DarthTon
commented
7 years ago You have to use CreateLdrRef flag when mapping, otherwise .NET JIT exceptions won't work.
Closed ashleyww93 closed 7 years ago
DarthTon
commented
7 years ago You have to use CreateLdrRef flag when mapping, otherwise .NET JIT exceptions won't work.
ashleyww93
commented
7 years ago I am using this:
blackbone::Process proc;
proc.Attach(procId);
pin_ptr<System::Byte> p = &bytes[0];
unsigned char* pby = p;
char* pch = reinterpret_cast<char*>(pby);
blackbone::eLoadFlags flags = blackbone::eLoadFlags::CreateLdrRef;
const blackbone::ModuleData* test = proc.mmap().MapImage(bytes->Length, pch, false, flags);
const char* str = (const char*)(Marshal::StringToHGlobalAnsi(exportWanted)).ToPointer();
blackbone::exportData exportD = proc.modules().GetExport(test, str);
blackbone::RemoteFunction<fnRunMe> pFN(
proc,
exportD.procAddress
);
decltype(pFN)::ReturnType result;
pFN.Call(result);And I still get the crash
Kinsageme
commented
7 years ago Funnily enough I actually need to implement Remote calling a .net function for a current project. Glad I checked the issues page, I am also getting crashes, maybe we could have an example how to do it properly?
DarthTon
commented
7 years ago CLR JIT does many sanity checks using path to image on disk, so without one it will crash.
ashleyww93
commented
7 years ago So Manual Mapping a .Net DLL from a byte array would be impossible? That's disappointing.
DarthTon
commented
7 years ago Yeap. But even if it was possible, it'd still require Loader entry and that is a terrible side effect for manual mapping.
Hi.
I'm not sure if this is related to my previous issue #146, or if I'm doing it wrong. I am using the same dll, and all it should do it open a MessageBox with a short one line message(just using this for testing)
I Manual Map the dll into another process, and then try the call like this:
the typedef is:
typedef void(NTAPI* fnRunMe)();and in .Net that looks like:Any help would be appreciated. Thanks