Closed ashleyww93 closed 7 years ago
You have to use CreateLdrRef flag when mapping, otherwise .NET JIT exceptions won't work.
I am using this:
blackbone::Process proc;
proc.Attach(procId);
pin_ptr<System::Byte> p = &bytes[0];
unsigned char* pby = p;
char* pch = reinterpret_cast<char*>(pby);
blackbone::eLoadFlags flags = blackbone::eLoadFlags::CreateLdrRef;
const blackbone::ModuleData* test = proc.mmap().MapImage(bytes->Length, pch, false, flags);
const char* str = (const char*)(Marshal::StringToHGlobalAnsi(exportWanted)).ToPointer();
blackbone::exportData exportD = proc.modules().GetExport(test, str);
blackbone::RemoteFunction<fnRunMe> pFN(
proc,
exportD.procAddress
);
decltype(pFN)::ReturnType result;
pFN.Call(result);
And I still get the crash
Funnily enough I actually need to implement Remote calling a .net function for a current project. Glad I checked the issues page, I am also getting crashes, maybe we could have an example how to do it properly?
CLR JIT does many sanity checks using path to image on disk, so without one it will crash.
So Manual Mapping a .Net DLL from a byte array would be impossible? That's disappointing.
Yeap. But even if it was possible, it'd still require Loader entry and that is a terrible side effect for manual mapping.
Hi.
I'm not sure if this is related to my previous issue #146, or if I'm doing it wrong. I am using the same dll, and all it should do it open a MessageBox with a short one line message(just using this for testing)
I Manual Map the dll into another process, and then try the call like this:
the typedef is:
typedef void(NTAPI* fnRunMe)();
and in .Net that looks like:Any help would be appreciated. Thanks