Titanium Alternative - call C# DLL from injected C++ DLL

[Fowl3628800]

I'm trying to make my hack independent from Titanium by calling it's Loader.Load() method in an injectable C++ DLL.

Currently I am using the following code:

 

Code:

#include "MSCorEE.h"
#include <windows.h>
#include <metahost.h>
#include <corerror.h>

#pragma once

using namespace System;

void CallLoad()
{
	ICLRMetaHost *pMetaHost = NULL;
	ICLRRuntimeInfo *pRuntimeInfo = NULL;
	ICLRRuntimeHost *pClrHost = NULL;

	HRESULT hr = CLRCreateInstance(CLSID_CLRMetaHost, IID_PPV_ARGS(&pMetaHost)); // returns 0 (S_OK)

	hr = pMetaHost->GetRuntime(L"v4.0.30319", IID_PPV_ARGS(&pRuntimeInfo)); // returns 0 (S_OK)

	hr = pRuntimeInfo->GetInterface(CLSID_CLRRuntimeHost, IID_PPV_ARGS(&pClrHost)); // returns 0 (S_OK)

	hr = pClrHost->Start(); // returns 1 (S_FALSE), maybe because the Runtime is already running??

	DWORD dwRet = 99;
	hr = pClrHost->ExecuteInDefaultAppDomain(L"Absolute\\Path\\To\\FowlsHack.dll", L"FowlsHack.Loader", L"LoadHacks", L"", &dwRet); // returns -2146233078 (seems to be COR_E_SECURITY)
	// dwRet is still 99
}

#pragma unmanaged

DWORD WINAPI ThreadProc(LPVOID lpParam)
{
	CallLoad();
	return 0;
}

}

BOOL APIENTRY DllMain(HINSTANCE hinstDll, DWORD Reason, LPVOID Reserved)
{
	switch (Reason){
	case DLL_PROCESS_ATTACH:
		CreateThread(0, NULL, ThreadProc, (LPVOID)L"", NULL, NULL);
		break;
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

#pragma managed

 

Code:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using UnityEngine;

namespace FowlsHack
{
    public class Loader
    {
        public static GameObject load_object;
        
        public static void Load()
        {
            load_object = new GameObject();
            load_object.AddComponent<Hacks>();
            UnityEngine.Object.DontDestroyOnLoad(load_object);
        }
        static int LoadHacks(String ignored)
        {
            Load();
            return 0;
        }
    }
}

I put the from the hack required libraries from
...\SteamApps\common\Unturned\Unturned_Data\Manage d\
to the folder, where both DLLs (the C# and the C++) are (they are in the same folder)

and injected the C++ DLL into Unturned.exe using Extreme Injector v3.3,

but it's not working.

Start returns 1 (S_FALSE) and
ExecuteInDefaultAppDomain returns -2146233078 (seems to be COR_E_SECURITY).

Any ideas why?

[Blueblood1]

Probably because your over complicating it. Just add your hack as a reference and attach it inside the assembly's Database start().

[Fowl3628800]

Probably because your over complicating it. Just add your hack as a reference and attach it inside the assembly's Database start().

Thank you for the idea. It works perfectly for me.

[Color]

//Answered..