Closed yangboyd closed 7 months ago
It looks like you are patching inside a web container. Web containers can have extra protection that prevents code execution across appdomains. The stack trace and the Harmony log show that the method was patched correctly and I don’t know what I could fix as Harmony seems to do its job just fine.
Thanks
It looks like you are patching inside a web container. Web containers can have extra protection that prevents code execution across appdomains. The stack trace and the Harmony log show that the method was patched correctly and I don’t know what I could fix as Harmony seems to do its job just fine.
Hook some obfuscated dll methods.
.Net 4.0.30319 Harmony 2.2.0 Windows x64 process x86
original method in dnSpy. public bool IsFormalVer() { object obj = (object)this; MethodBase currentMethod = MethodBase.GetCurrentMethod(); uint num = 123324U; if (!true) { } int num2 = 140; if (!true) { } if (!true) { } if (false) { } uint num3 = 123292U; if (false) { } if (false) { } if (false) { } \u0011\u0008\u000B\u000C\u0014\u000A.\u001C\u001B\u001B\u0017\u0007\u0003 u001C_u001B_u001B_u0017_u0007_u = \u0011\u0008\u000B\u000C\u0014\u000A.\u0018\u000B\u0009\u0010\u0011\u0008(obj, currentMethod, num, num2, num3, 32U, 302037U, 218692U, 45); object[] array = new object[1]; if (!true) { } if (false) { } array[0] = this; return (bool)u001C_u001B_u001B_u0017_u0007_u.\u0005\u0001\u0004\u0004\u0005\u0003\u0005\u0004\u0005\u0001\u0004\u0003\u0002\u0003(this, array); }
Crash CallStack: 2024-02-05 21:56:51.756
[错误]
[SMR]PID:2
PName:d9994b75-1-133516149926149467TID:10
dsName:() sessionid:(f0hnw0bhwfradvesj2hpfhgc)errmsg:sense: 对象的当前状态使该操作无效(The object's current state invalidates the operation)。 类:XXXX.X.XX.Login.Service.dll 方法: (System.Object, System.Reflection.MethodBase, UInt32, Int32, UInt32, UInt32, UInt32, UInt32, Int32) 类:XXXX.X.XX.Login.Service.dll 方法:Boolean XXXX.X.XX.Login.Service.YYYWrapperService.IsFormalVer_Patch2(XXXX.X.XX.Login.Service.YYYWrapperService) 类:XXXX.X.XX.Login.Interface.dll IYYYWrapper 方法:Boolean IsFormalVer() 类:XXXX.X.XX.Login.UIP.dll LoginManager 方法:System.Object GetVersionType();XXXX.X.XX.Login.Service.YYYWrapperService.IsFormalVer
traceid:[e231afb4-4540-4417-a9bf-cec9693a7a12] ` CallStack: 在 ZZZ.Z.ZZZ.Logging.LogImp.getLogString(String style, Object message, Exception exception) 在 ZZZ.Z.ZZZ.Logging.LogImp.Error(Object message) 在 ZZZ.Z.ZZZ.Aop.Util.ServiceMethodResvol.logStrace(ILog log, Exception e, String extenError) 在 ZZZ.Z.ZZZ.Aop.Util.ServiceMethodResvol.InvokeNormalMethod(ServiceMethod smAttribute, MethodInfo m, Object instance, Object[] args) 在 ZZZ.Z.ZZZ.Aop.Dynamic.LocalCallDynamicProxyImpl.NormalInvoke(MethodBase method, Object[] args, Boolean needFreeCuid) 在 ZZZ.Z.ZZZ.Aop.Dynamic.LocalCallDynamicProxyImpl.Invoke(IMessage message) 在 System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) 在 XXXX.X.XX.Login.Interface.IYYYWrapper.IsFormalVer() 在 XXXX.X.XX.Login.UIP.LoginManager.GetVersionType() 在 System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor) 在 System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments) 在 System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) 在 System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters) 在 AjaxPro.AjaxProcHelper.Run() 在 AjaxPro.AjaxSyncHttpHandler.ProcessRequest(HttpContext context) 在 System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() 在 System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) 在 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) 在 System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error) 在 System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData) 在 System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr) 在 System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr) 在 System.Web.HttpRuntime.ProcessRequest(HttpWorkerRequest wr) 在 Mono.WebServer.MonoWorkerRequest.ProcessRequest() 在 Mono.WebServer.BaseApplicationHost.ProcessRequest(MonoWorkerRequest mwr) 在 Mono.WebServer.FastCgi.ApplicationHost.ProcessRequest(Responder responder) 在 System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs) 在 System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg) 在 System.Runtime.Remoting.Messaging.ServerObjectTerminatorSink.SyncProcessMessage(IMessage reqMsg) 在 System.Runtime.Remoting.Messaging.ServerContextTerminatorSink.SyncProcessMessage(IMessage reqMsg) 在 System.Runtime.Remoting.Channels.CrossContextChannel.SyncProcessMessageCallback(Object[] args) 在 System.Threading.Thread.CompleteCrossContextCallback(InternalCrossContextDelegate ftnToCall, Object[] args) 在 System.Threading.Thread.InternalCrossContextCallback(Context ctx, IntPtr ctxID, Int32 appDomainID, InternalCrossContextDelegate ftnToCall, Object[] args) 在 System.Runtime.Remoting.Channels.CrossContextChannel.SyncProcessMessage(IMessage reqMsg) 在 System.Runtime.Remoting.Channels.ChannelServices.SyncDispatchMessage(IMessage msg) 在 System.Runtime.Remoting.Channels.CrossAppDomainSink.DoDispatch(Byte[] reqStmBuff, SmuggledMethodCallMessage smuggledMcm, SmuggledMethodReturnMessage& smuggledMrm) 在 System.Runtime.Remoting.Channels.CrossAppDomainSink.DoTransitionDispatchCallback(Object[] args) 在 System.Threading.Thread.CompleteCrossContextCallback(InternalCrossContextDelegate ftnToCall, Object[] args)Harmony.log
Harmony id=com.company.project, version=2.2.2.0, location=C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tplus\29011d3f\92bb07db\assembly\dl3\d3dba100\009847f2_8a9bd801\0Harmony.dll, env/clr=4.0.30319.42000, platform=Win32NT, ptrsize:runtime/env=4/Bits64, Windows
Started from static System.Int32 TestDLL.Class1::PatchSomeMethods(System.Reflection.Assembly selectAssembly, System.String TestParam), location C:\Windows\system32\config\systemprofile\AppData\Local\assembly\dl3\DBZDR2EJ.NQR\7OCKAQCQ.A99\2295b166\df6551bd_3458da01\TestDLL.dll
At 2024-02-05 09.56.38
Patch: virtual System.Boolean XXXX.X.XX.Login.Service.YYYWrapperService::IsFormalVer()
Replacement: static System.Boolean XXXX.X.XX.Login.Service.YYYWrapperService::XXXX.X.XX.Login.Service.YYYWrapperService.IsFormalVer_Patch2(XXXX.X.XX.Login.Service.YYYWrapperService this)
IL_0000: Local var 0: System.Object[] IL_0000: Local var 1: System.Object[] IL_0000: Local var 2: System.Boolean IL_0000: Local var 3: System.Boolean IL_0000: ldc.i4 0 IL_0005: stloc 2 (System.Boolean) IL_0009: ldc.i4 0 IL_000E: stloc 3 (System.Boolean) IL_0012: ldc.i4.1 IL_0013: stloc 3 (System.Boolean) IL_0017: ldloc 3 (System.Boolean) IL_001B: brfalse => Label1 IL_0020: ldloca 2 (System.Boolean) IL_0024: call static System.Boolean TestDLL.PatchYYYWrapperService::IsFormalVerPrefix(System.Boolean& __result) IL_0029: stloc 3 (System.Boolean) IL_002D: Label1 IL_002D: nop IL_002E: ldloc 3 (System.Boolean) IL_0032: brfalse => Label0 IL_0037: // start original IL_0037: ldarg.0 IL_0038: castclass System.Object IL_003D: call static System.Reflection.MethodBase System.Reflection.MethodBase::GetCurrentMethod() IL_0042: ldc.i4 123324 IL_0047: br => Label2 IL_004C: Label28 IL_004C: br => Label3 IL_0051: ldind.r8 IL_0052: ldind.i IL_0053: Label18 IL_0053: ldc.i4 32 IL_0058: ldc.i4 302037 IL_005D: ldc.i4 218692 IL_0062: ldc.i4 45 IL_0067: call static loader. loader. :: (System.Object , System.Reflection.MethodBase , System.UInt32 , System.Int32 , System.UInt32 , System.UInt32 , System.UInt32 , System.UInt32 , System.Int32 ) IL_006C: ldarg.0 IL_006D: ldc.i4 1 IL_0072: newarr System.Object IL_0077: dup IL_0078: br => Label4 IL_007D: Label10 IL_007D: dup IL_007E: ldc.i4 0 IL_0083: ldarg 0 IL_0087: stelem.ref IL_0088: callvirt System.Object loader.::(System.Object , System.Object[] ) IL_008D: unbox.any System.Boolean IL_0092: br => Label29 IL_0097: Label3 IL_0097: ldc.i4.1 IL_0098: brtrue => Label5 IL_009D: ldc.i4.0 IL_009E: pop IL_009F: Label5 IL_009F: br => Label6 IL_00A4: Label13 IL_00A4: br => Label7 IL_00A9: neg IL_00AA: Label4 IL_00AA: Label16 IL_00AA: ldc.i4.1 IL_00AB: brtrue => Label8 IL_00B0: ldc.i4.1 IL_00B1: pop IL_00B2: Label8 IL_00B2: br => Label9 IL_00B7: Label26 IL_00B7: br => Label10 IL_00BC: Label6 IL_00BC: ldc.i4.1 IL_00BD: brtrue => Label11 IL_00C2: ldc.i4.m1 IL_00C3: pop IL_00C4: Label11 IL_00C4: br => Label12 IL_00C9: ldc.i4.5 IL_00CA: stloc.2 IL_00CB: Label24 IL_00CB: br => Label13 IL_00D0: Label7 IL_00D0: ldc.i4.0 IL_00D1: brfalse => Label14 IL_00D6: ldc.i4.1 IL_00D7: pop IL_00D8: Label14 IL_00D8: br => Label15 IL_00DD: ldloc.0 IL_00DE: ldind.r4 IL_00DF: Label19 IL_00DF: Label22 IL_00DF: br => Label16 IL_00E4: Label21 IL_00E4: ldc.i4.0 IL_00E5: brfalse => Label17 IL_00EA: ldc.i4.5 IL_00EB: pop IL_00EC: Label17 IL_00EC: br => Label18 IL_00F1: br => Label19 IL_00F6: Label15 IL_00F6: ldc.i4.0 IL_00F7: brfalse => Label20 IL_00FC: ldc.i4.3 IL_00FD: pop IL_00FE: Label20 IL_00FE: br => Label21 IL_0103: br => Label22 IL_0108: Label12 IL_0108: ldc.i4.0 IL_0109: brfalse => Label23 IL_010E: ldc.i4.5 IL_010F: pop IL_0110: Label23 IL_0110: ldc.i4 123292 IL_0115: br => Label24 IL_011A: Label9 IL_011A: ldc.i4.0 IL_011B: brfalse => Label25 IL_0120: ldc.i4.1 IL_0121: pop IL_0122: Label25 IL_0122: stloc.0 IL_0123: br => Label26 IL_0128: Label2 IL_0128: ldc.i4.1 IL_0129: brtrue => Label27 IL_012E: ldc.i4.3 IL_012F: pop IL_0130: Label27 IL_0130: ldc.i4 140 IL_0135: br => Label28 IL_013A: // end original IL_013A: Label29 IL_013A: stloc 2 (System.Boolean) IL_013E: Label0 IL_013E: ldloca 2 (System.Boolean) IL_0142: call static System.Void TestDLL.PatchYYYWrapperService::IsFormalVerPostfix(System.Boolean& __result) IL_0147: ldloc 2 (System.Boolean) IL_014B: ret DONE