Jump to content
Tuts 4 You

Modify IL Code during Run-time


Codefans

Recommended Posts

Posted

I have read a article about how to Modify IL Code during Run-time.

 

http://www.codeproject.com/Articles/463508/NET-CLR-Injection-Modify-IL-Code-during-Run-time

 

The author provide two version's binaries and code. (2012/11/05 and 2014/08/08)

 

But In my pc just 2012/11/05 version's app can run normally,

2014/08/08 version's app throw some error  "Initialization is failed with error [Failed to get addresses from server,Couldn't connect server.]!"

 

My test PC : WinXP X86

test app:  Test_x86_DotNet40_Release.exe

 

The author said as below:

 

"In previous version, the PDB file is downloaded and parsed locally with Microsoft symcheck.exe.

In the current version, I have made a web service to parse the addresses on the server and return the virtual addresses to clients. This will reduce the initialization time."

 

Maybe author's current version is refer to 2012/11/05, i can find web service link in 2012/11/05 code,2014/08/08 haven't.

 

Who can help me find the error in newer version,and how to fix it. Thanks.

-----------------------------------

 

I study this just want to write a jit tool similar Rick's (Dnguard author),he just show a picture in blog.

http://www.cnblogs.com/rick/archive/2007/07/08/810591.html

jithook.jpg

 

更新列表 Update List
IL反汇编来源 IL disassembling source
触发jit并捕获 Trigger the jit and capture
强制方法重新Jit  Mandatory methods to Jit
关闭  close

Ha ha ,it seems to have a long way to go to achieve the goal.

 

 

Posted (edited)

i guess the problem come downloading symbols, all is fine for me.


 


 


decompress attached file and copy the files to the folder where you have the example, contains the symbols needed to use the program, it must look like 


 


43c53bfd442bb56c4715d275f0862ebf.png


Symbols.rar

Edited by Alcatraz3222
Posted

Check "ARTEAM EZINE ISSUE IV"


 


there is an article on how to modify MSIL code in runtime.


 


Page 66


  • Like 1
Posted

Alcatraz3222,thanks for your replay.


Maybe misunderstood my question.


In my pc,the old version can run normal,but newer version throw the error message.


according to your injection32.dll file's size in your picture, i guess you were tested in old version.


 


acturally,i want to study to write a tool to get special method's code which methodbody is empty when open in reflector.


 


Now i know profiling api is more useful than the method posted in post 1.


 


Similar dotNET MSIL dumper by Kurapica


(dump the body of every Method (Function, Procedure) called by the executable assembly you select...)


 


Alcatraz3222,Kurapica  thank you enthusiastic teach。


 


Every day after work to read two talent's article is really a kind of enjoyment. :prop:  :prop:


  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...