Hello.
I was screwing around a bit with the exe-files produced by .Net
Compilers and trying to understand how they work... so i ended up at the
6 Byte stub, which calls the _CorExeMain in mscoree.dll ... so i thought
"Hey, thats how it tells the Framework, that it shall load it as .Net
programm...". So i build some native code into it which should have been
executed before the .Net programm itself gets loaded. Trying that on a
XP-Machine, i realized, that it did not work quite the way i expected it
to. So after some research i found out, that it would possibly work on
any other system than XP, because of the executable-loader, which was
designed with .Net in mind. So the XP executable-loader does realize by
himself that the programm is designed for .Net and it becomes loaded
immediatly, without the native code in it being executed. Also i read,
that the loader knows that by reading the 14. directory in the
PE-Header, and thinks it is .Net, when the 14. directory exists and is
not 0. So i tried to replace both the offset and size in the 14.dir.
with 0 and my native code got loaded.... but then the .Net-Part of the
programm did not get loaded, so i was pretty much staring at my screen
and not knowing what to do then. So i finally end up here and ask the
question: Is there actually a way to burry my native code in a .Net
programm and have both of the code loaded (.Net AND native) ?
Thanks in advance,
Daniel
7  1521 
"Daniel Dünker" <dd******@uni-koblenz.de> wrote in message
news:dq******** **@cache.uni-koblenz.de... So i finally end up here and ask the question: Is there actually a way to
burry my native code in a .Net programm and have both of the code loaded
(.Net AND native) ?
Both Managed C++ (VS2003) and C++/CLI (VS2005) allow you to mix native and
managed code in the same executable. In fact you can mix modes in the same
module.
As far as I know, there is no other .Net language of MS that allows you to
do that.
Regards,
Will
On Sat, 14 Jan 2006 01:17:05 +0100, Daniel Dünker
<dd******@uni-koblenz.de> wrote: So i finally end up here and ask the
question: Is there actually a way to burry my native code in a .Net
programm and have both of the code loaded (.Net AND native) ?
William has given a very good answer. For a more hacker-type answer
just put something on the end of your native code to start off the
..NET code.
rossum
--
The ultimate truth is that there is no ultimate truth
William DePalo [MVP VC++] wrote: "Daniel Dünker" <dd******@uni-koblenz.de> wrote in message
news:dq******** **@cache.uni-koblenz.de...
So i finally end up here and ask the question: Is there actually a way to
burry my native code in a .Net programm and have both of the code loaded
(.Net AND native) ?
Both Managed C++ (VS2003) and C++/CLI (VS2005) allow you to mix native and
managed code in the same executable. In fact you can mix modes in the same
module.
As far as I know, there is no other .Net language of MS that allows you to
do that.
Regards,
Will
My intention was to to alter the executable after compilation, because
the compiler leaves some space in which i could burry lots of native
code after the 6 byte stub which loads the mscoree.dll
-Daniel
"Daniel Dünker" <dd******@uni-koblenz.de> wrote in message
news:dq******** **@cache.uni-koblenz.de... My intention was to to alter the executable after compilation, because the
compiler leaves some space in which i could burry lots of native code
after the 6 byte stub which loads the mscoree.dll
Why do you feel the ned to resort to hackery?
Regards,
Will
Daniel Dünker wrote: Hello.
the executable-loader, which was designed with .Net in mind. So the
XP executable-loader does realize by himself that the programm is
designed for .Net and it becomes loaded immediatly, without the
native code in it being executed. Also i read, that the loader knows
that by reading the 14. directory in the PE-Header, and thinks it is
.Net, when the 14. directory exists and is not 0. So i tried to
Yup location 14 is the 'COM Descriptor Directory' which actually means
that the file is managed, you get the table pointed to by this directory
with dumpbin /clrheader.
replace both the offset and size in the 14.dir. with 0 and my native
code got loaded.... but then the .Net-Part of the programm did not
get loaded, so i was pretty much staring at my screen and not knowing
what to do then.
Naughty. You have become a virus by injecting your own code into the
process. It is for this very reason that on XP and later the unmanaged
entry point is not used. When a managed file is loaded there is no way
that native code will be run outside of .NET security.
So i finally end up here and ask the question: Is
there actually a way to burry my native code in a .Net programm and
have both of the code loaded (.Net AND native) ?
Not really. You could write your own host, but that will mean that your
users will have to run your host process instead of the process you are
trying to hijack. If the assembly calls native code through managed C++
IJW it is possible for you to change the address held in metadata to
point to your code, but any code that runs IJW must have code access
security full trust.
If an assembly has a strong name then as a side affect the hash of the
assembly is checked against the strong name and this will detect any
alterations you have done to the metadata (however on 1.0 and 1.1 it is
possible to further alter an assembly to prevent this check).
Richard
--
Fusion Tutorial: http://www.grimes.demon.co.uk/workshops/fusionWS.htm
Security Tutorial: http://www.grimes.demon.co.uk/workshops/securityWS.htm
William DePalo [MVP VC++] wrote: "Daniel Dünker" <dd******@uni-koblenz.de> wrote in message
news:dq******** **@cache.uni-koblenz.de...
My intention was to to alter the executable after compilation, because the
compiler leaves some space in which i could burry lots of native code
after the 6 byte stub which loads the mscoree.dll
Why do you feel the ned to resort to hackery?
Regards,
Will
Well, i saw all the free space in it, and wondered, if it could be of
any use :)
-Daniel
Richard Grimes wrote: Daniel Dünker wrote:
Hello.
the executable-loader, which was designed with .Net in mind. So the
XP executable-loader does realize by himself that the programm is
designed for .Net and it becomes loaded immediatly, without the
native code in it being executed. Also i read, that the loader knows
that by reading the 14. directory in the PE-Header, and thinks it is
.Net, when the 14. directory exists and is not 0. So i tried to
Yup location 14 is the 'COM Descriptor Directory' which actually means
that the file is managed, you get the table pointed to by this directory
with dumpbin /clrheader.
replace both the offset and size in the 14.dir. with 0 and my native
code got loaded.... but then the .Net-Part of the programm did not
get loaded, so i was pretty much staring at my screen and not knowing
what to do then.
Naughty. You have become a virus by injecting your own code into the
process. It is for this very reason that on XP and later the unmanaged
entry point is not used. When a managed file is loaded there is no way
that native code will be run outside of .NET security.
So i finally end up here and ask the question: Is
there actually a way to burry my native code in a .Net programm and
have both of the code loaded (.Net AND native) ?
Not really. You could write your own host, but that will mean that your
users will have to run your host process instead of the process you are
trying to hijack. If the assembly calls native code through managed C++
IJW it is possible for you to change the address held in metadata to
point to your code, but any code that runs IJW must have code access
security full trust.
If an assembly has a strong name then as a side affect the hash of the
assembly is checked against the strong name and this will detect any
alterations you have done to the metadata (however on 1.0 and 1.1 it is
possible to further alter an assembly to prevent this check).
Richard
Wow, thats quite a satisying answer. Thanks for the work you had with
this one. Sad, that all this space seems to be wasted. Also it seems,
that because of the things you mentioned the usual executable packers
are not able to get rid of this waste...
Thank you very much for your answer
-Daniel This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Jacky Luk |
last post by:
Can .NET Version 2002 produce win32 native code?
I'm engaged to a Direct3D project that requires win32
Thanks
Jack
|
by: Andy Chau |
last post by:
Is there a .NET or C# to native x86 compiler? I am not looking for just a
prejitter progrom like ngen, but a true native compiler like the gcc for
java if there is such a thing.
Thanks
Andy
|
by: Dan |
last post by:
Hi Gurus
I got a very basic question to ask:
When a .NET exe (MSIL) is first run, the JIT-compiler will converts the IL
into native codes so that it can executes on the current machine. my
question is:
1) where does the native codes reside? is it saved somewhere in the hard
drive or it will only resides in the memory? or does the JIT compiler writes
|
by: Vishuonline |
last post by:
Hi Folks,
I have search on search engines for previous dicsussions dealing with this..
but didnt find em any useful... so here I am..
I am having a .NET (BV.NET) application. I am calling a managed dll(C#),
which inturn is calling a native dll (c++). OK. Now in the VB.NET
application, I also add the project of C3(dll). Now while debugging the
VB.NET app, I can step into the source code of c#(dll). But whent he c#
code(dll) calls the...
|
by: Russ Ferrill |
last post by:
I have a C# application in which I need to add one Active Directory group as
a member of another group. I have tried using the same steps that work for
adding a user to a group, but that isn't working. I'm just adding the
distinguished name of one group to the member property of another. Either
I'm missing something or there must be a better way. All suggestions
welcome.
Thanks!
Russ
| | |
by: vishuonline |
last post by:
Hi Folks,
I have searched on search engines for previous dicsussions dealing with
this.. but didnt find em any useful... so here I am..
I am having a .NET (BV.NET) application in which I am calling a managed
dll(C#), which inturn is calling a native dll (c++). OK. Now in the
VB.NET application's project, I add the project of C#(dll). Now while
debugging the VB.NET app, I can step into the source code of c#(dll).
But when the c#...
|
by: Xavi Sam |
last post by:
Hi
When I build my asp.net application the ASP.NET generates a net.assembly by
page in the directory of my pc:
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
Theese assemblies to be executed must be tranlated to native code, the
question is: Which is the time of live of the native assemblies? It is
possible to configure the time? Are they storaged in some directory in my
PC?
|
by: Lonewolf |
last post by:
Hi all,
I'm having difficulties passing data back to managed class from my
native class when the data is generated from within a native thread in
the native class itself. I will give the following runtime error,
" Attempting to call into managed code without transitioning out first.
Do not attempt to run managed code inside low-level native
extensibility points, such as the vectored exception handler, since
doing so can cause corruption...
|
by: Reini |
last post by:
We are developing an Asp.Net 2.0 application (Web Administration) for the IIS
5.0 to 6.0 and the W2K to W2K3 operating system. The application consists of
several layers. One layer is a .Net 2.0 Classlibrary (DxuCoreClr.dll) written
in managed C++, that is encapsulating several native Api's in form of native
Win32 dlls (i.e. dxldaputils.dll). The Classlibrary and the native dlls are
installed to the bin directory of the Asp.Net 2.0...
|
by: Dave Calkins |
last post by:
I'm wriiting an MFC C++ application which uses a third party C# .NET API via
a DLL. The app runs fine. If I add a new, empty C++ class, and compile/link
it refuses to run, complaining about not being able to load an assembly.
Removing the class from the project and doing a rebuild all gets it working
again. Its as though I've hit a threshold? Any ideas?
- I'm using Visual Studio 2005
- Although my code is MFC native C++, the third...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| | |
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
