JITHOOK
The goal of this repository is to show you techniques for packing/unpacking .NET assemblies (programs) by abusing .NET's JIT mechanism.
Build
- Clone this project
git clone --recursive https://github.com/LJP-TW/JITHook.git - Install lief-project/LIEF.
- Download LIEF-0.12.1-win64.zip
- Decompress it to
JITHook/Lib. The following is the expected directory structure:JITHook/ |- JITDemo |- JITPacker |- JITUnpacker |- ... |- Lib |- dnlib |- LIEF-0.12.1-win64 |- include |- lib- (You can remove folders
binandsharein the LIEF folder) - (See LIEF Documentation for troubleshooting)
- (You can remove folders
- Open
JIT_Hook.slnwith Visual Studio Community 2022, configure project with release x64, press ctrl+shift+b to build the whole solution. - Check
JITHook/Releaseto see result
Usage
JITDemo
JITDemo.exe
It's just a demo of patching method IL.
You can try to reverse-engineer it :)
JITPacker
JITPacker.exe [OPTION] <program path>
JITPacker.exe will pack the program.
OPTION:
-o <PATH>: Set output file path. Default path istestprog_packed.exe.
Default program path is testprog.exe.
JITUnpacker
JITUnpacker.exe [OPTION] <packed program path>
WARNING: Please run JITUnpacker.exe in an isolated environment as it will execute the packed program.
JITUnpacker.exe will try to unpack the packed program.
OPTION:
-v <LEVEL>: Set verbose level, LEVEL can be 0 ~ 3. Default value is 2. Set LEVEL to a higher value to see more information.-o <PATH>: Set output file path. Default path isoutput.exe_.
Default packed program path is JIThook.exe.
testprog
A test program with different functions:
- Tiny format function
- Tiny format function that throw exception
- Fat format function with large size of IL code
- Fat format function with local variables
- Fat format function with exception handler