C # il dasm,

C # il dasm,
Il dasm decompilation Tool

Almost all of the people who use the C ++ tool have some knowledge about the soft ildecompilation tool (ildasm.exe. I first came into contact with this tool. My colleagues used it to decompile the exe program for research and modification. I think he is still very powerful.
IL is an intermediate language on the Microsoft platform. The C # code we often write will be automatically converted to IL in the Compiler, and then converted to machine code by the real-time Compiler (JIT Compiler, it is finally executed by the CPU. The ildasm.exe decompilation tool compiles IL into a cross-platform executable (pe) file. You can understand and modify other people's code. With this, we can look at the problem without having to stay at the editor level, so we can go deep into the middle layer.

Added the il dasm tool in.

We will automatically install the ildasm tool when installing VS, without additional installation. The method to open the ildasm tool is as follows:

We can also directly wind + R. enter C: \ Program Files (x86) \ Microsoft SDKs \ Windows \ v7.0A \ bin \ ildasm.exe (Windows 7 64-bit operating system installation directory) to open ildasm.
We can also add the ildasm tool to our commonly used VS tool.
1. Tools --> External Tools (External Tools ..)

2. Add the content and enter the corresponding information. Command: C: \ Program Files (x86) \ Microsoft SDKs \ Windows \ v7.0A \ bin \ ildasm.exe
(Windows 7 64-bit operating system installation directory ).

After the information is filled in, find the new external Tool Name (IL_DASM) in the tool selection card ). You can try it out after adding it.
International Convention ". After the code is compiled, F6 generates the exe file directly, and then the tool --> IL_DASM --> OK (no parameters need to be modified, the default path of the target file ). The IL tool is displayed. Double-click the Main method.

Then we can see the Code Compiled by the Main method in IL. I feel a little unfamiliar and difficult to understand. What are the vertices and vertices in IL compilation!

Il dasm Basics

1.Icon meaning

Decompile the project code using IL

MANIFEST: a list of additional information, including attributes of an Assembly, such as the Assembly name, version number, and hash algorithm;
Democode: Project name
Democodeing. Common: namespace
Democodeing. ICar: Interface
Democodeing. Program: Class, mainly to view the content under the storage class.

. ClassClass information item code:

.class private auto ansi beforefieldinit DemoCoding.Program       extends [mscorlib]System.Object{} // end of class DemoCoding.Program

1). class, which indicates that Program is a class. And it inherits from the System. Object Class of the Assembly-mscorlib;
2) private indicates the access permission;
3) auto indicates that all program memory loading is controlled by CLR;
4) ansi is designed to achieve seamless conversion between unmanaged code and managed code. C and C ++ code;
5) beforefieldinit indicates that the Runtime Library (CLR) can load the constructor (constructor) at any time after the static field method is generated );

. CtorMethod Code:

. Method public hidebysig specialname rtspecialname instance void. ctor () cel managed {// code size 7 (0x7 ). maxstack 8 IL_0000: ldarg.0 IL_0001: call instance void [mscorlib] System. object ::. ctor () IL_0006: ret} // end of method Program ::. ctor

1) Pencil managed: indicates the IL code, which indicates that the compiler compiles the managed code;
2). maxstack: Evaluation Stack during calling constructor );
3) IL_0000: mark the beginning of the code line;
4) ldarg.0: indicates that the first member parameter is reprinted. In the instance method, it indicates the reference of the current instance;
5) call: call is generally used to call static methods, because static methods are determined during compilation. Here, the constructor () is also developed during the compilation period. The other command callvirt indicates that the instance method is called, which is determined at runtime, because, as mentioned above, when the inheritance relationship of the called method is, it is necessary to compare the implementation methods (virtual and new) of functions with the same name of the base class and the derived class to determine the Method Table of the called function;
6) ret: indicates that the execution is completed and the result is returned;

Main ()Static Method Code:

. Method private hidebysig static void Main (string [] args) cel managed {. entrypoint // code size 19 (0x13 ). maxstack 8 IL_0000: nop IL_0001: ldstr "Hello World" IL_0006: call void [mscorlib] System. console: WriteLine (string) IL_000b: nop IL_000c: call string [mscorlib] System. console: ReadLine () IL_0011: pop IL_0012: ret} // end of method Program: Main

1) hidebysig: indicates that when this class is used as the base class and a derived class exists, this method is not inherited, as is the same as the constructor;
2). entrypoint: indicates that when the CLR loads a program, it starts from. entrypoint, that is, the Main method is used as the program's entry function;
3) nop: this command is null, mainly for external devices or the preparation time of the instruction gap;
4) ldstr: Create the String object variable "Hello World .";
5) pop: Get the value of the top stack. It is used when we do not need to store values into variables;

Use il dasm to modify the EXE program code

1. Open the IL tool and select the EXE program to be modified.

2. file --> dump. Select another storage path, and two files will be generated: *. il and *. res.

3. Open *. il in notepad to modify the content:

. Method private hidebysig static void Main (string [] args) cel managed {. entrypoint // code size 19 (0x13 ). maxstack 8 IL_0000: nop IL_0001: ldstr "Hello World-[modified using the il tool...] "IL_0006: call void [mscorlib] System. console: WriteLine (string) IL_000b: nop IL_000c: call string [mscorlib] System. console: ReadLine () IL_0011: pop IL_0012: ret} // end of method Program: Main

4. Compile the modified Code into an EXE program.

ilasm /exe /output=C:\CK.exe /Resource=C:\Users\Ck\Desktop\coding.res C:\Users\Ck\Desktop\coding.il

The modification is so simple. Run the modified EXE program. The value has been modified.