[.NET][Cecil] ILProcessor

[XenocodeRCE]

IL code i'm trying to inject n assembly :

    IL_0000: nop    IL_0001: ldc.i4.0    IL_0002: stloc.0    IL_0003: ldc.i4.5    IL_0004: stloc.1    IL_0005: br IL_00b1    IL_000a: ldc.i4.s 63    IL_000c: call string [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Conversions::ToString(int32)    IL_0011: call int64 [mscorlib]System.Int64::Parse(string)    IL_0016: conv.ovf.u8    IL_0017: stloc.s 4    IL_0019: ldc.i8 -9223372036854775808    IL_0022: stloc.3    IL_0023: ldc.i4.1    IL_0024: stloc.s 5    IL_0026: nop    IL_0027: ldc.i4.s 42    IL_0029: call string [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Conversions::ToString(int32)    IL_002e: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Parse(string)    IL_0033: stloc.s 8    IL_0035: ldloc.s 8    IL_0037: ldsfld valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::One    IL_003c: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Subtract(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal)    IL_0041: stloc.s 7    IL_0043: br.s IL_0075    IL_0045: ldloc.s 7    IL_0047: stloc.s 10    IL_0049: ldloc.s 9    IL_004b: ldloc.s 7    IL_004d: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Add(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal)    IL_0052: stloc.s 7    IL_0054: ldstr "ici"    IL_0059: call void [mscorlib]System.Console::WriteLine(string)    IL_005e: nop    IL_005f: ldloc.s 10    IL_0061: stloc.s 9    IL_0063: ldloc.s 7    IL_0065: ldc.i4.2    IL_0066: conv.i8    IL_0067: newobj instance void [mscorlib]System.Decimal::.ctor(int64)    IL_006c: nop    IL_006d: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Add(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal)    IL_0072: stloc.s 7    IL_0074: nop    IL_0075: ldloc.s 7    IL_0077: ldloc.s 8    IL_0079: call int32 [mscorlib]System.Decimal::Compare(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal)    IL_007e: ldc.i4.0    IL_007f: clt    IL_0081: stloc.s 11    IL_0083: ldloc.s 11    IL_0085: brtrue.s IL_0045    IL_0087: ldc.i4.0    IL_0088: stloc.s 6    IL_008a: ldloc.s 6    IL_008c: stloc.s 11    IL_008e: ldloc.s 11    IL_0090: brtrue.s IL_0027    IL_0092: ldloc.3    IL_0093: ldc.i4.1    IL_0094: shr.un    IL_0095: stloc.3    IL_0096: nop    IL_0097: ldloc.s 5    IL_0099: ldc.i4.1    IL_009a: add.ovf    IL_009b: stloc.s 5    IL_009d: ldloc.s 5    IL_009f: ldc.i4.1    IL_00a0: stloc.s 12    IL_00a2: ldloc.s 12    IL_00a4: ble.s IL_0026    IL_00a6: ldloc.1    IL_00a7: ldc.i4.5    IL_00a8: sub.ovf    IL_00a9: stloc.1    IL_00aa: ldloc.0    IL_00ab: ldloc.0    IL_00ac: ldc.i4.6    IL_00ad: add.ovf    IL_00ae: add.ovf    IL_00af: stloc.0    IL_00b0: nop    IL_00b1: ldloc.0    IL_00b2: ldc.i4.5    IL_00b3: bgt.s IL_00b9    IL_00b5: ldloc.1    IL_00b6: ldc.i4.0    IL_00b7: bge.s IL_00bc    IL_00b9: ldc.i4.0    IL_00ba: br.s IL_00bd    IL_00bc: ldc.i4.1    IL_00bd: nop    IL_00be: stloc.s 11    IL_00c0: ldloc.s 11    IL_00c2: brtrue IL_000a    IL_00c7: nop

 

 

My attempt :

                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_0))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_5))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_1))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Br, instructions(i + 83))) 'need here                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_S, 63))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Conv_Ovf_U8))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I8))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_3))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldsfld))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Br_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_2))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Conv_I8))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Newobj))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Call))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Clt))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Brtrue_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Brtrue_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_3))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Shr_Un))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_3))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Add_Ovf))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ble_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_1))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_5))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Sub_Ovf))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_1))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_6))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Add_Ovf))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Add_Ovf))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_5))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Bgt_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_1))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Bge_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Br_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_0))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Brtrue))                                iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop))

 

But I don't know how to call stuff like this :

 

IL_0005: br IL_00b1

IL_004d: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Add(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal)

Edited June 7, 2014 by SpoonStudio

[atom0s]

Check out this link it shows how to import the type and call a method within it:

https://github.com/jbevain/cecil/wiki/Importing

Example using Console.WriteLine