This is the fourth part of the .NET Inside Out series. For your convenience you can find other parts in the table of contents in Part 1 – Virtual and non-virtual calls in C#

Clickbait title once again. We have already seen how to override sealed function which we did by performing jump to other method. Today we are going to do that by rewriting CLR metadata.

Method descriptor

Each method descriptor contains address of function machine code. In theory nothing stops us from rewriting this value to point to different code. See the following:

It works with ordinary methods, doesn’t work with ngened ones – they don’t have address stored in method descriptor.