Adam Furmanek

Hacking C# from the inside - how to do anything in NET

Ever wanted to catch a StackOverflowException? Learn how to bypass C# safety features, execute raw machine code, and hijack methods at runtime.

Hacking C# from the inside - how to do anything in NET
#1about 6 minutes

Bypassing dynamic dispatch for static method invocation

Learn how to statically control which virtual method implementation to run by generating intermediate language (IL) with the `call` instruction instead of `callvirt`.

#2about 4 minutes

How to await async void methods in C#

Implement a custom `SynchronizationContext` and `TaskScheduler` to enable awaiting `async void` methods and properly handle their exceptions.

#3about 14 minutes

Executing raw machine code from a byte array

Explore how to execute raw x86 machine code stored in a byte array by changing memory page protections and using `Marshall.GetDelegateForFunctionPointer`.

#4about 4 minutes

Hijacking .NET methods at runtime

Discover two techniques for method hijacking: modifying the method descriptor's function pointer or overwriting the method's machine code with a jump instruction.

#5about 6 minutes

A practical use case for method hijacking

Apply method hijacking to the `Process.Start` API by intercepting a constructor to run an application on a different virtual desktop, a feature not exposed by default.

#6about 2 minutes

Intercepting and handling unhandled thread exceptions

Prevent application crashes from unhandled exceptions on new threads by hijacking the `Thread` constructor to wrap the original delegate in a try-catch block.

#7about 4 minutes

How to safely handle a StackOverflowException

Use a vectored exception handler from the WinAPI combined with a setjmp/longjmp approach to catch a `StackOverflowException` and allow the application to continue safely.

Related jobs
Jobs that call for the skills explored in this talk.

Job ad Dark

SabIna compys

SabIna compys
Vienna, Austria

Remote
20-100K
Intermediate
JavaScript
.NET
+1

Matching moments

A live demo of a typosquatting attack in .NET
04:19 MIN

A live demo of a typosquatting attack in .NET

How your .NET software supply chain is open to attack : and how to fix it

Introduction to developer-first security and CTFs
04:09 MIN

Introduction to developer-first security and CTFs

Capture the Flag 101

Presenting live web scraping demos at a developer conference
01:57 MIN

Presenting live web scraping demos at a developer conference

Tech with Tim at WeAreDevelopers World Congress 2024

Q&A: SynchronizationContext, tooling, and challenges
04:13 MIN

Q&A: SynchronizationContext, tooling, and challenges

Asynchronicity and multithreading in C#

Why developers are a prime target for attackers
04:54 MIN

Why developers are a prime target for attackers

You click, you lose: a practical look at VSCode's security

Using AI to write an exploit as a non-developer
02:01 MIN

Using AI to write an exploit as a non-developer

Let’s write an exploit using AI

Overview of modern C# community-loved features
02:35 MIN

Overview of modern C# community-loved features

Modern C#: A Dive into the Community's Most Loved new Features.

How .NET applications execute on WebAssembly
01:25 MIN

How .NET applications execute on WebAssembly

Using WebAssembly to run, extend, and secure your application

Featured Partners

Related Videos

See all videos
Tips, tricks and quirks in .NET31:13

Tips, tricks and quirks in .NET

Paweł Łukaszuk

C# 13 Unleashed: Live Demos of my Top 10 Cutting-Edge Features!38:45

C# 13 Unleashed: Live Demos of my Top 10 Cutting-Edge Features!

Ambesh Singh & Sachin Kumar

Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Exploring the Latest Features of .NET and C# by Building a Game57:23

Exploring the Latest Features of .NET and C# by Building a Game

Rainer Stropek

Building a Compiler with C#41:21

Building a Compiler with C#

Florian Rappl

C# Lowering - What is it and why should I care?24:36

C# Lowering - What is it and why should I care?

Steven Giesel

Turbocharged: Writing High-Performance C# and .NET Code39:56

Turbocharged: Writing High-Performance C# and .NET Code

Steve Gordon

Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
All the videos of Halfstack London 2024!
Last month was Halfstack London, a conference about the web, JavaScript and half a dozen other things. We were there to deliver a talk, but also to record all the sessions and we're happy to share them with you. It took a bit as we had to wait for th...
All the videos of Halfstack London 2024!
CH
Chris Heilmann
Dev Digest 121 - AI goes offline
Hello fellow developer, let's take a look at the cost of AI and its efficiency, catch up on security issues and sing the praise of new JavaScript and CSS features.News and ArticlesThe way we use AI these days seems powerful, but it isn't very efficie...
Dev Digest 121 - AI goes offline
CH
Chris Heilmann
WWC24 Talk - Scott Hanselman - AI: Superhero or Supervillain?
Join Scott Hanselman at WWC24 to explore AI's role as a superhero or supervillain. Scott shares his 32 years of experience in software engineering, discusses AI myths, ethical dilemmas, and tech advancements. Engage with his live demos and insights o...
WWC24 Talk - Scott Hanselman - AI: Superhero or Supervillain?

From learning to earning

Jobs that call for the skills explored in this talk.