C # IL DASM use-crack C # software method
2018-02-23 14:58 by Halberts, 115 reading, 0 reviews, Favorites, compilation
IL Dasm Anti-compilation tool
Ape-Men using C # are more or less aware of Microsoft's Il Anti-compiler tool (Ildasm.exe). The first time I came into contact with this tool was a company colleague who used his anti-compilation EXE program to read and revise. It feels like he's still strong.
Il is an intermediate language on the Microsoft platform, and the C # code that we write is automatically converted to IL in the compiler, then converted to the machine code by the instant compiler (JIT Compiler) and finally by the CPU. The Ildasm.exe Anti-compilation tool assembles Il into a cross-platform executable (PE) file. Let us know someone else's code and modifications. With him, we can see the problem without staying at the editor level, you can go deep into the middle.
Add Il dasm tool in VS
When installing VS, we automatically install the ILDASM tool without having to install it separately. ILDASM tools Open methods such as:
We can also directly wind+r. Input: C:\Program Files (x86) \microsoft Sdks\windows\v7.0a\bin\ildasm.exe (Window 7 64-bit operating system installation directory) You can also open ildasm.
We can also add the ILDASM tool to our common vs.
1. Tools--External tools (External tools..)
2. Add content to fill in the corresponding information. Command: C:\Program Files (x86) \microsoft Sdks\windows\v7.0a\bin\ildasm.exe
(Window 7 64-bit operating system installation directory).
Once the information has been filled in, you can find our newly added external tool name (IL_DASM) in the "Tools" selection card. After the increase, you can try a little.
International practice to paragraph "Hello World". After the code is written, the F6 generates the EXE file, and then the tool-->il_dasm--> confirmation (without modifying any parameters, the default target file path). The system pops up the Il tool, and we double-click the Main method.
You can see the code that the Main method compiles in IL. Feel a little strange not easy to read. There is the Il compiler appeared triangular type, square type are what!
IL DASM Basics
1. icon meaning
Using IL to decompile the project code
MANIFEST: is an additional list of information that mainly contains some properties of the assembly, such as the assembly name, version number, hash algorithm, and so on;
DemoCode: Project Name
Democodeing.common: Namespaces
Democodeing.icar: interface
Democodeing.program: Class, the main view of the contents below the storage class.
. Class Information Entry code:
. class private Auto ANSI BeforeFieldInit democoding.program extends [mscorlib]system.object{}//End of Class Democod Ing. Program
1). class, which indicates that program is a class. And it inherits from the System.Object class of the Assembly-mscorlib;
2) Private, indicating access rights;
3) Auto, indicating that the memory load of the program is controlled by the CLR;
4) ANSI is designed to enable seamless conversion between managed and unmanaged code. Here mainly refers to C, C + + code, etc.;
5) BeforeFieldInit, which is used to mark the runtime (CLR) to load the constructor (constructor) at any moment after the static field method is generated;
. ctor Method Code:
. method public Hidebysig specialname rtspecialname instance void . ctor () CIL managed{ //code size 7 (0x7) C9/>.maxstack 8 il_0000: ldarg.0 il_0001: call instance void [mscorlib] System.object::.ctor () il_0006: ret}//End of method Program::.ctor
1) CIL managed: Indicates the IL code, which instructs the compiler to compile to managed code;
2). Maxstack: Represents the call constructor. Evaluation stack during otor (Evaluation stack);
3) il_0000: Marks the beginning of the line of code;
4) ldarg.0: Indicates that the first member parameter is reproduced, in the instance method, the reference of the current instance;
5) Call:call is generally used to invoke static methods, because static methods are determined at compile time. And here's the constructor. Otor () is also developed at compile time. Another directive, callvirt, is the invocation of an instance method, which is determined at run time, because, as mentioned above, when the inheritance relationship of a method is called, it is necessary to compare the implementation method (virtual and new) of the function with the same name as the base class and the derived class to determine the method Table to which the called function belongs;
6) RET: Indicates that execution is complete and returns;
Main () static method code:
. method private Hidebysig static void Main (string[] args) CIL managed{ . entrypoint //code size (0x13) . maxstack 8 il_0000: nop il_0001: ldstr "Hello World" il_0006: Call void [Mscorlib]system.console::writeline (String) il_000b: nop il_000c: call string [Mscorlib]system.console::readline () il_0011: Pop il_0012: ret}//End of method Program::main
1) Hidebysig: This method is not inherited when there is a derived class as the base class, as in the constructor;
2). EntryPoint: When the instruction represents the CLR loader, it starts with the. entrypoint first, i.e. from the main method as the entry function of the program;
3) NOP: null for this instruction, mainly to external equipment or command clearance preparation time;
4) ldstr: Create a String object variable "Hello world.";
5) Pop: Remove the value of the top of the stack. When we do not need to put the value into the variable to use;
Using IL DASM to modify EXE program code
1. Open the Il tool and select the EXE program you want to modify.
2. FILE-to-dump. After determining the save path, two files will be generated: *.il and *.res
3. Open *.il with Notepad to modify the contents:
. method private Hidebysig static void Main (string[] args) cil managed { . entrypoint //code size 19 ( 0x13) . maxstack 8 il_0000: nop il_0001: ldstr "Hello world-[has been modified with IL tool ...]" il_0006: call void [Mscorlib]system.console::writeline (String) il_000b: nop il_000c: call string [Mscorlib]system.console::readline () il_0011: pop il_0012: ret }//End of method Program::main
4. Compile the modified code into an EXE program.
Ilasm/exe/output=c:\ck.exe/resource=c:\users\ck\desktop\coding.res C:\Users\Ck\Desktop\coding.il
The modification is as simple as this. After running the modified EXE program, the value has been modified.
C # IL DASM use-crack C # software method