How to replace a pointer to a pointer to a method in a class of my method inherited from the system class?

前端 未结 1 627
忘了有多久
忘了有多久 2021-01-03 12:09

Already asked this question. How to replace the pointer to the overridden (virtual) method in the pointer of my method? (Release x64 and x86) Thanks @Machine Learning, solv

相关标签:
1条回答
  • 2021-01-03 12:44

    When the target class is derived from MarshalByRefObject, then the ReplaceInner (for normal methods) stops working but ReplaceVirtualInner (for overridden methods) is ok.

    MarshalByRefObject is the base class for objects that communicate across application domain boundaries by exchanging messages using a proxy. Objects that do not inherit from MarshalByRefObject are implicitly marshal by value. When a remote application references a marshal by value object, a copy of the object is passed across application domain boundaries.

    This could be partially fixed by marking as virtual the method to replace.

    But when the target class is derived from Content also the ReplaceVirtualInner (for overridden methods) stops working.

    Unfortunately Windows.Forms are derived from both of them, so I don't see an easy work-around.

    Different approaches and alternatives

    You may want to consider a different approach: a basic example of tracing with PostSharp and Aspect-Oriented Programming, a CodeProject article and the doc about tracing.

    Furthermore, another alternative (don't know if possible for you) is to use the UserControl of WPF instead of Forms and in that case the normal method replacement would work fine (after you've imported the needed assemblies and made the Main [STAThread])

    Final solution with Reverse Engineering

    Ok, if you really want to make it work at any cost, let's proceed with reversing the target.

    Open your compiled .exe with CFF Explorer.

    Locate the tables under .Net Directory> MetaData Streams and ungroup the Method Tables. You will find the 2 methods with the same name and different RVA corresponding to the 2 classes (TypeDef). You simply have to ovverride the target RVA with the injection method RVA and save the reversed exe with a new name.

    0 讨论(0)
提交回复
热议问题