Exemplo n.º 1
0
        public static CorMethodInfoHook Hook(ICorJitInfo *comp, IntPtr ftn, CORINFO_EH_CLAUSE[] clauses)
        {
            ICorMethodInfo *mtdInfo  = ICorStaticInfo.ICorMethodInfo(ICorDynamicInfo.ICorStaticInfo(ICorJitInfo.ICorDynamicInfo(comp)));
            IntPtr *        vfTbl    = mtdInfo->vfptr;
            const int       SLOT_NUM = 0x1B;
            IntPtr *        newVfTbl = (IntPtr *)Marshal.AllocHGlobal(SLOT_NUM * IntPtr.Size);

            for (int i = 0; i < SLOT_NUM; i++)
            {
                newVfTbl[i] = vfTbl[i];
            }
            if (ehNum == -1)
            {
                for (int i = 0; i < SLOT_NUM; i++)
                {
                    bool isEh = true;
                    for (byte *func = (byte *)vfTbl[i]; *func != 0xe9; func++)
                    {
                        if (IntPtr.Size == 8 ?
                            (*func == 0x48 && *(func + 1) == 0x81 && *(func + 2) == 0xe9) :
                            (*func == 0x83 && *(func + 1) == 0xe9))
                        {
                            isEh = false;
                            break;
                        }
                    }
                    if (isEh)
                    {
                        ehNum = i;
                        break;
                    }
                }
            }

            CorMethodInfoHook ret = new CorMethodInfoHook()
            {
                ftn      = ftn,
                info     = mtdInfo,
                comp     = comp,
                clauses  = clauses,
                newVfTbl = newVfTbl,
                oriVfTbl = vfTbl
            };

            ret.n_getEHinfo = new getEHinfo(ret.hookEHInfo);
            ret.o_getEHinfo = Marshal.GetDelegateForFunctionPointer(vfTbl[ehNum], typeof(getEHinfo)) as getEHinfo;
            newVfTbl[ehNum] = Marshal.GetFunctionPointerForDelegate(ret.n_getEHinfo);

            mtdInfo->vfptr = newVfTbl;
            return(ret);
        }
Exemplo n.º 2
0
            public unsafe static CorMethodInfoHook Hook(ICorJitInfo *comp, IntPtr ftn, CORINFO_EH_CLAUSE *clauses)
            {
                ICorMethodInfo *ptr   = ICorStaticInfo.ICorMethodInfo(ICorDynamicInfo.ICorStaticInfo(ICorJitInfo.ICorDynamicInfo(comp)));
                IntPtr *        vfptr = ptr->vfptr;
                IntPtr *        ptr2  = (IntPtr *)(void *)Marshal.AllocHGlobal(27 * IntPtr.Size);

                for (int i = 0; i < 27; i++)
                {
                    ptr2[i] = vfptr[i];
                }
                if (ehNum == -1)
                {
                    for (int j = 0; j < 27; j++)
                    {
                        bool flag = true;
                        for (byte *ptr3 = (byte *)(void *)vfptr[j]; *ptr3 != 233; ptr3++)
                        {
                            if ((IntPtr.Size != 8) ? (*ptr3 == 131 && ptr3[1] == 233) : (*ptr3 == 72 && ptr3[1] == 129 && ptr3[2] == 233))
                            {
                                flag = false;
                                break;
                            }
                        }
                        if (flag)
                        {
                            ehNum = j;
                            break;
                        }
                    }
                }
                CorMethodInfoHook corMethodInfoHook = new CorMethodInfoHook
                {
                    ftn      = ftn,
                    info     = ptr,
                    clauses  = clauses,
                    newVfTbl = ptr2,
                    oldVfTbl = vfptr
                };

                corMethodInfoHook.n_getEHinfo = corMethodInfoHook.hookEHInfo;
                corMethodInfoHook.o_getEHinfo = (getEHinfo)Marshal.GetDelegateForFunctionPointer(vfptr[ehNum], typeof(getEHinfo));
                ptr2[ehNum] = Marshal.GetFunctionPointerForDelegate(corMethodInfoHook.n_getEHinfo);
                ptr->vfptr  = ptr2;
                return(corMethodInfoHook);
            }