//delegate preperation & JIT Stack fixes
private unsafe void PreJit()
{
Win32.Print("PreJIT: FindMatchingMethods");
MethodInfo method = typeof(JitEncrypt).GetMethod("FindMethods", BindingFlags.Instance | BindingFlags.NonPublic);
RuntimeHelpers.PrepareMethod(method.MethodHandle);
Win32.Print("PreJIT: ContainsKey");
method = typeof(Dictionary <long, JitMethodBase>).GetMethod("ContainsKey", BindingFlags.Instance | BindingFlags.Public);
RuntimeHelpers.PrepareMethod(method.MethodHandle);
Win32.Print("PreJIT: FindMatchingMethods [Call]");
//--- Note the following requests are required to prevent stack overflow exceptions on some deep .net methods that they call
Data.CorMethodInfo64 methodInfo = new Data.CorMethodInfo64() //--- create fake data structure pointing to our fake method
{
moduleHandle = new IntPtr(int.MaxValue),
methodHandle = new IntPtr(int.MaxValue - 0x06000000)
};
JitMethodBase temp = new JitMethodBase(methodInfo.moduleHandle, int.MaxValue, method, new ClrEncrypted(EncryptionType.aes, false)); //--- define our fake method
JitMethodBase temp2 = new JitMethodBase(methodInfo.moduleHandle, int.MaxValue, method, new MethodHash("fake method hash")); //--- define our fake method
long value = temp.hMODULE.ToInt64() + temp.Token; //--- calculate our fake method's lookup token
EncryptedMethods.Add(value, temp); //--- add our fake method to our dictioanry
HashedMethods.Add(value, temp2);
FindMethods(&methodInfo); // use FindMethods to PreJit the entire chain
EncryptedMethods.Clear(); //--- clear our dictionary of our fake method to prevent issues
HashedMethods.Clear();
if (AntiDebug.DetectDebuggers())
{
Win32.Print("Debugger Present");
SafeCrash.ForceCrash();
}
}
//delegate preperation & JIT Stack fixes
private unsafe void PreJit()
{
Win32.Print("PreJIT: FindMatchingMethods");
MethodInfo method = typeof(JitEncrypt).GetMethod("FindMethods", BindingFlags.Instance | BindingFlags.NonPublic);
System.Runtime.CompilerServices.RuntimeHelpers.PrepareMethod(method.MethodHandle);
Win32.Print("PreJIT: DoesMatch");
method = typeof(JitMethodBase).GetMethod("DoesMatch", BindingFlags.Instance | BindingFlags.Public);
System.Runtime.CompilerServices.RuntimeHelpers.PrepareMethod(method.MethodHandle);
Win32.Print("PreJIT: FindMatchingMethods [Call]");
//--- Note the following requests are required to prevent stack overflow exceptions on some deep .net methods that they call
Data.CorMethodInfo64 methodInfo = new Data.CorMethodInfo64()
{
moduleHandle = IntPtr.Zero,
methodHandle = IntPtr.Zero
};
FindMethods(&methodInfo);
Win32.Print("PreJIT: DoesMatch [Call]");
JitMethodBase temp = new JitMethodBase(method.Module.GetHMODULE(), method.MetadataToken, method, new ClrEncrypted(EncryptionType.aes, false));
temp.DoesMatch(IntPtr.Zero, 0);
if (AntiDebug.DetectDebuggers())
{
Win32.Print("Debugger Present");
SafeCrash.ForceCrash();
}
}
private unsafe int ClrCompile64(IntPtr thisPtr, [In] IntPtr corJitInfo,
[In] Data.CorMethodInfo64 *methodInfo, Data.CorJitFlag flags,
[Out] IntPtr nativeEntry, [Out] IntPtr nativeSizeOfCode)
{
JitMethodBase[] compiling_methods = FindMethods(methodInfo);
//IntPtr corJitInfo_vTable = Marshal.ReadIntPtr(corJitInfo);
if (compiling_methods.Length != 0)
{
//detect debuggers
if (AntiDebug.DetectDebuggers())
{
Win32.Print("On Compile - Debugger Present");
SafeCrash.ForceCrash();
}
JitMethodBase method_base = compiling_methods[0];
Win32.Print($"Compiling: {method_base.Method.Name}");
if (compiling_methods.Length == 1)
{
//--- one matching method, HandleCompile we determine what to do
HandleCompile(method_base, methodInfo);
}
else
{
//--- two matching methods, must handle decryption before hashing
foreach (JitMethodBase method in compiling_methods)
{
if (method is EncryptedMethod encrypted)
{
HandleCompile(encrypted, methodInfo);
break;
}
}
foreach (JitMethodBase method in compiling_methods)
{
if (method is HashedMethod hashed)
{
HandleCompile(hashed, methodInfo);
break;
}
}
}
}
return(_jitHook64.OriginalCompileMethod(thisPtr, corJitInfo, methodInfo, flags, nativeEntry, nativeSizeOfCode));
}
