. NET program how to start?

How does the. NET program start?

The. NET Framework runs on top of the Windows platform, which means that the. NET Framework must be built using technologies that Windows can understand. First, all managed modules and assembly files must use the Windows PE file format, and either a Windows EXE file or a DLL file.

. NET programs are built on the CLR, so the running of a. NET program requires that the correct CLR environment be loaded first. So we turn the focus of the problem into:

1. How do I load the CLR environment correctly?

2. How to enter the main function of the. NET program?

To better understand this process, I use the Dumpbin.exe tool to parse the PE file format and dump the contents of the PE file. Dumpbin.exe tool command Prompt for Visul studio Tools in Visul Studio. I use the following command to dump the contents of the PE file,

D:\Program Files (x86) \microsoft Visual Studio 12.0\vc>dumpbin-all Assembly>e:\dump.txt

The dump section reads as follows:

OPTIONAL HEADER VALUES

10B Magic # (PE32)

11.00 Linker version

A00 Size of code

Size of initialized data

0 size of uninitialized data

29AE entry point (004029AE)

Base of code

4000 base of data

400000 Image Base (00400000 to 00407FFF)

Section Alignment

File alignment

4.00 Operating System version

The Entry point field indicates that the entry address value of the PE file is ox004029ae

To find out the code for the location ox004029ae, you need to look at the. Text segment of the PE image, and some of the following:

00402980:00 00 00 00 00 00 00 00 90 29 00 00 00 00 00 00 ...) ......

00402990:00 5F 6F, 4D, 6E, 6D 73. _corexemain.ms

004029a0:63 6F, 2E 6C 6C, xx, xx, FF coree.dll ... %

004029b0: xx

The bold bytes correspond to entry point, which corresponds to the machine instruction for JMP 402000. To find the content that Ox402000 points to, we can view the import section of the PE file, and we can find the following:

section contains the following imports:

Mscoree.dll

402000 Import Address Table

402988 Import Name Table

0 Time Date Stamp

0 Index of First forwarder reference

0 _CorExeMain

Ox402000 points to Mscoree.dll, which contains an export function _CorExeMain. _CorExeMain is part of the Mscoree.dll, which is also the first function to be called when loading a. NET assembly. The primary role of Mscoree.dll is to start the CLR. Mscoree.dll performs a series of work when the CLR is started:

1, find out by viewing the metadata in the PE file. NET assembly is built by which version of the CLR.

2. Find the correct version of the CLR path in the operating system

3. Loading and initializing the CLR

After the CLR is initialized, the entry point (Main ()) of the Assembly is found in the CLR header of the PE image, and then the JIT starts compiling and executing the entry point.

. NET assembly loading algorithm is as follows:

1, the user executes one. NET assembly

2. The Windows loader looks at the Addressofentrypoint domain and finds the. Text segment of the PE image file.

3. The byte in the addressofentrypoint position is just a jmp instruction, which jumps to an import function in Mscoree.dll.

4. Transfer the execution control to the function _CorExeMain in Mscoree.dll, which will start the CLR and transfer execution control to the entry point of the Assembly.

Next article. NET program to run?

. NET program how to start?