How to start the. NET program ?,. NET Program startup?

How to start the. NET program ?,. NET Program startup?

How to start the. net program?

. NET Framework runs on the top of the Windows platform, which means that. NET Framework must be built using a technology that windows can understand. First, all the hosted modules and assembly files must use the windows PE file format, either a windows EXE file or a DLL file.

The. net program is built on the CLR. Therefore, to run the. net program, you must first load the correct CLR environment. In this way, we change the focus of the problem:

1. How to correctly load the CLR environment?

2. How to enter the Main function of the. net program?

To better understand this process, I use dumpbin.exe to parse the PE file format and dump the content of the PE file. The Tool command prompt of dumpbin.exe in the volume l studio Tool in Volume l studio. Run the following command to dump the PE file content,

D: \ Program Files (x86) \ Microsoft Visual Studio 12.0 \ VC> dumpbin-all assembly> e: \ dump.txt

The dump content is as follows:

OPTIONAL HEADER VALUES

10B magic # (PE32)

11.00 linker version

A00 size of code

800 size of initialized data

0 size of uninitialized data

29AE entry point (004029AE)

2000 base of code

4000 base of data

400000 image base (00400000 to 00407FFF)

2000 section alignment

200 file alignment

4.00 operating system version

The Entry point field indicates that the Entry address of the PE file is Ox004029AE.

To locate the code corresponding to Ox004029AE, You need to view the. text section of the PE image. Some content is as follows:

00402980: 00 00 00 00 00 00 00 00 90 29 00 00 00 00 00 .........)......

00402990: 00 00 5F 43 6F 72 45 78 65 4D 61 69 6E 00 6D 73 .. _ CorExeMain. ms

004029A0: 63 6F 72 65 65 2E 64 6C 6C 00 00 00 00FF 25Coree. dll .....? %

004029B0:00 20 40 00

The bold bytes correspond to Entry points, and the machine commands corresponding to these bytes are JMP 402000. To find the content pointed to by Ox402000, we can view the import segment of the PE file and find the following content:

Section contains the following imports:

Mscoree. dll

402000 Import Address Table

402988 Import Name Table

0 time date stamp

0 Index of first forwarder reference

0 _ CorExeMain

 

Ox402000 points to mscoree. dll, which contains an export function _ CorExeMain. _ CorExeMain is part of mscoree. dll. This function is also the first called function when the. net assembly is loaded. Mscoree. dll is mainly used to start CLR. Mscoree. dll will execute a series of tasks when starting CLR:

1. Check the metadata in the PE file to find out which version of the. NET assembly is built by CLR.

2. Find the correct CLR version path in the operating system

3. Load and initialize CLR

After the CLR is initialized, find the Main () of the Assembly in the CLR header of the PE image, and then JIT starts compiling and executes the entry point.

The. NET assembly loading algorithm is as follows:

1. the user executes a. NET assembly.

2. In the windows loader, view the AddressOfEntryPoint domain and find the. text Segment of the PE image file.

3. the byte at AddressOfEntryPoint is only a JMP command, which redirects to an import function in mscoree. dll.

4. Transfer the execution control to function _ CorExeMain in mscoree. dll. This function starts CLR and transfers the execution control to the Assembly entry point.

 

Next, how does the. NET program run?