Browse Prior Art Database

System for performing Bytecode Injection (BCI) into a Microsoft .NET Common Language Runtime (CLR)

IP.com Disclosure Number: IPCOM000211212D
Publication Date: 2011-Sep-27
Document File: 5 page(s) / 47K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for dynamically injecting Common Intermediate Language bytecode into a compiled Microsoft .NET Framework application without having to modify its source code

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 30% of the total text.

Page 01 of 5

System for performing Bytecode Injection (BCI) into a Microsoft .NET Common Language Runtime (CLR)

Disclosed is a method for dynamically injecting Common Intermediate Language (CIL)


[1] bytecode into a compiled Microsoft .NET Framework * (.NET) [2] application without having to modify its source code, for the purpose of instrumenting commercial .NET server applications to allow the performance tracking of transactions initiated by a client.

The method is novel because it can inject CIL code into a compiled .NET application with these unique characteristics: Minimal (the method injects the minimal amount of instrumentation code), Dynamic (the method injects instrumentation code dynamically into the .NET application only when needed), In-line (the method injects instrumentation code directly into the desired modules), and Non-permanent (the method injects instrumentation code directly in memory after loading).

This method works by constructing a .NET profiler program. This .NET profiler program leverages the .NET profiling API present in the .NET Framework SDK [3]. The method will leverage the .NET profiling API methods to write a special-purpose profiler for dynamic, in-line, and in-memory method modification of the application, so as to inject new instrumentation into the .NET application. This new instrumentation is implemented by injecting a call instruction to transaction tracking functions defined in a separate, new .NET callback assembly [4] Dynamic Link Library (DLL) previously installed in the .NET Global Assembly Cache (GAC) [5] containing the code necessary to inspect the parameters and fields of the original function and send events to the transaction server.

The method's architecture has 2 sub components:


- Bytecode Injection (BCI) Engine: injects code at load time. Implemented as a .NET Profiler DLL. Also referenced as the .NET profiler DLL or simply as the .NET profiler


- Managed Code assembly - run time module where injected methods are executed, also takes the form of a DLL, and installed into the .NET GAC

The architecture described is depicted in Figure 1:

1


Page 02 of 5

Figure 1. Method Component Architecture

The BCI engine component is a .NET Common Language Runtime (CLR) profiler [6]. This is implemented as a native DLL that consists of functions that receive messages from, and send messages to, the CLR by using the .NET profiling API. This DLL is loaded by the CLR at run time, and is loaded into the same process space as the application that is being instrumented. This DLL is implemented in the form of an unmanaged Component Object Model (COM) [8] server using the ICorProfilerCallback and ICorProfilerCallback2 interfaces in the .NET SDK [7]. The CLR calls the methods in that interface to notify the .NET profiler of events in the instrumented process. The .NET profiler can call back into the CLR using the same interfaces to interact with the instrumented application.

Figure 2 shows the interaction of the .NET p...