public static void Hook()
{
bool isNetFramework4 = RuntimeEnvironment.GetSystemVersion()[1] == '4';
IntPtr jitLibrary = LoadLibrary(isNetFramework4 ? "clrjit.dll" : "mscorjit.dll");
getJit getJitDelegate = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(jitLibrary, "getJit"), typeof(getJit));
IntPtr getJitAddress = *getJitDelegate();
IntPtr originalAddress = *(IntPtr *)getJitAddress;
//originalDelegate = (Data.compileMethod)Marshal.GetDelegateForFunctionPointer(getJitAddress, typeof(Data.compileMethod));
handler = HookHandler;
originalDelegate =
(Data.compileMethod)Marshal.GetDelegateForFunctionPointer(originalAddress, typeof(Data.compileMethod));
RuntimeHelpers.PrepareDelegate(originalDelegate);
RuntimeHelpers.PrepareDelegate(handler);
uint oldPl;
VirtualProtect(getJitAddress, (uint)IntPtr.Size, 0x40, out oldPl);
Marshal.WriteIntPtr(getJitAddress, Marshal.GetFunctionPointerForDelegate(handler));
VirtualProtect(getJitAddress, (uint)IntPtr.Size, oldPl, out oldPl);
}
static unsafe void Init(bool ver)
{
AntiTamperJIT.ver = ver;
ulong *ptr = stackalloc ulong[2];
if (ver)
{
ptr[0] = 0x642e74696a726c63; //clrjit.d
ptr[1] = 0x0000000000006c6c; //ll......
}
else
{
ptr[0] = 0x74696a726f63736d; //mscorjit
ptr[1] = 0x000000006c6c642e; //.dll....
}
IntPtr jit = LoadLibrary(new string((sbyte *)ptr));
ptr[0] = 0x000074694a746567; //getJit
getJit get = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(jit, new string((sbyte *)ptr)), typeof(getJit));
hookPosition = Marshal.ReadIntPtr(get());
original = Marshal.ReadIntPtr(hookPosition);
IntPtr trampoline;
if (IntPtr.Size == 8)
{
trampoline = Marshal.AllocHGlobal(16);
ulong *tptr = (ulong *)trampoline;
tptr[0] = 0xffffffffffffb848;
tptr[1] = 0x90909090e0ffffff;
uint oldPl;
VirtualProtect(trampoline, 12, 0x40, out oldPl);
Marshal.WriteIntPtr(trampoline, 2, original);
}
else
{
trampoline = Marshal.AllocHGlobal(8);
ulong *tptr = (ulong *)trampoline;
tptr[0] = 0x90e0ffffffffffb8;
uint oldPl;
VirtualProtect(trampoline, 7, 0x40, out oldPl);
Marshal.WriteIntPtr(trampoline, 1, original);
}
originalDelegate = (compileMethod)Marshal.GetDelegateForFunctionPointer(trampoline, typeof(compileMethod));
RuntimeHelpers.PrepareDelegate(originalDelegate);
}
private unsafe static void IdentifyLocals()
{
ulong *ptr = stackalloc ulong[2];
if (ver4)
{
*ptr = 7218835248827755619uL;
ptr[1] = 27756uL;
}
else
{
*ptr = 8388352820681864045uL;
ptr[1] = 1819042862uL;
}
IntPtr lib = LoadLibrary(new string((sbyte *)ptr));
* ptr = 127995569530215uL;
getJit getJit = (getJit)Marshal.GetDelegateForFunctionPointer(GetProcAddress(lib, new string((sbyte *)ptr)), typeof(getJit));
IntPtr intPtr = *getJit();
IntPtr val = *(IntPtr *)(void *)intPtr;
IntPtr intPtr2;
uint lpflOldProtect;
if (IntPtr.Size == 8)
{
intPtr2 = Marshal.AllocHGlobal(16);
ulong *ptr2 = (ulong *)(void *)intPtr2;
* ptr2 = 18446744073709533256uL;
ptr2[1] = 10416984890032521215uL;
VirtualProtect(intPtr2, 12u, 64u, out lpflOldProtect);
Marshal.WriteIntPtr(intPtr2, 2, val);
}
else
{
intPtr2 = Marshal.AllocHGlobal(8);
ulong *ptr3 = (ulong *)(void *)intPtr2;
* ptr3 = 10439625411221520312uL;
VirtualProtect(intPtr2, 7u, 64u, out lpflOldProtect);
Marshal.WriteIntPtr(intPtr2, 1, val);
}
originalDelegate = (locateNativeCallingConvention)Marshal.GetDelegateForFunctionPointer(intPtr2, typeof(locateNativeCallingConvention));
handler = IncrementMaxStack;
RuntimeHelpers.PrepareDelegate(originalDelegate);
RuntimeHelpers.PrepareDelegate(handler);
VirtualProtect(intPtr, (uint)IntPtr.Size, 64u, out lpflOldProtect);
Marshal.WriteIntPtr(intPtr, Marshal.GetFunctionPointerForDelegate(handler));
VirtualProtect(intPtr, (uint)IntPtr.Size, lpflOldProtect, out lpflOldProtect);
}
