Sunday, September 23, 2012

.Net CLR Injection : Modify IL Codes on Run-time

Introduction 

Modifying .Net methods' MSIL codes during run-time is very cool, it helps to implement hooking, software protection and other amazing stuff. That's why I want it, but there is a big challenge on the road -- the MSIL code could have been complied to native code by JIT-complier before we have a chance to modify them; also the .Net CLR implantation is not documented and it changes during each version, we need a stable way. 

 Anyway, after more than one week research, finally I made it! 
Here is a simple method in the demo problem  

protected string CompareOneAndTwo()
{
    int a = 1;
    int b = 2;
    if (a < b)
    {
        return "Number 1 is less than 2";
    }
    else
    {
        return "Number 1 is greater than 2 (O_o)";
    }
}

Certainly it returns "Number 1  is less than 2"; let's try to make it returns the incorrect result "Number 1 is greater than 2 (O_o)"

Looking at the MSIL codes for this method, we can do it by changing the opcode from Bge_S to Blt_S. and then the jump works in a different logic which returns wrong result, that is what I need.

Inline image 2

And if you try in the demo application, it shows wrong answer as below.

Read more: Codeproject
QR: Inline image 1

Posted via email from Jasper-Net