How do I convert c# method name to a pointer and length in the .exe or .dll file

Question

0.00/5 (No votes)

See more:

Currently I'm patching a few .dll files (by using my own byte patcher), plus using the .NET reflector with reflexil. Everything is nearly perfect, however it takes 4-5x a week around 15 minutes each. I don't have the full sourcecode of the binaries, but more than enough to know what and how to change in the binaries.

The most time takes, when I use the rflector to patch a few, very similar (excluding the addresses nearly the same) methods.

If I use this byte sequence, it will find numerous hits: (dummy) 02&B????????2A (ldarg.0, ldfld x, ret), but I would need only a few, based on the method name.

[ 1 ] Can I get the list of all (I can filter) method names with the exact file pointer+length in bytes?

My current 2nd idea is using the ildasm and (regex?) somehow finding out the exact method pointer in the file... (still checking it how is it possible)

[ 2 ] I am also pathcing 2 enum values manually. (this I already figured out that it is a field and it's possible to get a list of them) However I'm also struggling with this also.

Thanks your contribution

Posted 19-Sep-14 0:14am

Member 11094468

Add a Solution

Comments

George Jonsson 19-Sep-14 8:26am

Just an observation.
Not sure of your actual requirements here, but how much time would it take you to write new modules and replace those you need to update compared to doing this patching that is bound to end up in tears.
You say you have enough of the source code.

Sergey Alexandrovich Kryukov 19-Sep-14 11:38am

No need to do anything like that. Reflector or ILSpy can reverse-engineer the whole thing. Please see my answer.
—SA

George Jonsson 19-Sep-14 12:00pm

You have a point, Sergey.
Me just old and was thinking C++ and Win32.
Still patching is the very last resort.

Sergey Alexandrovich Kryukov 19-Sep-14 12:24pm

Sure. When I started, I had a readily available patcher (VAX/VMS); patching was quite feasible, I tried it. But using it for really patching looked just crazy.
—SA

Member 11094468 19-Sep-14 8:55am

Thank you George,
Well (my bad) I did not think about it, because I don't have the full trunk neither a full solution or project files. We used to get a full build in every 6 weeks (still 3 weeks left if I'm right), and we got promise that the modules - whose .dlls I'm patching every day in the last 3-4 weeks will be finally fixed. Patching works 100%, but since I'm constructively lazy, I don't like unnecessary repetitive tasks and just today my fuse has been blown.

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sergey Alexandrovich Kryukov · Answer 1 · 2014-09-19T05:37:00

What are you event talking about? If you are using Reflector, the PE files you are using are the modules of some .NET assemblies.

But with Reflector (as well as with open-source ILSpy) you can always reverse-engineer the whole assembly. It is translated onto a whole C# or VB.NET project reading for compilation. The quality of code, readability is excellent (I used only ILSpy). Reverse-engineer it in one shot and then simply modify the code the way you need.

Please see my past answers where I explain how to do it:
Code Interpretation, C# to VB.NET[^],
Need to convert vb code to c#[^],
FixedPage to ContentPage convert c# code into vb.net[^],
Source Code from a exe[^].

—SA

Member 11094468 · Answer 2 · 2014-09-19T01:35:00

Found an ugly solution for the 1st question:

C#

// 1. Ugliness: all the .dll dependencies have to be copied to the same dir
// 2. Ugliness: Finding the correct fileOffset is by the MSIL code (find bytes in file), not based on quick (file) pointers
Assembly assembly = Assembly.LoadFrom(@"xxx.dll");
types = assembly.GetTypes();
foreach (Type t in types)
{
  MethodInfo[] mis = t.GetMethods();
  foreach (MethodInfo mi in mis)
  {
    if (mi.Name.StartsWith("get_aaa", StringComparison.OrdinalIgnoreCase))
    {
      MethodBody mb = mi.GetMethodBody();
      if (mb != null)
      {
        byte[] msil = mb.GetILAsByteArray();
        // Using the msil, a "brute force" find-bytes-in-file will returns the FileOffset and the Length (of the IL code) in bytes
        // Ugly like hell, but works...
      }
    }
  }
}

2nd question is still pending...

How do I convert c# method name to a pointer and length in the .exe or .dll file

2 solutions

Solution 2

Solution 1

Add your solution here

Preview 0