| if (FAILED(hr)) | |
| return; | |
| return; | |
| } | |
| void LoadFromFile(std::string file) { | |
| typedef HMODULE(*_LoadLibraryA)( | |
| LPCSTR lpLibFileName | |
| ); | |
| _LoadLibraryA LoadLib = (_LoadLibraryA) GetProcAddress(GetModuleHandleA("Kernel32.dll"), "LoadLibraryA"); | |
| auto hmod = LoadLib(file.c_str()); | |
| DLLMainProc proc0 = (DLLMainProc) GetProcAddress(hmod, "DLLMain"); | |
| proc0(); | |
| } | |
| void LoadFromMemory(std::string file) { | |
| std::wstring_convert<std::codecvt_utf8_utf16<wchar_t>> converter; | |
| //std::string narrow = converter.to_bytes(wide_utf16_source_string); | |
| std::wstring wideFile = converter.from_bytes(file); | |
| FILE *fp; | |
| unsigned char *data = NULL; | |
| long size; | |
| size_t read; | |
| HMEMORYMODULE handle; | |
| HMEMORYRSRC resourceInfo; | |
| DWORD resourceSize; | |
| LPVOID resourceData; | |
| TCHAR buffer[100]; | |
| fp = _tfopen(wideFile.c_str(), _T("rb")); | |
| if (fp == NULL) { | |
| _tprintf(_T("Can't open DLL file \"%s\"."), wideFile.c_str()); | |
| goto exit; | |
| } | |
| fseek(fp, 0, SEEK_END); | |
| size = ftell(fp); | |
| assert(size >= 0); | |
| data = (unsigned char *) malloc(size); | |
| assert(data != NULL); | |
| fseek(fp, 0, SEEK_SET); | |
| read = fread(data, 1, size, fp); | |
| assert(read == static_cast<size_t>(size)); | |
| fclose(fp); | |
| //auto hmod = LoadLibraryA(file.c_str()); | |
| typedef int(*_CorValidateImage)( | |
| PVOID* ImageBase, | |
| LPCWSTR FileName | |
| ); | |
| HMODULE mshmod = GetModuleHandleA("mscoree.dll"); | |
| _CorValidateImage valid = (_CorValidateImage) (LPVOID) GetProcAddress(mshmod, "_CorValidateImage"); | |
| int x | |
| ;// = (int) hmod; | |
| //auto validy = valid((PVOID*) &x, L"CSNET2ClassLibrary.dll"); | |
| //DLLMainProc proc0 = (DLLMainProc) GetProcAddress(hmod, "DLLMain"); | |
| //proc0(); | |
| handle = MemoryLoadLibrary(data, size); | |
| if (handle == NULL) { | |
| _tprintf(_T("Can't load library from memory.\n")); | |
| goto exit; | |
| } | |
| DllEntryProc DllEntry = (DllEntryProc) (LPVOID) (0x10002C3E); | |
| BOOL successfull;// = (DllEntry) ((HINSTANCE) 0x10000000, DLL_PROCESS_ATTACH, 0); //*DllEntry | |
| //RuntimeHostV4Demo1(L"v4.0.30319", L"HarwareID",L"HarwareID.test"); | |
| //RuntimeHostV4Demo2(L"v4.0.30319", L"HarwareID",L"HarwareID.test"); | |
| //CSharpCaller::call(); | |
| //http://www.codeproject.com/Articles/528178/Load-DLL-From-Embedded-Resource | |
| //https://sites.google.com/site/robertgiesecke/Home/uploads/unmanagedexports#TOC-Version-1.2.1 | |
| //https://www.mql5.com/de/articles/249 | |
| //http://www.rohitab.com/discuss/topic/39179-loadlibrary-replacement/ | |
| /* | |
| https://github.com/dotnet/coreclr/blob/master/src/inc/pedecoder.inl | |
| https://github.com/dotnet/coreclr/blob/master/src/inc/pedecoder.h | |
| https://github.com/dotnet/coreclr/blob/master/src/utilcode/pedecoder.cpp | |
| https://github.com/dotnet/coreclr/blob/master/src/vm/ceemain.cpp | |
| http://www.progamercity.net/vb-code/4289-c-tutorial-create-unmanaged-export-library.html | |
| */ | |
| DllEntry = (DllEntryProc) (LPVOID) GetProcAddress(mshmod, "_CorDllMain"); | |
| valid = (_CorValidateImage) (LPVOID) GetProcAddress(mshmod, "_CorValidateImage"); | |
| x = 0x10000000; | |
| auto validy = valid((PVOID*) &x,L"CSNET2ClassLibrary.dll"); | |
| successfull = (DllEntry) ((HINSTANCE) 0x10000000, DLL_PROCESS_ATTACH, 0); //*DllEntry | |
| auto proc1 = ((PMEMORYMODULE) handle)->getProcAddress(((PMEMORYMODULE) handle)->modules[0], "DLLMain", NULL); | |
| auto proc = GetProcAddress((HMODULE) ((PMEMORYMODULE) handle)->modules[0], "DLLMain"); | |
| //DLLMainProc addNumber = (DLLMainProc) MemoryGetProcAddress(handle, "DLLMain"); | |
| //_tprintf(_T("From memory: %d\n"), addNumber(1, 2)); | |
| //(addNumber) (); | |
| resourceInfo = MemoryFindResource(handle, MAKEINTRESOURCE(VS_VERSION_INFO), RT_VERSION); | |
| _tprintf(_T("MemoryFindResource returned 0x%p\n"), resourceInfo); | |
| resourceSize = MemorySizeofResource(handle, resourceInfo); | |
| resourceData = MemoryLoadResource(handle, resourceInfo); | |
| _tprintf(_T("Memory resource data: %ld bytes at 0x%p\n"), resourceSize, resourceData); | |
| MemoryLoadString(handle, 1, buffer, sizeof(buffer)); | |
| _tprintf(_T("String1: %s\n"), buffer); | |
| MemoryLoadString(handle, 20, buffer, sizeof(buffer)); | |
| _tprintf(_T("String2: %s\n"), buffer); | |
| MemoryFreeLibrary(handle); | |
| exit: | |
| free(data); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment