الفريق العربي للهندسة العكسية

الفريق العربي للهندسة العكسية > ENGLISH FORUM > Tutorials > JITHook .NET JIT Compilation Hooking Technique and Its Packer / Unpacker
نسخة كاملة : JITHook .NET JIT Compilation Hooking Technique and Its Packer / Unpacker
أنت حالياً تتصفح نسخة خفيفة من المنتدى . مشاهدة نسخة كاملة مع جميع الأشكال الجمالية .

Stingered

02-08-2025, 01:56 PM
GITHUB location:
LJP-TW/JITHook

Documentation in PDF format:
PowerPoint Presentation

ALT D/L location attached.

 JITHOOK
The goal of this repository is to show you techniques for packing/unpacking .NET assemblies (programs) by abusing .NET's JIT mechanism.
Build
  1. Clone this project
    git clone --recursive https://github.com/LJP-TW/JITHook.git
  2. Install lief-project/LIEF.
    • Download LIEF-0.12.1-win64.zip
    • Decompress it to 
      JITHook/Lib
      . The following is the expected directory structure:
      JITHook/
|- JITDemo
|- JITPacker
|- JITUnpacker
|- ...
|- Lib
   |- dnlib
   |- LIEF-0.12.1-win64
      |- include
      |- lib
      • (You can remove folders 
        bin
         and 
         
        share
         in the LIEF folder)
      • (See LIEF Documentation for troubleshooting)
  3. Open 
    JIT_Hook.sln
     with Visual Studio Community 2022, configure project with release x64, press ctrl+shift+b to build the whole solution.
  4. Check 
    JITHook/Release
     to see result
UsageJITDemo
 
JITDemo.exe
It's just a demo of patching method IL.
You can try to reverse-engineer it Smile
JITPacker
 
JITPacker.exe [OPTION] <program path>


JITPacker.exe
 will pack the program.
OPTION:
  • -o <PATH>
    : Set output file path. Default path is 
     
    testprog_packed.exe
    .
Default program path is 
 
testprog.exe
.
JITUnpacker
 
JITUnpacker.exe [OPTION] <packed program path>
WARNING: Please run 
 
JITUnpacker.exe
 in an isolated environment as it will execute the packed program.
 
JITUnpacker.exe
 will try to unpack the packed program.
OPTION:
  • -v <LEVEL>
    : Set verbose level, LEVEL can be 0 ~ 3. Default value is 2. Set LEVEL to a higher value to see more information.
  • -o <PATH>
    : Set output file path. Default path is 
     
    output.exe_
    .
Default packed program path is 
 
JIThook.exe
.
testprogA test program with different functions:
  • Tiny format function
  • Tiny format function that throw exception
  • Fat format function with large size of IL code
  • Fat format function with local variables
  • Fat format function with exception handler
الفريق العربي للهندسة العكسية > ENGLISH FORUM > Tutorials > JITHook .NET JIT Compilation Hooking Technique and Its Packer / Unpacker