Is there a way to trick the .NET JIT compiler into running another method?

Question

OK, say that my application is emitting (x86) instructions into memory, making the page executable, etc. Is there a way of altering the method stub of an un-JITted method to point to my emitted instruction stream?

E.g.:

Suppose I have created an x86 instruction stream in memory, which does something arbitrary. Now, further suppose that I have a method 'int Target()'. I haven't called it yet, so it hasn't been compiled. Is there a way to:

1. Get the pointer to Target's stub
2. Make it point to my emitted instruction stream.

I realise that practically every single security feature of .NET is designed to prevent hijacking like this. But is it possible through, say, the hosting API?

Answer 1

This is possible via the Profiling API. I have never used it, but it is used for a similar purpose in TypeMock.

Edit: I think there was a nice posting on the MSDN blogs, will go hunt for it.

Edit 2: Doh, first hit!

Answer 2

Yes, you can do it!

Hook the getJit method of mscorjit. And you will be asked every time if any method require jitting. You can pass whatever you want.

Some .NET protectors works like this.