-2

I'd like to know how to inject a C# DLL into a Unity process. Since Unity hosts a CLR (as it runs mono MSIL), I'd imagine I could play around with reflection.

So how would I inject a .NET DLL into a .Net process, and what can I do in terms of reflection once I'm in there?

For example. Say i have a game that uses unity3d as the engine, with most of the code writtin in C# (that doesn't matter since unity seems to compile unityscript to .net anyway). I want to extend this already written codebase with my own code.

Typically in a normal native process you would start reversing the code, finding pointers and data structures as they appear in memory, gaining an understanding of the code as you go along. Then writing the same structures in your code, obtain rwx access to that processes memory (typically by injecting a dll into that process) and then going to town.

Since unity uses .net however, i was wondering if there was a better way. I'd like to leverage the reflection capabilities of the .net framework. For this I think I'd need to get my code injected into the unity process. From there i don't know how a workflow might be.

Long story short: I'd like to inject a DLL, with a payload written in C# (hopefully using reflection instead of pointers), into a foreign process (i don't have control over it at compile time), and mess around with the processes internal classes and functions.

Delusional Logic
  • 808
  • 10
  • 32

2 Answers2

0

Drop the DLL into an asset folder

Assets/Libs/MyLib.dll

Open any CS file and in the MonoDevelop solution add the reference. When you quit MonoDevelop Unity will refetch the solution file and import the dll's reference. You can now use your library from Unity code that you write in MonoDevelop just as normal. There will be no difference between your code and any other API like System.IO.

Pay attention to the .NET framework versions, don't mix code. To be safe, use .NET 2.0. ...wait... I don't remember but it should be 2.0... don't quote me on that.

Once you're there you can do everything as normal.

pid
  • 11,472
  • 6
  • 34
  • 63
  • that's not quite what i meant. I've tried to be more specific with my original question. I apologize for the ambiguity of the original question. – Delusional Logic Jan 28 '14 at 22:14
  • I've read your edit and I have no idea. What I wonder is how you want to inject code if you don't have an extension point on the injectee's side. I've never felt the need to do something like this :) – pid Jan 28 '14 at 22:18
  • The reason why is more curiosity than anything. If you know how C++ injection works, that's what i want to do, but i was wondering if the .net framework and reflection could make it easier and more fun. The whole idea is that you make your own extension point by "forcing" your way in. – Delusional Logic Jan 28 '14 at 22:25
0

One option is the .cctor function (module initializer), which does NOT run on assembly load, but rather the first invocation into your dll.

Previously, I thought this was the earliest you could get with .net, but apparently I'm mistaken:

There's a horrible, nasty hack that lets you run a DllMain in .net - C# equivalent of DllMain in C (WinAPI)

This is certainly not something that was intended by the creators of .net. Be careful when using it.

This gets your code running, and once in, you can invoke System.Reflection like normal and do whatever you want.

Community
  • 1
  • 1