AppDomain.CreateInstanceFromAndUnwrap - 无法投射透明代理 [英] AppDomain.CreateInstanceFromAndUnwrap - Unable to cast transparent proxy

问题描述

我正在编写一个 .NET 库来将托管 DLL 注入外部进程.我目前的做法是:

I'm writing a .NET library to inject managed DLLs into external processes. My current approach is:

1. 使用 CreateRemoteThread 强制目标进程在非托管引导 DLL 上调用 LoadLibrary.从这一点开始，我们将在目标进程中执行代码.
2. 然后，我的引导程序 DLL 创建 CLR 的一个实例并对其调用 ExecuteInDefaultAppDomain，从而执行托管帮助程序 DLL 中的方法.
3. 此方法创建一个新的 AppDomain 并调用 AppDomain.CreateInstanceFromAndUnwrap 将执行传递到我的负载 DLL，将结果转换为 IInjectionPayload.
4. 这个想法是我的有效负载 DLL 公开了一个实现 IInjectionPayload 的类，因此辅助 DLL 可以简单地调用 payload.Run().

1. Use CreateRemoteThread to force the target process to call LoadLibrary on an unmanaged bootstrap DLL. From this point we're executing code in the target process.
2. My bootstrap DLL then creates an instance of the CLR and calls ExecuteInDefaultAppDomain on it, which executes a method in a managed helper DLL.
3. This method creates a new AppDomain and calls AppDomain.CreateInstanceFromAndUnwrap to pass execution into my payload DLL, casting the result as an IInjectionPayload.
4. The idea is that my payload DLL exposes a class which implements IInjectionPayload, so the helper DLL can simply call payload.Run().

我这样做是为了通过简单地调用 AppDomain.Unload(在发出清理信号后)可以完全卸载负载代码.

I'm doing it this way so that the payload code can be completely unloaded by simply calling AppDomain.Unload (after signalling it to clean up).

这种方法有效 - 我的有效负载 DLL 中的类正在目标进程中实例化，因此代码可以被执行 - 但我无法转换由 CreateInstanceFromAndUnwrap 到 IInjectionPayload;它抛出以下异常:

This approach works - the class in my payload DLL is getting instantiated in the target process, so code can be executed - but I can't cast the object returned by CreateInstanceFromAndUnwrap to an IInjectionPayload; it throws the following exception:

无法将透明代理转换为类型blah.Blah.IInjectionPayload".

Unable to cast transparent proxy to type 'blah.Blah.IInjectionPayload'.

我尝试使用 CreateInstanceAndUnwrap 和 Activator.CreateInstanceFrom 后跟 Object.Unwrap，但这两种方法也会导致相同的要抛出的异常.

I've tried using CreateInstanceAndUnwrap, and Activator.CreateInstanceFrom followed by Object.Unwrap, but both of these methods also cause the same exception to be thrown.

我的payload类的签名是:

The signature of my payload class is:

公共类程序:MarshalByRefObject, IInjectionPayload

我很难过，因为有效负载 DLL 肯定正在加载并且类正在按预期进行实例化.任何帮助将不胜感激.

I'm stumped because the payload DLL is definitely getting loaded and the class is being instantiated, as intended. Any help would be much appreciated.

推荐答案

在这里找到了解决此问题的方法:http://www.west-wind.com/WebLog/posts/601200.aspx

Found the fix for this problem here: http://www.west-wind.com/WebLog/posts/601200.aspx

它看起来像是 .NET 框架中的一个错误.解决方案是向 AppDomain.CurrentDomain.AssemblyResolve 添加一个处理程序，它手动加载 &返回 args.Name 处的程序集.然后你可以调用 CreateInstanceFromAndUnwrap 而不会抛出异常.

It looks like a bug in the .NET framework. The solution is to add a handler to AppDomain.CurrentDomain.AssemblyResolve which manually loads & returns the assembly at args.Name. Then you can call CreateInstanceFromAndUnwrap without it throwing an exception.

这篇关于AppDomain.CreateInstanceFromAndUnwrap - 无法投射透明代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！