XenocodeRCE Posted June 7, 2014 Share Posted June 7, 2014 (edited) IL code i'm trying to inject n assembly : IL_0000: nop IL_0001: ldc.i4.0 IL_0002: stloc.0 IL_0003: ldc.i4.5 IL_0004: stloc.1 IL_0005: br IL_00b1 IL_000a: ldc.i4.s 63 IL_000c: call string [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Conversions::ToString(int32) IL_0011: call int64 [mscorlib]System.Int64::Parse(string) IL_0016: conv.ovf.u8 IL_0017: stloc.s 4 IL_0019: ldc.i8 -9223372036854775808 IL_0022: stloc.3 IL_0023: ldc.i4.1 IL_0024: stloc.s 5 IL_0026: nop IL_0027: ldc.i4.s 42 IL_0029: call string [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Conversions::ToString(int32) IL_002e: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Parse(string) IL_0033: stloc.s 8 IL_0035: ldloc.s 8 IL_0037: ldsfld valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::One IL_003c: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Subtract(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal) IL_0041: stloc.s 7 IL_0043: br.s IL_0075 IL_0045: ldloc.s 7 IL_0047: stloc.s 10 IL_0049: ldloc.s 9 IL_004b: ldloc.s 7 IL_004d: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Add(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal) IL_0052: stloc.s 7 IL_0054: ldstr "ici" IL_0059: call void [mscorlib]System.Console::WriteLine(string) IL_005e: nop IL_005f: ldloc.s 10 IL_0061: stloc.s 9 IL_0063: ldloc.s 7 IL_0065: ldc.i4.2 IL_0066: conv.i8 IL_0067: newobj instance void [mscorlib]System.Decimal::.ctor(int64) IL_006c: nop IL_006d: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Add(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal) IL_0072: stloc.s 7 IL_0074: nop IL_0075: ldloc.s 7 IL_0077: ldloc.s 8 IL_0079: call int32 [mscorlib]System.Decimal::Compare(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal) IL_007e: ldc.i4.0 IL_007f: clt IL_0081: stloc.s 11 IL_0083: ldloc.s 11 IL_0085: brtrue.s IL_0045 IL_0087: ldc.i4.0 IL_0088: stloc.s 6 IL_008a: ldloc.s 6 IL_008c: stloc.s 11 IL_008e: ldloc.s 11 IL_0090: brtrue.s IL_0027 IL_0092: ldloc.3 IL_0093: ldc.i4.1 IL_0094: shr.un IL_0095: stloc.3 IL_0096: nop IL_0097: ldloc.s 5 IL_0099: ldc.i4.1 IL_009a: add.ovf IL_009b: stloc.s 5 IL_009d: ldloc.s 5 IL_009f: ldc.i4.1 IL_00a0: stloc.s 12 IL_00a2: ldloc.s 12 IL_00a4: ble.s IL_0026 IL_00a6: ldloc.1 IL_00a7: ldc.i4.5 IL_00a8: sub.ovf IL_00a9: stloc.1 IL_00aa: ldloc.0 IL_00ab: ldloc.0 IL_00ac: ldc.i4.6 IL_00ad: add.ovf IL_00ae: add.ovf IL_00af: stloc.0 IL_00b0: nop IL_00b1: ldloc.0 IL_00b2: ldc.i4.5 IL_00b3: bgt.s IL_00b9 IL_00b5: ldloc.1 IL_00b6: ldc.i4.0 IL_00b7: bge.s IL_00bc IL_00b9: ldc.i4.0 IL_00ba: br.s IL_00bd IL_00bc: ldc.i4.1 IL_00bd: nop IL_00be: stloc.s 11 IL_00c0: ldloc.s 11 IL_00c2: brtrue IL_000a IL_00c7: nop My attempt : iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_0)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_5)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_1)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Br, instructions(i + 83))) 'need here iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_S, 63)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Conv_Ovf_U8)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I8)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_3)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldsfld)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Br_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertBefore(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_2)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Conv_I8)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Newobj)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Call)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Clt)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Brtrue_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Brtrue_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_3)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Shr_Un)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_3)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Add_Ovf)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_1)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ble_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_1)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_5)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Sub_Ovf)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_1)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_6)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Add_Ovf)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Add_Ovf)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_5)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Bgt_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_1)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Bge_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Br_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldc_I4_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Stloc_0)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Ldloc_S)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Brtrue)) iLProcessor.InsertAfter(Instruction, iLProcessor.Create(OpCodes.Nop)) But I don't know how to call stuff like this : IL_0005: br IL_00b1IL_004d: call valuetype [mscorlib]System.Decimal [mscorlib]System.Decimal::Add(valuetype [mscorlib]System.Decimal, valuetype [mscorlib]System.Decimal) Edited June 7, 2014 by SpoonStudio Link to comment
atom0s Posted June 8, 2014 Share Posted June 8, 2014 Check out this link it shows how to import the type and call a method within it: https://github.com/jbevain/cecil/wiki/Importing Example using Console.WriteLine Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now