Click here to Skip to main content
15,867,686 members
Articles / Programming Languages / MSIL

ILRewriting for beginners

Rate me:
Please Sign up or sign in to vote.
4.56/5 (15 votes)
27 Sep 2012Ms-PL11 min read 61.7K   1.4K   46  
Runtime IL-Rewriting can be used to add behavior such as logging to applications, or redirect calls from one API to another. This article and accompanying source code explains how to substitute a method call at runtime.
// ----------------------------------------------------------------------------------------------
// Copyright (c) Mattias H�gstr�m.
// ----------------------------------------------------------------------------------------------
// This source code is subject to terms and conditions of the Microsoft Public License. A 
// copy of the license can be found in the License.html file at the root of this distribution. 
// If you cannot locate the Microsoft Public License, please send an email to 
// dlr@microsoft.com. By using this source code in any fashion, you are agreeing to be bound 
// by the terms of the Microsoft Public License.
// ----------------------------------------------------------------------------------------------
// You must not remove this notice, or any other, from this software.
// ----------------------------------------------------------------------------------------------

#include "stdafx.h"

#include "InterceptAPI.h"
#include "MetadataHelper.h"
#include "OpCodeParser.h"

InterceptAPI::InterceptAPI()
{

}

InterceptAPI::~InterceptAPI()
{

}

static const BYTE keyEMCAInterceptLib[] = { 0xca, 0xf2, 0x7b, 0x24, 0xca, 0xa5, 0xa1, 0x88 };

ULONG InterceptAPI::ReplaceDateTimeNowCalls(ICorProfilerInfo* info, ModuleID moduleId, BYTE* ILBytes, ULONG ILBytesSize)
{
   ULONG keyEMCAInterceptLibSize = sizeof(keyEMCAInterceptLib);
   mdTypeRef dateTimeTypeRef = mdTypeRefNil;
   mdMemberRef getNowMemberRef = mdMemberRefNil;

   HRESULT hr = S_OK;
   hr = MetadataHelper::ResolveMethodRef(info, moduleId, L"System.DateTime", L"get_Now", &dateTimeTypeRef, &getNowMemberRef);
   if (hr != S_OK)
      return 0;
   
   mdMemberRef newMemberRef = mdMemberRefNil;
   MetadataHelper::DeclareZeroParamsFunctionReturningObject(info,
      moduleId,
      L"InterceptLib", keyEMCAInterceptLib,
      keyEMCAInterceptLibSize,
      L"InterceptLib.DebugLogger",
      L"get_Now",
      dateTimeTypeRef,
      &newMemberRef);

   ULONG count = OpCodeParser::ReplaceFunctionCall(ILBytes, ILBytesSize, getNowMemberRef, newMemberRef);
   return count;
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Microsoft Public License (Ms-PL)


Written By
Architect Visma Software AB
Sweden Sweden
Mattias works at Visma, a leading Nordic ERP solution provider. He has good knowledge in C++/.Net development, test tool development, and debugging. His great passion is memory dump analysis. He likes giving talks and courses.

Comments and Discussions