[General] CLR hosting without the dll? menu
Follow us:

Shout-Out

User Tag List

Page 3 of 3 FirstFirst 123
Results 31 to 35 of 35
  1. 05-04-2011 #31
    _Mike's Avatar
    _Mike
    _Mike is offline
    Contributor
    Reputation
    310
    Join Date
    Apr 2008
    Posts
    531
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Cypher View Post
    Did you ever get your cross-architecture injection code working without requiring patching of the system DLLs in memory?
    Only for small code pieces, and dlls which only called ntdll APIs.
    Patching ntdll is required to load kernel32, the loader does a string match on the file name.
    But I gave up when I couldn't get SEH working. To many things in the crt depend on it.
    And 32bit and 64bit share VEHs, unless I did something wrong when trying to use them.
    Reply With Quote Reply With Quote
    [General] CLR hosting without the dll?
  2. 05-04-2011 #32
    Cypher's Avatar
    Cypher
    Cypher is offline
    Kynox's Sister's Pimp
    Reputation
    1358
    Join Date
    Apr 2006
    Posts
    5,368
    Thanks G/R
    0/6
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by _Mike View Post
    Only for small code pieces, and dlls which only called ntdll APIs.
    Patching ntdll is required to load kernel32, the loader does a string match on the file name.
    But I gave up when I couldn't get SEH working. To many things in the crt depend on it.
    And 32bit and 64bit share VEHs, unless I did something wrong when trying to use them.
    They share VEHs? Now THAT is interesting...
    My Website | HadesMem Project Page

    Reply With Quote Reply With Quote
  3. 05-04-2011 #33
    _Mike's Avatar
    _Mike
    _Mike is offline
    Contributor
    Reputation
    310
    Join Date
    Apr 2008
    Posts
    531
    Thanks G/R
    0/2
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally Posted by Cypher View Post
    They share VEHs? Now THAT is interesting...
    I have to do some more tests so I can't say for sure yet, but I think it should be possible to install a 64bit VEH at an address above 2^32 and it would be completely untouchable by warden. Then get a popular public hack to use the method and warden guy would be forced to go 64bit as well which would be interesting to see
    Reply With Quote Reply With Quote
  4. 05-05-2011 #34
    amadmonk's Avatar
    amadmonk
    amadmonk is offline
    Active Member
    Reputation
    124
    Join Date
    Apr 2008
    Posts
    772
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    FYI, I run managed code from a VEH callback every frame. I'd be curious to see what the restriction is; I'm sure that it's non-standard behavior, but *shrug* it seems to work for me.

    Code:
    LONG WINAPI ExceptionHandler(PEXCEPTION_POINTERS ExInfo)
{	
	if (ExInfo && ExInfo->ExceptionRecord && ExInfo->ContextRecord)
	{			
		if (((ExInfo->ContextRecord->Dr6 & 1) == 1) || ((ExInfo->ContextRecord->Dr6 & 2) == 2) || ((ExInfo->ContextRecord->Dr6 & 4) == 4) || ((ExInfo->ContextRecord->Dr6 & 8) == 8))
		{			
			ExInfo->ContextRecord->Dr6 &= ~0xF; // have to disable the bits manually
			if (ExInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP && ExInfo->ExceptionRecord->ExceptionAddress == GetRebasedAddress<PVOID>(CGGameUI__OnTerrainClick))
			{				
				ExInfo->ContextRecord->EFlags |= 0x10000; // set the resume flag so we don't loop forever
				ExInfo->ContextRecord->EFlags &= ~0x100; // turn off single-step flag (just in case!)

				float *pClickStruct = *(float **)(ExInfo->ContextRecord->Esp + 4);

				msclr::call_in_appdomain(dwDefaultAppDomainId, &UnmanagedNotifyManagedCodeOfClick, pClickStruct[2], pClickStruct[3], pClickStruct[4]);
    PS: yes, I know, fugly code. I don't care ... it works, and I never have to touch it, so it never gets refactored.
    Don't believe everything you think.
    Reply With Quote Reply With Quote
  5. 05-05-2011 #35
    caytchen's Avatar
    caytchen
    caytchen is offline
    Contributor
    Reputation
    138
    Join Date
    Apr 2007
    Posts
    162
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Huh? Thats very cool. I tried to get managed VEH a dozen ways but reentrancy MDA always got me.
    Reply With Quote Reply With Quote
Page 3 of 3 FirstFirst 123
« Previous Thread | Next Thread »

Similar Threads

  1. [C#][.NET 4.0][DLL INJECTION] CLR Hosting in Native Process
    By rlane187 in forum Programming
    Replies: 1
    Last Post: 01-19-2012, 03:14 AM
  2. Flying Mount - Fly without the animation
    By User in forum World of Warcraft Exploits
    Replies: 11
    Last Post: 06-22-2007, 09:38 PM
  3. Undead > BloodElf without the UD facial features!
    By drewdo in forum World of Warcraft Model Editing
    Replies: 9
    Last Post: 05-30-2007, 12:35 PM
  4. Start WoW without the News
    By shattered.ice in forum World of Warcraft Guides
    Replies: 7
    Last Post: 10-27-2006, 04:42 PM
All times are GMT -5. The time now is 09:54 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication (Free) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search