x86 Mono "safe" native data access

Started by RawCode, May 16, 2016, 07:14:17 AM

Previous topic - Next topic


Not safe actually.

Platform independant (should be) native bindings that actually works with a13 public build;
Implementation sample;
Proof of work;


//partial map for MonoJitInfo unmanaged structure
[StructLayout(LayoutKind.Explicit)] public unsafe struct u_MonoJitInfo
[FieldOffset(0) ] public int  *dmethod;
[FieldOffset(8) ] public int  *code_start;
[FieldOffset(16)] public int   code_size;

//partial map for MonoMethod unamanged structure
[StructLayout(LayoutKind.Explicit)] public unsafe struct u_MonoMethod
[FieldOffset(16) ] public int* name;


static extern private unsafe int* mono_method_full_name(int* MonoMethod, bool signature = true);

static extern private unsafe int* mono_jit_info_table_find(void* MonoDomain, void* ptr2function);

static extern private unsafe void mono_print_method_from_ip(int* ptr2mfunction);

static extern private unsafe void* mono_domain_get ();

Implementation (including mapping unmanaged memory to "managed" struct:

static public void MethodFastPrint(Type t, string s)
MethodInfo mi = t.GetMethod (s, (BindingFlags)60);
if (mi == null)
void* fpraw = mi.MethodHandle.GetFunctionPointer().ToPointer();
void* jitinforaw = mono_jit_info_table_find (mono_domain_get (), fpraw);
u_MonoJitInfo jitinfo = *(u_MonoJitInfo*)jitinforaw;
int size = jitinfo.code_size;
int i = 0;

byte* walk = (byte*)fpraw;

Console.WriteLine ("IP BEGIN " + mi);
while (i < size)
Console.WriteLine ("{0:X2}", walk[i]);
Console.WriteLine ("IP END " + mi);

proof of work (you will need to replace console write with logger warning or similar:

[attachment deleted by admin - too old]


Could you explain to low life peasant like me what does it do and how to use that? Is that a form of platform independant detouring or something else?


this is sneak peak for advanced detouring.

this code allows to detect real (malloc) size of function, in other case you can't know, will your injected code fit allocation or not.


But your previous detouring method works fine in most cases too (except for overloaded methods). How would this one be used in particular? Could you provide any real example of using it?


you can read (and write) any function in reliable manner, without any risk of damaging other functions or hitting read violation.

previous reference implementation had no such checks, now such check is possible.


I haven't met such case before, but i understand that code was unsafe and could cause troubles. Using your new discovery, could you add it as part of the TryDetourFromTo(method1, method2) detouring wrapper and post it here?


Yes, a practical example would be very helpful.  Trying to understand the abstract theoretical when we aren't privilege to your thought process and research makes it a bit unclear.  :)

I'd really love to have a better implementation for CCL's detouring which would be (a) non-destructive and (b) allow for different handlers in different situations.  This method sounds promising on those fronts but I don't understand how to implement it based on what you've posted.
(2*b)||!(2*b) - That is the question.
There are 10 kinds of people in this world - those that understand binary and those that don't.

Powered By



actually really soon and you will like how it works.