Using the loader with a custom runtime

  • Thread starter Thread starter Kornél Pál
  • Start date Start date
K

Kornél Pál

Hi,

There are different Common Language Infrastructure implementations in
addition to Microsoft .NET Framework. Examples include Mono,
Portable.NET, Rotor, VMKit, Parrot, ILDJIT, etc.

I would like to use test my software with other implementations as well.

One of the unique features of .NET Framework is that it integrates with
the loader component of the operating system that results in improved
security.

When creating a process form a managed executable the operating system
(Windows XP and later) directly calls mscoree.dll without usual import
address table and entry point resolving. This means that
_CorValidateImage is called after the image is mapped and if that
succeeds _CorExeMain is called regardless of the entry point specified
in the executable.

This integration prevents me from using usual DLL/function redirection
techniques for loading an alternate runtime.

By replacing mscoree.dll I could take advantage of the loader
integration but I don't want to do this as it would make me unable to
use Microsoft .NET Framework.

I could detour mscoree.dll for processes I want to run using an
alternative runtime. When I use CreateProcess with CREATE_SUSPENDED I am
able to modify memory and/or execute code in the remote process but that
is pretty much useless because the loader is not optimized yet. I can't
even use CreateRemoteThread that would initialize the loader because the
loader initialization code calls _CorExeMain without calling process or
thread entry point function and Microsoft .NET Framework is loaded to
the new process.

I would appreciate your help in creating a managed process using a
custom runtime.

Thanks.

Best regards,
Kornél Pál
 
Hello Korn¨¦l,

Thanks for using Microsoft Newsgroup Support Service, my name is Ji Zhou
[MSFT] and I will be working on this issue with you.

From your description, I think the demand is that we are trying to use .NET
Framework runtime loader mscroee.dll to load another CLI implementation. If
my understanding is not correct, please feel free to let me know.

As far as I know, the .NET mscoree.dll integrates tightly with the .NET
Framework runtime. It can only specify a version of .NET Framework runtime,
but not load another custom CLI implementation. Therefore, in my opinion,
this objective may not be achievable. Based on my experience with Rotor, it
has its own implementation of the runtime shim which knows how to load its
Rotor CLI implementation. Actually, I think each of the CLI implementation
should provide its own runtime shim. So personally speaking, loading custom
runtime using .NET mscoree does not make sense to me.
Yes, I sympathize. Many runtimes does not provide some parts of .NET
Framework, like ADO.NET, WinForm, or provide a different implementation. So
when we use that part of .NET assemblies, our application may fail upon
other runtimes. Currently, we can only test the applications use the common
functions of these runtimes.

By the way, running .NET application upon another third-party CLI
implementation runtime is not supported by Microsoft Support Service.
Thanks for your understanding on this because there are too much third
party runtimes with different implementations.


Best regards,
Ji Zhou ([email protected], remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thank you for your response.

I know that running managed code using non-Microsoft runtimes is not
supported and don't need that kind of support.

Note that the only thing I want is to integrate a custom CLI runtime
with the loader component (located in ntdll.dll) of the Windows
operating system with a custom runtime. The loader integrates the CLR by
calling the _CorValidateImage, _CorExeMain and _CorImageUnloading
functions of mscoree.dll. These functions are documented in MSDN
Library. I believe this is documented because .NET Framework is not a
component of Windows XP while the two communicate using this protocol.

My problem is that the loader is using mscoree.dll from the system32
directory.

I could solve the problem by replacing mscoree.dll with my own
implementation and the operating system would interact properly with my
implementation. (I've actually tried this.)

I however don't want to replace the stock mscoree.dll because it is
required by Microsoft .NET Framework and I wouldn't be able to use
Microsft .NET Framework on that machine in any process. Furthermore it
is an operating system component in Windows Vista that makes it even
more difficult to replace.

I just want to create some processes using .NET Framework and some other
processes using other runtimes.

I hope now my explanation was better.

What I am looking for is

a) either a hooking mechanism that would let me detour (not necessarily
using Microsoft Detours) _CorValidateImage and _CorExeMain before they
were called

b) or somehow communicate Microsoft mscoree.dll to use my own runtime
implementation.

Kornél Pál
Hello Kornél,

Thanks for using Microsoft Newsgroup Support Service, my name is Ji Zhou
[MSFT] and I will be working on this issue with you.

From your description, I think the demand is that we are trying to use .NET
Framework runtime loader mscroee.dll to load another CLI implementation. If
my understanding is not correct, please feel free to let me know.

As far as I know, the .NET mscoree.dll integrates tightly with the .NET
Framework runtime. It can only specify a version of .NET Framework runtime,
but not load another custom CLI implementation. Therefore, in my opinion,
this objective may not be achievable. Based on my experience with Rotor, it
has its own implementation of the runtime shim which knows how to load its
Rotor CLI implementation. Actually, I think each of the CLI implementation
should provide its own runtime shim. So personally speaking, loading custom
runtime using .NET mscoree does not make sense to me.
Yes, I sympathize. Many runtimes does not provide some parts of .NET
Framework, like ADO.NET, WinForm, or provide a different implementation. So
when we use that part of .NET assemblies, our application may fail upon
other runtimes. Currently, we can only test the applications use the common
functions of these runtimes.

By the way, running .NET application upon another third-party CLI
implementation runtime is not supported by Microsoft Support Service.
Thanks for your understanding on this because there are too much third
party runtimes with different implementations.


Best regards,
Ji Zhou ([email protected], remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Hello Kornel,

Glad to hear again from you. How was your Christmas and New Year? Hope my
greetings not to late: wish you always good luck in the 2009!

Yes, I can understand your points and I intend to help. However, my opinion
is still the same,

b). We can only let the Microsoft mscoree.dll bind to different CLR
versions instead of custom CLI implementation. We document the
_CorValidateImage and _CorExeMain as references for others to write the
custom shim, as you already achieved to do. There are some information
regarding to this in MSDN,
http://msdn.microsoft.com/en-us/magazine/cc163567.aspx
http://msdn.microsoft.com/en-us/magazine/cc301479.aspx

a). At least the Detour and API hook should not be a topic in this
dotnet.framework queue. And honestly speaking, I did not have experience
with Detou before. But based on my understanding, every CLI runtime should
already provide a corresponding integrated runtime shim like mscoree.dll.
So I am not sure if it is a good idea and should be encouraged to hook
functions in the Microsoft mscoree.dll to make it load custom runtime. That
should not be as per the original design specs.

At this time, all that I can help is consulting this in some internal
discussion groups, in which there are many experts on CLR and Detour. Wish
we can get any suggestion or idea from them. If any, I will update you
immediately. Thank you very much for your understanding.


Best regards,
Colbert Zhou ([email protected], remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
 
Hello Kornel,

I got some suggestions from the internal Detour Discussion as follows.

At the point that you has called CreateProcess with the CREATE_SUSPENDED
flag, you can edit the PE header and imports table of the target .exe in
the target process so that

1) the Windows loader doesn't immediately recognize the PE as a CLR PE
2) modify the imports to bring in whatever runtime you want.

You can look at the DetourCreateProcesssWithDll code in Detours Express 2.1
for an example of how that might be done. You can download the Detours
Express 2.1 from this link
http://research.microsoft.com/en-us/projects/detours/


Best regards,
Colbert Zhou ([email protected], remove 'online.')
Microsoft Online Community Support

Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thank you very much for this solution. Unfortunately the license terms
of Detours don't fit my needs and I'm not willing to purchase the
professional version for this sample but the idea of modifying the PE
header not to be a CLR PE perfectly fits my needs.

Thank you very much again.

Kornél
 
Glad to hear that the suggestion addresses your requirement. So I am
closing this thread in my side. Thanks again for using our Newsgroup Online
Support and Service.

Good day!

Best regards,
Colbert Zhou ([email protected], remove 'online.')
Microsoft Online Community Support
 
Back
Top