Inject C# dll from memory instead of from a file

[chico-depressive]

hi, it is possible to run managed dll from memory rather than from file? just like stephwn fewer reflective injector?

[ChadSki]

I'm not familiar with stephwn reflective injector, can you link me?

SharpNeedle invokes the managed dll using the ICLRRuntimeHost::ExecuteInDefaultAppDomain method, and the dll argument is LPCWSTR pwzAssemblyPath which has to be a path.

[chico-depressive]

@ChadSki I was looking for something like this: https://github.com/stephenfewer/ReflectiveDLLInjection

but for managed dlls, do you think it is possible?

[CoderReece]

You could always make the injected native dll write the c# dll to file. That seems to work fine for me.

Although my solution seems more like its solving #2

[abevol]

I think it is possible by injecting a fake managed DLL and then loading the managed code in memory via Assembly.Load(assemblyBytes).

[marcussacana]

What about use mono runtime instead, it was exports to load assembly from memory (mono_image_open_from_data_with_name) and invoke methods manually.

[abevol]

What about use mono runtime instead, it was exports to load assembly from memory (mono_image_open_from_data_with_name) and invoke methods manually.

You need to inject the mono runtime first. In fact, this is no different from injecting regular managed code. Regular .net programs can also load managed code in memory.

[marcussacana]

Obvious, this project works as well by injecting a dll in the target process and starting the CLR to invoke the ExecuteInDefaultAppDomain. I don't know if the CLR allows you load a assembly from memory using C++ but I'm aware that the mono can do it, since I already did in another project.