compileMethod C# (CSharp) Code Examples

Example #1

0

Show file

File: AntiTamper.JIT.cs Project: momogie/ConfuserEx

        static void Hook()
        {
            ulong *ptr = stackalloc ulong[2];

            if (ver4)
            {
                ptr[0] = 0x642e74696a726c63; //clrjit.d
                ptr[1] = 0x0000000000006c6c; //ll......
            }
            else
            {
                ptr[0] = 0x74696a726f63736d; //mscorjit
                ptr[1] = 0x000000006c6c642e; //.dll....
            }

            IntPtr jit = LoadLibrary(new string((sbyte *)ptr));

            ptr[0] = 0x000074694a746567;    //getJit
            var    get          = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(jit, new string((sbyte *)ptr)), typeof(getJit));
            IntPtr hookPosition = *get();
            IntPtr original     = *(IntPtr *)hookPosition;

            IntPtr trampoline;
            uint   oldPl;

            if (IntPtr.Size == 8)
            {
                trampoline = Marshal.AllocHGlobal(16);
                var tptr = (ulong *)trampoline;
                tptr[0] = 0xffffffffffffb848;
                tptr[1] = 0x90909090e0ffffff;

                VirtualProtect(trampoline, 12, 0x40, out oldPl);
                Marshal.WriteIntPtr(trampoline, 2, original);
            }
            else
            {
                trampoline = Marshal.AllocHGlobal(8);
                var tptr = (ulong *)trampoline;
                tptr[0] = 0x90e0ffffffffffb8;

                VirtualProtect(trampoline, 7, 0x40, out oldPl);
                Marshal.WriteIntPtr(trampoline, 1, original);
            }

            originalDelegate = (compileMethod)Marshal.GetDelegateForFunctionPointer(trampoline, typeof(compileMethod));
            handler          = HookHandler;

            RuntimeHelpers.PrepareDelegate(originalDelegate);
            RuntimeHelpers.PrepareDelegate(handler);

            VirtualProtect(hookPosition, (uint)IntPtr.Size, 0x40, out oldPl);
            Marshal.WriteIntPtr(hookPosition, Marshal.GetFunctionPointerForDelegate(handler));
            VirtualProtect(hookPosition, (uint)IntPtr.Size, oldPl, out oldPl);
        }

Example #2

0

Show file

File: AntiTampers.cs Project: zippy1981/Confuser

    static unsafe void Init(bool ver)
    {
        AntiTamperJIT.ver = ver;
        ulong *ptr = stackalloc ulong[2];

        if (ver)
        {
            ptr[0] = 0x642e74696a726c63;    //clrjit.d
            ptr[1] = 0x0000000000006c6c;    //ll......
        }
        else
        {
            ptr[0] = 0x74696a726f63736d;    //mscorjit
            ptr[1] = 0x000000006c6c642e;    //.dll....
        }
        IntPtr jit = LoadLibrary(new string((sbyte *)ptr));

        ptr[0] = 0x000074694a746567;    //getJit
        getJit get = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(jit, new string((sbyte *)ptr)), typeof(getJit));

        hookPosition = Marshal.ReadIntPtr(get());
        original     = Marshal.ReadIntPtr(hookPosition);

        IntPtr trampoline;

        if (IntPtr.Size == 8)
        {
            trampoline = Marshal.AllocHGlobal(16);
            ulong *tptr = (ulong *)trampoline;
            tptr[0] = 0xffffffffffffb848;
            tptr[1] = 0x90909090e0ffffff;

            uint oldPl;
            VirtualProtect(trampoline, 12, 0x40, out oldPl);
            Marshal.WriteIntPtr(trampoline, 2, original);
        }
        else
        {
            trampoline = Marshal.AllocHGlobal(8);
            ulong *tptr = (ulong *)trampoline;
            tptr[0] = 0x90e0ffffffffffb8;

            uint oldPl;
            VirtualProtect(trampoline, 7, 0x40, out oldPl);
            Marshal.WriteIntPtr(trampoline, 1, original);
        }

        originalDelegate = (compileMethod)Marshal.GetDelegateForFunctionPointer(trampoline, typeof(compileMethod));
        RuntimeHelpers.PrepareDelegate(originalDelegate);
    }

Example #3

0

Show file

File: AntiTampers.cs Project: zippy1981/Confuser

    static unsafe void Hook()
    {
        if (hooked)
        {
            throw new InvalidOperationException();
        }

        interop = new compileMethod(Interop);
        try
        {
            interop(IntPtr.Zero, null, null, 0, null, null);
        }
        catch { }

        uint oldPl;

        VirtualProtect(hookPosition, (uint)IntPtr.Size, 0x40, out oldPl);
        Marshal.WriteIntPtr(hookPosition, Marshal.GetFunctionPointerForDelegate(interop));
        VirtualProtect(hookPosition, (uint)IntPtr.Size, oldPl, out oldPl);

        hooked = true;
    }

Example #4

0

Show file

File: AntiTampers.cs Project: n017/Confuser

    static unsafe void Init(bool ver)
    {
        AntiTamperJIT.ver = ver;
        ulong* ptr = stackalloc ulong[2];
        if (ver)
        {
            ptr[0] = 0x642e74696a726c63;    //clrjit.d
            ptr[1] = 0x0000000000006c6c;    //ll......
        }
        else
        {
            ptr[0] = 0x74696a726f63736d;    //mscorjit
            ptr[1] = 0x000000006c6c642e;    //.dll....
        }
        IntPtr jit = LoadLibrary(new string((sbyte*)ptr));
        ptr[0] = 0x000074694a746567;    //getJit
        getJit get = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(jit, new string((sbyte*)ptr)), typeof(getJit));
        hookPosition = Marshal.ReadIntPtr(get());
        original = Marshal.ReadIntPtr(hookPosition);

        IntPtr trampoline;
        if (IntPtr.Size == 8)
        {
            trampoline = Marshal.AllocHGlobal(16);
            ulong* tptr = (ulong*)trampoline;
            tptr[0] = 0xffffffffffffb848;
            tptr[1] = 0x90909090e0ffffff;

            uint oldPl;
            VirtualProtect(trampoline, 12, 0x40, out oldPl);
            Marshal.WriteIntPtr(trampoline, 2, original);
        }
        else
        {
            trampoline = Marshal.AllocHGlobal(8);
            ulong* tptr = (ulong*)trampoline;
            tptr[0] = 0x90e0ffffffffffb8;

            uint oldPl;
            VirtualProtect(trampoline, 7, 0x40, out oldPl);
            Marshal.WriteIntPtr(trampoline, 1, original);
        }

        originalDelegate = (compileMethod)Marshal.GetDelegateForFunctionPointer(trampoline, typeof(compileMethod));
        RuntimeHelpers.PrepareDelegate(originalDelegate);
    }

Example #5

0

Show file

File: AntiTampers.cs Project: n017/Confuser

    static unsafe void Hook()
    {
        if (hooked) throw new InvalidOperationException();

        interop = new compileMethod(Interop);
        try
        {
            interop(IntPtr.Zero, null, null, 0, null, null);
        }
        catch { }

        uint oldPl;
        VirtualProtect(hookPosition, (uint)IntPtr.Size, 0x40, out oldPl);
        Marshal.WriteIntPtr(hookPosition, Marshal.GetFunctionPointerForDelegate(interop));
        VirtualProtect(hookPosition, (uint)IntPtr.Size, oldPl, out oldPl);

        hooked = true;
    }

Example #6

0

Show file

File: AntiTamper.JIT.cs Project: EmilZhou/ConfuserEx

		static void Hook() {
			ulong* ptr = stackalloc ulong[2];
			if (ver4) {
				ptr[0] = 0x642e74696a726c63; //clrjit.d
				ptr[1] = 0x0000000000006c6c; //ll......
			}
			else {
				ptr[0] = 0x74696a726f63736d; //mscorjit
				ptr[1] = 0x000000006c6c642e; //.dll....
			}
			IntPtr jit = LoadLibrary(new string((sbyte*)ptr));
			ptr[0] = 0x000074694a746567; //getJit
			var get = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(jit, new string((sbyte*)ptr)), typeof(getJit));
			IntPtr hookPosition = *get();
			IntPtr original = *(IntPtr*)hookPosition;

			IntPtr trampoline;
			uint oldPl;
			if (IntPtr.Size == 8) {
				trampoline = Marshal.AllocHGlobal(16);
				var tptr = (ulong*)trampoline;
				tptr[0] = 0xffffffffffffb848;
				tptr[1] = 0x90909090e0ffffff;

				VirtualProtect(trampoline, 12, 0x40, out oldPl);
				Marshal.WriteIntPtr(trampoline, 2, original);
			}
			else {
				trampoline = Marshal.AllocHGlobal(8);
				var tptr = (ulong*)trampoline;
				tptr[0] = 0x90e0ffffffffffb8;

				VirtualProtect(trampoline, 7, 0x40, out oldPl);
				Marshal.WriteIntPtr(trampoline, 1, original);
			}

			originalDelegate = (compileMethod)Marshal.GetDelegateForFunctionPointer(trampoline, typeof(compileMethod));
			handler = HookHandler;

			RuntimeHelpers.PrepareDelegate(originalDelegate);
			RuntimeHelpers.PrepareDelegate(handler);

			VirtualProtect(hookPosition, (uint)IntPtr.Size, 0x40, out oldPl);
			Marshal.WriteIntPtr(hookPosition, Marshal.GetFunctionPointerForDelegate(handler));
			VirtualProtect(hookPosition, (uint)IntPtr.Size, oldPl, out oldPl);
		}

C# (CSharp) compileMethod Examples