AppDomain.CreateInstanceFromAndUnwrap - 无法投射透明代理 [英] AppDomain.CreateInstanceFromAndUnwrap - Unable to cast transparent proxy
问题描述
我正在编写一个 .NET 库来将托管 DLL 注入外部进程.我目前的做法是:
I'm writing a .NET library to inject managed DLLs into external processes. My current approach is:
- 使用
CreateRemoteThread
强制目标进程在非托管引导 DLL 上调用LoadLibrary
.从这一点开始,我们将在目标进程中执行代码. - 然后,我的引导程序 DLL 创建 CLR 的一个实例并对其调用
ExecuteInDefaultAppDomain
,从而执行托管帮助程序 DLL 中的方法. - 此方法创建一个新的 AppDomain 并调用
AppDomain.CreateInstanceFromAndUnwrap
将执行传递到我的负载 DLL,将结果转换为IInjectionPayload
. - 这个想法是我的有效负载 DLL 公开了一个实现
IInjectionPayload
的类,因此辅助 DLL 可以简单地调用payload.Run()
.
- Use
CreateRemoteThread
to force the target process to callLoadLibrary
on an unmanaged bootstrap DLL. From this point we're executing code in the target process. - My bootstrap DLL then creates an instance of the CLR and calls
ExecuteInDefaultAppDomain
on it, which executes a method in a managed helper DLL. - This method creates a new AppDomain and calls
AppDomain.CreateInstanceFromAndUnwrap
to pass execution into my payload DLL, casting the result as anIInjectionPayload
. - The idea is that my payload DLL exposes a class which implements
IInjectionPayload
, so the helper DLL can simply callpayload.Run()
.
我这样做是为了通过简单地调用 AppDomain.Unload
(在发出清理信号后)可以完全卸载负载代码.
I'm doing it this way so that the payload code can be completely unloaded by simply calling AppDomain.Unload
(after signalling it to clean up).
这种方法有效 - 我的有效负载 DLL 中的类正在目标进程中实例化,因此代码可以被执行 - 但我无法转换由 CreateInstanceFromAndUnwrap返回的对象code> 到
IInjectionPayload
;它抛出以下异常:
This approach works - the class in my payload DLL is getting instantiated in the target process, so code can be executed - but I can't cast the object returned by CreateInstanceFromAndUnwrap
to an IInjectionPayload
; it throws the following exception:
无法将透明代理转换为类型blah.Blah.IInjectionPayload".
Unable to cast transparent proxy to type 'blah.Blah.IInjectionPayload'.
我尝试使用 CreateInstanceAndUnwrap
和 Activator.CreateInstanceFrom
后跟 Object.Unwrap
,但这两种方法也会导致相同的要抛出的异常.
I've tried using CreateInstanceAndUnwrap
, and Activator.CreateInstanceFrom
followed by Object.Unwrap
, but both of these methods also cause the same exception to be thrown.
我的payload类的签名是:
The signature of my payload class is:
公共类程序:MarshalByRefObject, IInjectionPayload
我很难过,因为有效负载 DLL 肯定正在加载并且类正在按预期进行实例化.任何帮助将不胜感激.
I'm stumped because the payload DLL is definitely getting loaded and the class is being instantiated, as intended. Any help would be much appreciated.
推荐答案
在这里找到了解决此问题的方法:http://www.west-wind.com/WebLog/posts/601200.aspx
Found the fix for this problem here: http://www.west-wind.com/WebLog/posts/601200.aspx
它看起来像是 .NET 框架中的一个错误.解决方案是向 AppDomain.CurrentDomain.AssemblyResolve
添加一个处理程序,它手动加载 &返回 args.Name
处的程序集.然后你可以调用 CreateInstanceFromAndUnwrap
而不会抛出异常.
It looks like a bug in the .NET framework. The solution is to add a handler to AppDomain.CurrentDomain.AssemblyResolve
which manually loads & returns the assembly at args.Name
. Then you can call CreateInstanceFromAndUnwrap
without it throwing an exception.
这篇关于AppDomain.CreateInstanceFromAndUnwrap - 无法投射透明代理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!