[Mono-dev] Runtime IL Injection

Jonathan Lima greenboxal at gmail.com
Tue Jul 1 02:00:24 UTC 2014


Hello,

Well, first questions first, is what you is doing legal?

Anyway, in the worst case you can do real binary patching redirecting all calls.
I already did that on CLR and should even easier on Mono as it’s open source and you can know how code will be JITed. If you know the target system I think that this is the way to go. You won’t even need to deal with writing native code, maybe just a bit of assembly injection.

In my experiments I ported an ordinary x86 hook library in C to C# and patched the JITed code in runtime a method stub created with System.Runtime.InteropServices.Marshal.GetFunctionPointerToDelegate.
I also saved the a pointer to a trampoline so I could call the former method with a delegate using System.Runtime.InteropServices.Marshal.GetDelegateForFunctionPointer.

Jonathan

On Jun 30, 2014, at 22:46, Drew Crawford <drew at sealedabstract.com> wrote:

> Hello folks,
> 
> I've got a rather large program that I don't have source to. I believe it runs Mono 3.5.
> 
> I'm trying to modify the behavior of this program; specifically, I'm trying to replace one of its classes. Normally this would be a pretty straightforward Mono.Cecil operation, but it turns out the program verifies its on-disk representation at startup in a way that is difficult to defeat. 
> 
> I can, however, convince the program to load an arbitrary managed DLL, so this has got me thinking about the possibility of doing run-time manipulation and code injection of the process using the DLL as an entrypoint. I have seen some code samples of this online for .NET but I can't seem to find anyone doing this for Mono. 
> 
> Can anyone point me in the right direction?
> 
> Drew
> 
> 
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list



More information about the Mono-devel-list mailing list