IL dasm in C # using "Graphics Tutorial"

Source: Internet
Author: User
Tags constructor instance method mscorlib readline

IL Dasm Anti-compilation tool

Ape-Men who use C # are more or less aware of Microsoft's Il decompile tool (Ildasm.exe). The first time I came in contact with this tool was a colleague of the company using his decompile EXE program to read and modify. It feels like he's still strong.

Il is an intermediate language on the Microsoft platform, and our regular C # code is automatically converted to IL in the compiler and then converted to the machine code by the Just-in-time compiler (JIT Compiler), which is finally executed by the CPU. The Ildasm.exe decompile tool assembles il into cross-platform executable (PE) files. For us to understand the code and modification of others. With him, we can see the problem without staying at the editor level, you can drill down into the middle tier.

Add Il dasm tool in VS

We will install the ILDASM tool automatically at the same time, without installing it separately. The ILDasm tool opens the following diagram:


We can also direct wind+r. Input: C:\Program Files (x86) \microsoft Sdks\windows\v7.0a\bin\ildasm.exe (Window 7 64-bit operating system installation directory) You can also open ildasm.

We can also add the ILDASM tool to our common vs.

1. Tool (Tools)--> external tool (External tools ...)


2. Add content to fill in the corresponding information. Command: C:\Program Files (x86) \microsoft Sdks\windows\v7.0a\bin\ildasm.exe

(Window 7 64-bit operating system installation directory).


After the information has been filled in, we can find the external tool name (IL_DASM) that we just added in the tool selection card. After the completion of the increase can be a small try.

International practice to paragraph "Hello World". After the code is written, directly F6 the EXE file, and then the tool-->il_dasm--> confirm (without modifying any parameters, default target file path). The Il tool pops up and we double-click the Main method.


You can then see the code that the Main method compiles in IL. It feels a little strange and difficult to read. There is the Il-compiled triangle, the square is what!

IL Dasm Foundation

1. Icon meaning


Decompile the project code with IL


MANIFEST: is an additional information list, which mainly contains some attributes of the assembly, such as assembly name, version number, hashing algorithm, and so on;

DemoCode: Project Name

Democodeing.common: Namespaces

Democodeing.icar: interface

Democodeing.program: class, mainly to view the contents of the deposit class.

. class Information Item code:


. class private Auto ANSI BeforeFieldInit Democoding.program
extends [mscorlib]system.object
{
}//End of Class Democoding.program


1. class, which means that program is a class. And it inherits from the System.Object class of the Assembly-mscorlib;

2) Private, to express access rights;

3) Auto, indicating that the memory load of the program is controlled by the CLR;

4 ANSI is to achieve seamless conversion between unmanaged and managed code. Here mainly refers to C, C + + code, etc.;

5) beforefieldinit is used to mark the runtime (CLR) to load the constructor (constructor) at any time after the static field method has been generated;

. ctor Method Code:


. method public Hidebysig specialname rtspecialname
instance void. ctor () CIL managed
{
Code size 7 (0x7)
. maxstack 8
il_0000:ldarg.0
Il_0001:call instance void [Mscorlib]system.object::.ctor ()
Il_0006:ret
}//End of method Program::.ctor


1 CIL managed: Represents the IL code, instructs the compiler to compile to managed code;

2. Maxstack: Represents the call constructor. The evaluation stack (evaluation stack) for the otor period;

3) il_0000: Marks the beginning of the line of code;

4) ldarg.0: Indicates that the first member parameter is reproduced, and the reference of the current instance is the middle finger of the instance method;

5) Call:call is generally used to invoke static methods, because static methods are determined at compile time. And here's the constructor. Otor () is also developed at compile time. The other instruction, callvirt, represents the invocation of an instance method. It is determined at run time, because, as mentioned earlier, when the inheritance relation of a method is invoked, the implementation method (virtual and new) of the same function as the base class and the derived class is compared to determine the methods Table to which the called function belongs;

6) RET: Express execution completed, return;

Main () static method code:


. method private Hidebysig static void Main (string[] args) cil managed
{
. entrypoint
Code size (0x13)
. maxstack 8
Il_0000:nop
Il_0001:ldstr "Hello World"
Il_0006:call void [Mscorlib]system.console::writeline (String)
Il_000b:nop
Il_000c:call string [Mscorlib]system.console::readline ()
Il_0011:pop
Il_0012:ret
}//End of method Program::main


1) Hidebysig: means that when this class is used as a base class, when a derived class exists, this method is not inherited, and the same constructor function;

2. EntryPoint: The directive represents the CLR loader, starting with the. EntryPoint, that is, from the main method as the entry function of the program;

3) NOP: Empty This instruction, mainly to the external equipment or instruction clearance preparation time;

4 ldstr: Create string object variable "Hello world."

5 Pop: Take out the top value of the stack. Use when we do not need to store values in variables;


Use Il dasm to modify EXE program code


1. Open the Il tool and select the EXE program you want to modify.


2. File--> dump. Select a saved path when you are sure to generate two files: *.il and *.res


3. Use Notepad to open *.il modify the contents:


. method private Hidebysig static void Main (string[] args) cil managed
{
. entrypoint
Code size (0x13)
. maxstack 8
Il_0000:nop
Il_0001:ldstr "Hello world-[has been modified using IL tool ...]"
Il_0006:call void [Mscorlib]system.console::writeline (String)
Il_000b:nop
Il_000c:call string [Mscorlib]system.console::readline ()
Il_0011:pop
Il_0012:ret
}//End of method Program::main


4. Compile the modified code into EXE program.

Ilasm/exe/output=c:\ck.exe/resource=c:\users\ck\desktop\coding.res C:\Users\Ck\Desktop\coding.il


The modification is so simple. Run the modified EXE program, the value has been modified.



Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.