Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "stdafx.h"
- #include "Storage.h"
- #include "Antidump.h"
- #include <metahost.h>
- #pragma comment(lib, "MSCorEE.lib")
- #import "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.tlb" raw_interfaces_only \
- high_property_prefixes("_get","_put","_putref") \
- rename("ReportEvent", "InteropServices_ReportEvent")
- using namespace mscorlib;
- #define RAW_ASSEMBLY_LENGTH 982016
- void runNetAssembly();
- void runNetAssembly()
- {
- ICLRMetaHost* pMetaHost = NULL;
- HRESULT hr;
- /* Get ICLRMetaHost instance */
- hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_ICLRMetaHost, (VOID**)&pMetaHost);
- if (FAILED(hr))
- {
- }
- //printf("[+] CLRCreateInstance(...) succeeded\n");
- ICLRRuntimeInfo* pRuntimeInfo = NULL;
- /* Get ICLRRuntimeInfo instance */
- hr = pMetaHost->GetRuntime(L"v4.0.30319", IID_ICLRRuntimeInfo, (VOID**)&pRuntimeInfo);
- if (FAILED(hr))
- {
- }
- //printf("[+] pMetaHost->GetRuntime(...) succeeded\n");
- BOOL bLoadable;
- /* Check if the specified runtime can be loaded */
- hr = pRuntimeInfo->IsLoadable(&bLoadable);
- if (FAILED(hr) || !bLoadable)
- {
- }
- //printf("[+] pRuntimeInfo->IsLoadable(...) succeeded\n");
- ICorRuntimeHost* pRuntimeHost = NULL;
- /* Get ICorRuntimeHost instance */
- hr = pRuntimeInfo->GetInterface(CLSID_CorRuntimeHost, IID_ICorRuntimeHost, (VOID**)&pRuntimeHost);
- if (FAILED(hr))
- {
- }
- //printf("[+] pRuntimeInfo->GetInterface(...) succeeded\n");
- /* Start the CLR */
- hr = pRuntimeHost->Start();
- if (FAILED(hr))
- {
- }
- //printf("[+] pRuntimeHost->Start() succeeded\n");
- IUnknownPtr pAppDomainThunk = NULL;
- hr = pRuntimeHost->GetDefaultDomain(&pAppDomainThunk);
- if (FAILED(hr))
- {
- }
- //printf("[+] pRuntimeHost->GetDefaultDomain(...) succeeded\n");
- _AppDomainPtr pDefaultAppDomain = NULL;
- /* Equivalent of System.AppDomain.CurrentDomain in C# */
- hr = pAppDomainThunk->QueryInterface(__uuidof(_AppDomain), (VOID**)&pDefaultAppDomain);
- if (FAILED(hr))
- {
- }
- //printf("[+] pAppDomainThunk->QueryInterface(...) succeeded\n");
- _AssemblyPtr pAssembly = NULL;
- SAFEARRAYBOUND rgsabound[1];
- rgsabound[0].cElements = RAW_ASSEMBLY_LENGTH;
- rgsabound[0].lLbound = 0;
- SAFEARRAY* pSafeArray = SafeArrayCreate(VT_UI1, 1, rgsabound);
- void* pvData = NULL;
- hr = SafeArrayAccessData(pSafeArray, &pvData);
- if (FAILED(hr))
- {
- }
- //printf("[+] SafeArrayAccessData(...) succeeded\n");
- //memcpy(pvData, bytes, dwSize);
- memcpy(pvData, rawData, RAW_ASSEMBLY_LENGTH);
- hr = SafeArrayUnaccessData(pSafeArray);
- if (FAILED(hr))
- {
- }
- //printf("[+] SafeArrayUnaccessData(...) succeeded\n");
- /* Equivalent of System.AppDomain.CurrentDomain.Load(byte[] rawAssembly) */
- hr = pDefaultAppDomain->Load_3(pSafeArray, &pAssembly);
- if (FAILED(hr))
- {
- }
- //printf("[+] pDefaultAppDomain->Load_3(...) succeeded\n");
- _MethodInfoPtr pMethodInfo = NULL;
- _AssemblyNamePtr pAsmName = NULL;
- /* Assembly.EntryPoint Property */
- //auto asmPtr = &mscorlib::_Assembly::get_EntryPoint;
- hr = pAssembly->GetName(&pAsmName);
- hr = pAssembly->get_EntryPoint(&pMethodInfo);
- if (FAILED(hr))
- {
- }
- //printf("[+] pAssembly->get_EntryPoint(...) succeeded\n");
- VARIANT retVal;
- ZeroMemory(&retVal, sizeof(VARIANT));
- VARIANT obj;
- ZeroMemory(&obj, sizeof(VARIANT));
- obj.vt = VT_NULL;
- //TODO! Change cElement to the number of Main arguments
- SAFEARRAY *psaStaticMethodArgs = SafeArrayCreateVector(VT_VARIANT, 0, 0);
- /* EntryPoint.Invoke(null, new object[0]) */
- hr = pMethodInfo->Invoke_3(obj, psaStaticMethodArgs, &retVal);
- if (FAILED(hr))
- {
- MessageBox(NULL, L"Error!", L"Internal error: 00001", MB_ICONWARNING | MB_OK);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
