As seen here Programmatic MSIL injection or here http://www.codeproject.com/Articles/463508/NET-CLR-Injection-Modify-IL-Code-during-Run-time you can modify IL code at runtime using some tricky injections.

My question is : how to prevent that? For instance, if someone use that to bypass a security feature, how can i avoid that security hole?

how to prevent that?

You can't, as far as I understand. But you can do make it not easy.

In the simple case, you don't even need to inject IL. You can do IL weaving to modify the assembly. For example, you can find the login method ant delete the original IL code and simply return true, or you can jump to your own login method.

public bool Login(string userName)
{
    // original method did security checks 
    // and return true if the user is authorized
    // your implementation can return true or jump to other method
}

For this you must to do it when the application is not running, you modifying the assembly itself. You can do it with mono.cecil and you can look on StaticProxy.Fody for example.

The other case is inject code to running assembly. and this is divide to two cases:

1. When the code isn't jitted\ngen'd
2. When the code is jitted\ngen'd

For the first case is more easy, You still have the IL of each method and you inject your own IL instructions.

The second case is more complex because the Jitter redirect the IL pointer to the machine code.

For two of them you can see a bunch of articles\libraris to make the inject work.

• Codecope
• Article 1
• Article 2

But even if you however make it impossible to inject, you still not protected. Because you can modify the bytes itself. See this article for details.

For all above method, there is cases when it more complex to do the work. For example, Generics, DynamicMethods, prevent load assemblies to your process (which is needed in some cases).

To summarize, you can do it very hardly to inject your code but not prevent it.