Ildasm.exe summary:
I.Preface:
Microsoft's il DecompilationProgram--Ildasm.exe, which extracts il from executable files (ex, exe executable files of the classic console Hello World)CodeAnd provides the namespace and Class View. Before describing how to decompile, it is necessary to look at CLR from the perspective of virtual CPU, which helps you first understand the code execution process from the front.
Virtual CPU:
. The core of the net program is CLR, while the CLR function is very similar to that of the CPU. the CLR executes the Il code (or the Il command) and operation data, but the operation code is different: the CPU operates on the machine language, while the CLR operates on the Il code.
The above explains the process from Il-machine language, while ildasm can implement the executable program (machine language)-il code, which isMain functions of ildasm.
You must know in anytao. net. Although I cannot understand its "far-reaching significance" for the time being, I am still willing to start my Il journey ~. Here, let's take a look at anytao's understanding (or understanding) of the Il codeImportance:
1. The general language is the basis for. Net Running. When we disagree with the running results, how can we look at the essence through the surface,Il is a required Foundation;
2. Il is also betterUnderstanding and understanding of CLR;
3. A large number of instance analyses are based on IL, so understanding Il isBasic knowledge of others' CodesAt the same time, you can also gain a subtle improvement;
The above three influences are enough to encourage anyone who is pursuing the above to start the Il journey (including me, haha ~).
Ii. How to Use ildasm.exe:
Before applying the ildasm.exe decompilation code, add msdntoClassic helpExample:
Then, we use ildasm.exe to decompile the executable files of the classic "Hello World" console program. The displayed view is:
Analyze the specific il code:
1. manifest list:
Manifest is a list of additional information, mainly including some attributes of the Assembly, such as the Assembly name, version number, and hashAlgorithmAnd so on;
2. leleapplication1.program class:
This is what we will introduce.Main Character.
FirstIs a program class: the code is
. Class Private Auto ANSI beforefieldinit leleapplication1.program
1). Class, which indicates that program is a class. And it inherits from the system. Object Class of the Assembly-mscorlib;
2) Private indicates the access permission;
3) Auto indicates that all program memory loading is controlled by CLR;
4) ANSI is designed to achieve seamless conversion between unmanaged code and managed code. C and C ++ code;
5) beforefieldinit indicates that the Runtime Library (CLR) can load the constructor (constructor) at any time after the static field method is generated );
SecondYes. otor method, code:
. Method Public Hidebysig specialname rtspecialname
1) Pencil managed: indicates the Il code, which indicates that the compiler compiles the managed code;
2). maxstack: Evaluation stack during calling constructor );
3) il_0000: mark the beginning of the code line;
4) ldarg.0: indicates that the first member parameter is reprinted. In the instance method, it indicates the reference of the current instance;
5) call:CallGenerally used for callingStatic MethodBecause the static method is determined during the compilation period. Here, the constructor () is also developed during the compilation period. Another commandCallvirtIndicates thatInstance methodIt is determined at runtime, because, as mentioned above, when calling the method inheritance relationship, it is necessary to compare the implementation methods (virtual and new) of the same name functions of the base class and the derived class ), to determine the method table to which the called function belongs;
6) RET: indicates that the execution is completed and the result is returned;
LastIs the main () method, the code is:
. Method Private Hidebysig Static Void Main () cel managed
1) The entrypoint command indicates that when the CLR loads a program, it starts from. entrypoint, that is, the main method is used as the program's entry function;
2) ldstr: indicates to press the string to stack. Here"Hello world ."Stack pressure;
3) hidebysig: indicates that when this class is used as the base class and a derived class exists, this method is not inherited, as is the same as the constructor;
So far, we have an understanding of some commands of the Il code, and have also taken a look at the general situation in the Il world ~
Common il command extensions:
I. Il commands for creating object instances
The mechanism for allocating objects in memory is described in memory exploration 1-value type and reference type memory allocation mechanism. The commonly used il commands for object creation allow us to better understand the object steps. There are four main types:
1. newobj: used to create an object of the reference type;
2: ldstr: used to create a String object variable;
3. newarr: used to create an array object;
4: Box: When the value type is converted to an object of the reference type, allocate memory to the value type Beibei paper storage stack;
Ii. Better understanding of attributes through il code
In C ++, a typical class defines the set () function used to control the valid input and the get () function used to display the input in different ways. However, in C #, it combines the get () function and set () function, which will inevitably be confused at the beginning. However, if you use ildasm.exe to decompile the program and observe the nature of the properties, you can see its execution mechanism, as shown in (Note: selected from the Internet ):
By analyzing the method of IL code and presenting it, we can see that attributes are subdivided into get () and set () functions. Ex, attribute name, is decomposed into get_name () function and set_name (string s) function. In this way, we can clearly understand its nature! The special representation of its properties can only be seen as a perfect combination of the Set () function and the get () function. This is also a beautiful embodiment of the C # language ~
In summary, we have a certain understanding of The Decompilation tool ildasm.exe. The most important thing is that we have a certain understanding of the basic il commands through its decompilation of the Il code, and we will also take the Il codePowerful toolsThis is a step forward! However, these are only the foundation of Il and need to be further explored ~
Appendix: Thank youYao Kai(K-night), which provides support for the code in this article ~
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
