daily pastebin goal
24%
SHARE
TWEET

inject byte[] using dnlib

a guest Jun 2nd, 2015 123 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. using System;
  2. using System.Collections.Generic;
  3. using System.IO;
  4. using dnlib.DotNet;
  5. using dnlib.DotNet.Emit;
  6.  
  7. class Program
  8. {
  9.         // returns FieldDef of injected byte[]
  10.         static FieldDef InjectArray(ModuleDefMD mod, byte[] injectedData, string injectedName)
  11.         {
  12.                 // we'll have to import lots of new stuff into our module
  13.                 Importer importer = new Importer(mod);
  14.  
  15.                 // add class with layout
  16.                 ITypeDefOrRef valueTypeRef = importer.Import(typeof(System.ValueType));
  17.                 TypeDef classWithLayout = new TypeDefUser("dummyClass", valueTypeRef);
  18.                 classWithLayout.Attributes |= TypeAttributes.Sealed | TypeAttributes.ExplicitLayout;
  19.                 classWithLayout.ClassLayout = new ClassLayoutUser(1, (uint)injectedData.Length);
  20.                 mod.Types.Add(classWithLayout);
  21.  
  22.                 // add field with proper InitialValue
  23.                 FieldDef fieldWithRVA = new FieldDefUser("dummyField", new FieldSig(classWithLayout.ToTypeSig()), FieldAttributes.Static | FieldAttributes.Assembly | FieldAttributes.HasFieldRVA);
  24.                 fieldWithRVA.InitialValue = injectedData;
  25.                 mod.GlobalType.Fields.Add(fieldWithRVA);
  26.  
  27.                 // add byte[] field
  28.                 ITypeDefOrRef byteArrayRef = importer.Import(typeof(System.Byte[]));
  29.                 FieldDef fieldInjectedArray = new FieldDefUser(injectedName, new FieldSig(byteArrayRef.ToTypeSig()), FieldAttributes.Static | FieldAttributes.Public);
  30.                 mod.GlobalType.Fields.Add(fieldInjectedArray);
  31.  
  32.                 // and finally add code to global .cctor to initialize array.
  33.                 /*
  34.                   ldc.i4     XXXsizeofarrayXXX
  35.                   newarr     [mscorlib]System.Byte
  36.                   dup
  37.                   ldtoken    field valuetype className fieldName
  38.                   call       void [mscorlib]System.Runtime.CompilerServices.RuntimeHelpers::InitializeArray(class [mscorlib]System.Array, valuetype [mscorlib]System.RuntimeFieldHandle)
  39.                   stsfld     uint8[] bla
  40.                  */
  41.                 ITypeDefOrRef systemByte = importer.Import(typeof(System.Byte));
  42.                 ITypeDefOrRef runtimeHelpers = importer.Import(typeof(System.Runtime.CompilerServices.RuntimeHelpers));
  43.                 IMethod initArray = importer.Import(typeof(System.Runtime.CompilerServices.RuntimeHelpers).GetMethod("InitializeArray", new Type[] { typeof(System.Array), typeof(System.RuntimeFieldHandle) }));
  44.  
  45.                 MethodDef cctor = mod.GlobalType.FindOrCreateStaticConstructor();
  46.                 IList<Instruction> instrs = cctor.Body.Instructions;
  47.                 instrs.Insert(0, new Instruction(OpCodes.Ldc_I4, injectedData.Length));
  48.                 instrs.Insert(1, new Instruction(OpCodes.Newarr, systemByte));
  49.                 instrs.Insert(2, new Instruction(OpCodes.Dup));
  50.                 instrs.Insert(3, new Instruction(OpCodes.Ldtoken, fieldWithRVA));
  51.                 instrs.Insert(4, new Instruction(OpCodes.Call, initArray));
  52.                 instrs.Insert(5, new Instruction(OpCodes.Stsfld, fieldInjectedArray));
  53.  
  54.                 return fieldInjectedArray;
  55.         }
  56.  
  57.         static void Main(string[] args)
  58.         {
  59.                 ModuleDefMD mod = ModuleDefMD.Load(args[0]);
  60.                 FieldDef x = InjectArray(mod, new byte[] { 1, 2, 3, 4, 5, 6 }, "hello world!");
  61.                 mod.Write(Path.ChangeExtension(args[0], "patched" + Path.GetExtension(args[0])));
  62.         }
  63. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top