Incompatible with UnmanagedExports about donut HOT 5 CLOSED

Mixed (native and managed) assemblies need to be executed in the PE loader rather than the CLR loader which is why AppDomain::Load_3() fails to the load the assembly. I tried to get the PE loader to run a mixed assembly by manually calling mscoree!_CorDllMain() which does execute indicating successful initialization of the .NET methods. An unmanaged export executes as expected with the correct address, but unfortunately the CLR crashes with an exception and I'm not sure why yet. Until a solution is found, I've added a check to the generator that returns an error "Mixed (native and managed) assemblies are currently unsupported."

from donut.

After a closer look at why the CLR crashes, initialization routines in _CorDllMain expect the mixed assembly to be loaded into the current process via LoadLibrary(). Donut maps the DLL manually, and is therefore not present in the PEB. To obtain runtime information from the PE header, GetModuleFileName() is called and because it receives a pointer to where the DLL is manually mapped, it returns an error: "The specified module could not be found." As a result of this, the methods inside the mixed assembly are not properly initialized and when called crash the CLR. As for how to solve all this, I'm open to suggestions.

from donut.

Labeled this as wontfix. Will leave the Issue unclosed in case somebody wants to tackle it.

from donut.

you can add the dll entry in the modules list of peb, that should fix it if its just related to peb resolving

from donut.

@0x410c I examined this problem and most of the functions try to open a file from the disk. For in-memory execution, that means you need to hook any API that opens files. If someone wants to support it, submit a pull request. We won't support it.

from donut.