Doesn't work with most tools (.NET Assemblies?)

[MexHigh]

Some feedback on your tool with some of my tests.

Working

• .\SharpReflectivePEInjection.exe -file C:\Windows\System32\calc.exe -syscalls
• .\SharpReflectivePEInjection.exe -file C:\Windows\System32\calc.exe

Not working

• .\SharpReflectivePEInjection.exe -file C:\Windows\System32\cmd.exe -a "/c calc.exe" (exits after patching args)
• .\SharpReflectivePEInjection.exe -file .\SharpHound.exe (Sharphound compiled to x64, exits after patching args)
• .\SharpReflectivePEInjection.exe -file .\SharpHound.exe -a "-c DCOnly" (Sharphound compiled to x64, exits after patching args)
• .\SharpReflectivePEInjection.exe -file .\SharpHound.exe -a "--help" (exits instantly after showing help page, because the content of the -a flag is recognized as flag for SharpReflectivePEInjection.exe)

It seems like the tool does not work with .NET assemblies at all, even when compiled for x64 explicitly.

[cpu0x00]

@MexHigh yes its not intended to load DotNet assemblies, its for loading unmanaged binaries like C/C++ Nim Rust so on, im thinking of adding a DotNet loading functionality but as for now its not intended for DotNet Assemblies

[MexHigh]

Ahh that makes sense. Thanks for the clarification.

Should I leave this open as a feautre request?

[cpu0x00]

Sure, and feel free to add more feedback

[cpu0x00]

@MexHigh
i tested the cmd.exe issue you had and it worked

if you can give me more detail regards the issue or maybe try to rerun it and update me on it

[cpu0x00]

[Justice-Wayne]

Hello author,
Very nice project, I have a similar one. But I didn't solve the problem of passing parameters. I tested this project and it is not compatible with golang. There will be some weird situations.

[cpu0x00]

@Justice-Wayne i haven't tested it with golang only with C/C++, can you provide the code for your golang test binary

[MexHigh]

@MexHigh i tested the cmd.exe issue you had and it worked

if you can give me more detail regards the issue or maybe try to rerun it and update me on it

Does not work for me, for both calc.exe and whoami. Here's what I see:

Some system information:

• Windows 10 22H2 (19045.3693)
• Domain joined (fully on-premise)
• Defender deactivated, no Defender for Endpoint

[Justice-Wayne]

i haven't tested it with golang only with C/C++, can you provide the code for your golang test binary

@cpu0x00 thank your answer ，
https://github.com/moonD4rk/HackBrowserData
https://github.com/fatedier/frp
https://github.com/shadow1ng/fscan

[cpu0x00]

@MexHigh are you sure you are compiling right?

[MexHigh]

@MexHigh are you sure you are compiling right?

I wasn't able to find any compilation instructions so I just compiled the provided Release > Any CPU configuration with Visual Studio 2022. Do I need to target a specific architecture?

EDIT: With a binary directly targeted to x64 the same happens (no error, just exit after patching args, nothing else happens). With a x86 binary, i see another exception:

[cpu0x00]

When compiled for x64 can only load for x64 and vice versa

The tool support memory alignment for both architectures but it needs to be compiled for the specific on its gonna be used in

[cpu0x00]

@MexHigh hi,

turns out you were right it didn't map x32 , just fixed it, thank you for the testing