go-clr: github.com/ropnop/go-clr Index | Files

package clr

import "github.com/ropnop/go-clr"

go-clr is a PoC package that wraps Windows syscalls necessary to load and the CLR into the current process and execute a managed DLL from disk or a managed EXE from memory

Index

Package Files

appdomain.go assembly.go go-clr.go guids.go iclrmetahost.go iclrruntimehost.go iclrruntimeinfo.go icorruntimehost.go ienumunknown.go iunknown.go methodinfo.go safearray.go utils.go variant.go

Constants

const S_OK = 0x0

Variables

var (
    CLSID_CLRMetaHost   = windows.GUID{0x9280188d, 0xe8e, 0x4867, [8]byte{0xb3, 0xc, 0x7f, 0xa8, 0x38, 0x84, 0xe8, 0xde}}
    IID_ICLRMetaHost    = windows.GUID{0xD332DB9E, 0xB9B3, 0x4125, [8]byte{0x82, 0x07, 0xA1, 0x48, 0x84, 0xF5, 0x32, 0x16}}
    IID_ICLRRuntimeInfo = windows.GUID{0xBD39D1D2, 0xBA2F, 0x486a, [8]byte{0x89, 0xB0, 0xB4, 0xB0, 0xCB, 0x46, 0x68, 0x91}}

    CLSID_CLRRuntimeHost = windows.GUID{0x90F1A06E, 0x7712, 0x4762, [8]byte{0x86, 0xB5, 0x7A, 0x5E, 0xBA, 0x6B, 0xDB, 0x02}}
    IID_ICLRRuntimeHost  = windows.GUID{0x90F1A06C, 0x7712, 0x4762, [8]byte{0x86, 0xB5, 0x7A, 0x5E, 0xBA, 0x6B, 0xDB, 0x02}}

    IID_ICorRuntimeHost  = windows.GUID{0xcb2f6722, 0xab3a, 0x11d2, [8]byte{0x9c, 0x40, 0x00, 0xc0, 0x4f, 0xa3, 0x0a, 0x3e}}
    CLSID_CorRuntimeHost = windows.GUID{0xcb2f6723, 0xab3a, 0x11d2, [8]byte{0x9c, 0x40, 0x00, 0xc0, 0x4f, 0xa3, 0x0a, 0x3e}}

    IID_AppDomain = windows.GUID{0x5f696dc, 0x2b29, 0x3663, [8]uint8{0xad, 0x8b, 0xc4, 0x38, 0x9c, 0xf2, 0xa7, 0x13}}
)

func CLRCreateInstance Uses

func CLRCreateInstance(clsid, riid *windows.GUID, ppInterface *uintptr) uintptr

Wrapper for the mscorree.dll CLRCreateInstance syscall

func ExecuteByteArray Uses

func ExecuteByteArray(rawBytes []byte) (retCode int32, err error)

ExecuteByteArray is a wrapper function that will automatically load the latest supported framework into the current process using the legacy APIs, then load and execute an executable from memory. It takes in a byte array of the executable to load and run and returns the return code. It currently does not support any arguments on the entry point

func ExecuteDLLFromDisk Uses

func ExecuteDLLFromDisk(dllpath, typeName, methodName, argument string) (retCode int16, err error)

ExecuteDLLFromDisk is a wrapper function that will automatically load the latest installed CLR into the current process and execute a DLL on disk in the default app domain. It takes in the DLLPath, TypeName, MethodName and Argument to use as strings. It returns the return code from the assembly

func GetInstalledRuntimes Uses

func GetInstalledRuntimes(metahost *ICLRMetaHost) ([]string, error)

GetInstallRuntimes is a wrapper function that returns an array of installed runtimes. Requires an existing ICLRMetaHost

type AppDomain Uses

type AppDomain struct {
    // contains filtered or unexported fields
}

func GetAppDomain Uses

func GetAppDomain(runtimeHost *ICORRuntimeHost) (appDomain *AppDomain, err error)

GetAppDomain is a wrapper function that returns an appDomain from an existing ICORRuntimeHost object

func NewAppDomainFromPtr Uses

func NewAppDomainFromPtr(ppv uintptr) *AppDomain

func (*AppDomain) AddRef Uses

func (obj *AppDomain) AddRef() uintptr

func (*AppDomain) GetHashCode Uses

func (obj *AppDomain) GetHashCode() uintptr

func (*AppDomain) Load_3 Uses

func (obj *AppDomain) Load_3(pRawAssembly uintptr, asmbly *uintptr) uintptr

func (*AppDomain) QueryInterface Uses

func (obj *AppDomain) QueryInterface(riid *windows.GUID, ppvObject *uintptr) uintptr

func (*AppDomain) Release Uses

func (obj *AppDomain) Release() uintptr

type AppDomainVtbl Uses

type AppDomainVtbl struct {
    QueryInterface   uintptr
    AddRef           uintptr
    Release          uintptr
    GetTypeInfoCount uintptr
    GetTypeInfo      uintptr
    GetIDsOfNames    uintptr
    Invoke           uintptr

    Equals                    uintptr
    GetHashCode               uintptr
    GetType                   uintptr
    InitializeLifetimeService uintptr
    GetLifetimeService        uintptr

    DefineDynamicAssembly   uintptr
    DefineDynamicAssembly_2 uintptr
    DefineDynamicAssembly_3 uintptr
    DefineDynamicAssembly_4 uintptr
    DefineDynamicAssembly_5 uintptr
    DefineDynamicAssembly_6 uintptr
    DefineDynamicAssembly_7 uintptr
    DefineDynamicAssembly_8 uintptr
    DefineDynamicAssembly_9 uintptr
    CreateInstance          uintptr
    CreateInstanceFrom      uintptr
    CreateInstance_2        uintptr
    CreateInstanceFrom_2    uintptr
    CreateInstance_3        uintptr
    CreateInstanceFrom_3    uintptr
    Load                    uintptr
    Load_2                  uintptr
    Load_3                  uintptr
    Load_4                  uintptr
    Load_5                  uintptr
    Load_6                  uintptr
    Load_7                  uintptr
    ExecuteAssembly         uintptr
    ExecuteAssembly_2       uintptr
    ExecuteAssembly_3       uintptr

    GetAssemblies       uintptr
    AppendPrivatePath   uintptr
    ClearPrivatePath    uintptr
    SetShadowCopyPath   uintptr
    ClearShadowCopyPath uintptr
    SetCachePath        uintptr
    SetData             uintptr
    GetData             uintptr
    SetAppDomainPolicy  uintptr
    SetThreadPrincipal  uintptr
    SetPrincipalPolicy  uintptr
    DoCallBack          uintptr
    // contains filtered or unexported fields
}

type Assembly Uses

type Assembly struct {
    // contains filtered or unexported fields
}

func NewAssemblyFromPtr Uses

func NewAssemblyFromPtr(ppv uintptr) *Assembly

func (*Assembly) AddRef Uses

func (obj *Assembly) AddRef() uintptr

func (*Assembly) GetEntryPoint Uses

func (obj *Assembly) GetEntryPoint(pMethodInfo *uintptr) uintptr

func (*Assembly) QueryInterface Uses

func (obj *Assembly) QueryInterface(riid *windows.GUID, ppvObject *uintptr) uintptr

func (*Assembly) Release Uses

func (obj *Assembly) Release() uintptr

type AssemblyVtbl Uses

type AssemblyVtbl struct {
    QueryInterface   uintptr
    AddRef           uintptr
    Release          uintptr
    GetTypeInfoCount uintptr
    GetTypeInfo      uintptr
    GetIDsOfNames    uintptr
    Invoke           uintptr

    Equals      uintptr
    GetHashCode uintptr
    GetType     uintptr

    GetName   uintptr
    GetName_2 uintptr

    GetType_2                   uintptr
    GetType_3                   uintptr
    GetExportedTypes            uintptr
    GetTypes                    uintptr
    GetManifestResourceStream   uintptr
    GetManifestResourceStream_2 uintptr
    GetFile                     uintptr
    GetFiles                    uintptr
    GetFiles_2                  uintptr
    GetManifestResourceNames    uintptr
    GetManifestResourceInfo     uintptr

    GetCustomAttributes   uintptr
    GetCustomAttributes_2 uintptr
    IsDefined             uintptr
    GetObjectData         uintptr

    GetType_4               uintptr
    GetSatelliteAssembly    uintptr
    GetSatelliteAssembly_2  uintptr
    LoadModule              uintptr
    LoadModule_2            uintptr
    CreateInstance          uintptr
    CreateInstance_2        uintptr
    CreateInstance_3        uintptr
    GetLoadedModules        uintptr
    GetLoadedModules_2      uintptr
    GetModules              uintptr
    GetModules_2            uintptr
    GetModule               uintptr
    GetReferencedAssemblies uintptr
    // contains filtered or unexported fields
}

type ICLRMetaHost Uses

type ICLRMetaHost struct {
    // contains filtered or unexported fields
}

ICLRMetaHost Interface from metahost.h

func GetICLRMetaHost Uses

func GetICLRMetaHost() (metahost *ICLRMetaHost, err error)

GetICLRMetaHost is a wrapper function to create and return an ICLRMetahost object

func NewICLRMetaHostFromPtr Uses

func NewICLRMetaHostFromPtr(ppv uintptr) *ICLRMetaHost

NewICLRMetaHost takes a uintptr to an ICLRMetahost struct in memory. This pointer should come from the syscall CLRCreateInstance

func (*ICLRMetaHost) AddRef Uses

func (obj *ICLRMetaHost) AddRef() uintptr

func (*ICLRMetaHost) EnumerateInstalledRuntimes Uses

func (obj *ICLRMetaHost) EnumerateInstalledRuntimes(pInstalledRuntimes *uintptr) uintptr

func (*ICLRMetaHost) GetRuntime Uses

func (obj *ICLRMetaHost) GetRuntime(pwzVersion *uint16, riid *windows.GUID, pRuntimeHost *uintptr) uintptr

func (*ICLRMetaHost) Release Uses

func (obj *ICLRMetaHost) Release() uintptr

type ICLRMetaHostVtbl Uses

type ICLRMetaHostVtbl struct {
    QueryInterface                   uintptr
    AddRef                           uintptr
    Release                          uintptr
    GetRuntime                       uintptr
    GetVersionFromFile               uintptr
    EnumerateInstalledRuntimes       uintptr
    EnumerateLoadedRuntimes          uintptr
    RequestRuntimeLoadedNotification uintptr
    QueryLegacyV2RuntimeBinding      uintptr
    ExitProcess                      uintptr
}

type ICLRRuntimeHost Uses

type ICLRRuntimeHost struct {
    // contains filtered or unexported fields
}

func GetICLRRuntimeHost Uses

func GetICLRRuntimeHost(runtimeInfo *ICLRRuntimeInfo) (*ICLRRuntimeHost, error)

GetICLRRuntimeHost is a wrapper function that takes an ICLRRuntimeInfo object and returns an ICLRRuntimeHost and loads it into the current process

func NewICLRRuntimeHostFromPtr Uses

func NewICLRRuntimeHostFromPtr(ppv uintptr) *ICLRRuntimeHost

func (*ICLRRuntimeHost) AddRef Uses

func (obj *ICLRRuntimeHost) AddRef() uintptr

func (*ICLRRuntimeHost) ExecuteInDefaultAppDomain Uses

func (obj *ICLRRuntimeHost) ExecuteInDefaultAppDomain(pwzAssemblyPath, pwzTypeName, pwzMethodName, pwzArgument, pReturnValue *uint16) uintptr

func (*ICLRRuntimeHost) GetCurrentAppDomainID Uses

func (obj *ICLRRuntimeHost) GetCurrentAppDomainID(pdwAppDomainId *uint16) uintptr

func (*ICLRRuntimeHost) Release Uses

func (obj *ICLRRuntimeHost) Release() uintptr

func (*ICLRRuntimeHost) Start Uses

func (obj *ICLRRuntimeHost) Start() uintptr

type ICLRRuntimeHostVtbl Uses

type ICLRRuntimeHostVtbl struct {
    QueryInterface            uintptr
    AddRef                    uintptr
    Release                   uintptr
    Start                     uintptr
    Stop                      uintptr
    SetHostControl            uintptr
    GetCLRControl             uintptr
    UnloadAppDomain           uintptr
    ExecuteInAppDomain        uintptr
    GetCurrentAppDomainId     uintptr
    ExecuteApplication        uintptr
    ExecuteInDefaultAppDomain uintptr
}

type ICLRRuntimeInfo Uses

type ICLRRuntimeInfo struct {
    // contains filtered or unexported fields
}

func GetRuntimeInfo Uses

func GetRuntimeInfo(metahost *ICLRMetaHost, version string) (*ICLRRuntimeInfo, error)

GetRuntimeInfo is a wrapper function to return an ICLRRuntimeInfo from a standard version string

func NewICLRRuntimeInfoFromPtr Uses

func NewICLRRuntimeInfoFromPtr(ppv uintptr) *ICLRRuntimeInfo

func (*ICLRRuntimeInfo) AddRef Uses

func (obj *ICLRRuntimeInfo) AddRef() uintptr

func (*ICLRRuntimeInfo) BindAsLegacyV2Runtime Uses

func (obj *ICLRRuntimeInfo) BindAsLegacyV2Runtime() uintptr

func (*ICLRRuntimeInfo) GetInterface Uses

func (obj *ICLRRuntimeInfo) GetInterface(rclsid *windows.GUID, riid *windows.GUID, ppUnk *uintptr) uintptr

func (*ICLRRuntimeInfo) GetVersionString Uses

func (obj *ICLRRuntimeInfo) GetVersionString(pcchBuffer *uint16, pVersionstringSize *uint32) uintptr

func (*ICLRRuntimeInfo) IsLoadable Uses

func (obj *ICLRRuntimeInfo) IsLoadable(pbLoadable *bool) uintptr

func (*ICLRRuntimeInfo) Release Uses

func (obj *ICLRRuntimeInfo) Release() uintptr

type ICLRRuntimeInfoVtbl Uses

type ICLRRuntimeInfoVtbl struct {
    QueryInterface         uintptr
    AddRef                 uintptr
    Release                uintptr
    GetVersionString       uintptr
    GetRuntimeDirectory    uintptr
    IsLoaded               uintptr
    LoadErrorString        uintptr
    LoadLibrary            uintptr
    GetProcAddress         uintptr
    GetInterface           uintptr
    IsLoadable             uintptr
    SetDefaultStartupFlags uintptr
    GetDefaultStartupFlags uintptr
    BindAsLegacyV2Runtime  uintptr
    IsStarted              uintptr
}

type ICORRuntimeHost Uses

type ICORRuntimeHost struct {
    // contains filtered or unexported fields
}

func GetICORRuntimeHost Uses

func GetICORRuntimeHost(runtimeInfo *ICLRRuntimeInfo) (*ICORRuntimeHost, error)

GetICORRuntimeHost is a wrapper function that takes in an ICLRRuntimeInfo and returns an ICORRuntimeHost object and loads it into the current process. This is the "deprecated" API, but the only way currently to load an assembly from memory (afaict)

func NewICORRuntimeHostFromPtr Uses

func NewICORRuntimeHostFromPtr(ppv uintptr) *ICORRuntimeHost

func (*ICORRuntimeHost) AddRef Uses

func (obj *ICORRuntimeHost) AddRef() uintptr

func (*ICORRuntimeHost) GetDefaultDomain Uses

func (obj *ICORRuntimeHost) GetDefaultDomain(pAppDomain *uintptr) uintptr

func (*ICORRuntimeHost) Release Uses

func (obj *ICORRuntimeHost) Release() uintptr

func (*ICORRuntimeHost) Start Uses

func (obj *ICORRuntimeHost) Start() uintptr

type ICORRuntimeHostVtbl Uses

type ICORRuntimeHostVtbl struct {
    QueryInterface                uintptr
    AddRef                        uintptr
    Release                       uintptr
    CreateLogicalThreadState      uintptr
    DeleteLogicalThreadState      uintptr
    SwitchInLogicalThreadState    uintptr
    SwitchOutLogicalThreadState   uintptr
    LocksHeldByLogicalThreadState uintptr
    MapFile                       uintptr
    GetConfiguration              uintptr
    Start                         uintptr
    Stop                          uintptr
    CreateDomain                  uintptr
    GetDefaultDomain              uintptr
    EnumDomains                   uintptr
    NextDomain                    uintptr
    CloseEnum                     uintptr
    CreateDomainEx                uintptr
    CreateDomainSetup             uintptr
    CreateEvidence                uintptr
    UnloadDomain                  uintptr
    CurrentDomain                 uintptr
}

type IEnumUnknown Uses

type IEnumUnknown struct {
    // contains filtered or unexported fields
}

func NewIEnumUnknownFromPtr Uses

func NewIEnumUnknownFromPtr(ppv uintptr) *IEnumUnknown

func (*IEnumUnknown) AddRef Uses

func (obj *IEnumUnknown) AddRef() uintptr

func (*IEnumUnknown) Next Uses

func (obj *IEnumUnknown) Next(celt uint32, pEnumRuntime *uintptr, pCeltFetched *uint32) uintptr

func (*IEnumUnknown) Release Uses

func (obj *IEnumUnknown) Release() uintptr

type IEnumUnknownVtbl Uses

type IEnumUnknownVtbl struct {
    QueryInterface uintptr
    AddRef         uintptr
    Release        uintptr
    Next           uintptr
    Skip           uintptr
    Reset          uintptr
    Clone          uintptr
}

type IUnknown Uses

type IUnknown struct {
    // contains filtered or unexported fields
}

func NewIUnknownFromPtr Uses

func NewIUnknownFromPtr(ppv uintptr) *IUnknown

func (*IUnknown) AddRef Uses

func (obj *IUnknown) AddRef() uintptr

func (*IUnknown) QueryInterface Uses

func (obj *IUnknown) QueryInterface(riid *windows.GUID, ppvObject *uintptr) uintptr

func (*IUnknown) Release Uses

func (obj *IUnknown) Release() uintptr

type IUnknownVtbl Uses

type IUnknownVtbl struct {
    QueryInterface uintptr
    AddRef         uintptr
    Release        uintptr
}

type MethodInfo Uses

type MethodInfo struct {
    // contains filtered or unexported fields
}

func NewMethodInfoFromPtr Uses

func NewMethodInfoFromPtr(ppv uintptr) *MethodInfo

func (*MethodInfo) AddRef Uses

func (obj *MethodInfo) AddRef() uintptr

func (*MethodInfo) GetType Uses

func (obj *MethodInfo) GetType(pRetVal *uintptr) uintptr

func (*MethodInfo) Invoke_3 Uses

func (obj *MethodInfo) Invoke_3(variantObj Variant, parameters uintptr, pRetVal *uintptr) uintptr

func (*MethodInfo) QueryInterface Uses

func (obj *MethodInfo) QueryInterface(riid *windows.GUID, ppvObject *uintptr) uintptr

func (*MethodInfo) Release Uses

func (obj *MethodInfo) Release() uintptr

type MethodInfoVtbl Uses

type MethodInfoVtbl struct {
    QueryInterface   uintptr
    AddRef           uintptr
    Release          uintptr
    GetTypeInfoCount uintptr
    GetTypeInfo      uintptr
    GetIDsOfNames    uintptr
    Invoke           uintptr

    Equals      uintptr
    GetHashCode uintptr
    GetType     uintptr

    GetCustomAttributes          uintptr
    GetCustomAttributes_2        uintptr
    IsDefined                    uintptr
    GetParameters                uintptr
    GetMethodImplementationFlags uintptr

    Invoke_2 uintptr

    Invoke_3 uintptr

    GetBaseDefinition uintptr
    // contains filtered or unexported fields
}

type SafeArray Uses

type SafeArray struct {
    // contains filtered or unexported fields
}

func CreateSafeArray Uses

func CreateSafeArray(rawBytes []byte) (SafeArray, error)

CreateSafeArray is a wrapper function that takes in a Go byte array and creates a SafeArray by making two syscalls and copying raw memory into the correct spot.

type SafeArrayBound Uses

type SafeArrayBound struct {
    // contains filtered or unexported fields
}

type Variant Uses

type Variant struct {
    VT  uint16 // VARTYPE

    Val uintptr
    // contains filtered or unexported fields
}

func NewVariantFromPtr Uses

func NewVariantFromPtr(ppv uintptr) *Variant

Package clr imports 7 packages (graph). Updated 2020-03-16 with GOOS=windows. Refresh now. Tools for package owners.