- Joined
- 11 yrs. 8 mth. 23 days
- Messages
- 5,010
- Reaction score
- 11,818
- Wallet
- 13,191$
- [email protected]
.NET Reverse Engineering –Part 2
Ajay Yadav July 26, 2013
Introduction
The first Article of this series touched the most significant aspect of the MSIL code Instructions, for instance, how a program written in ILASM, and how to define the basic components (classes, fields, function and methods). In this article, we will continue working with IL code various data type, opcode instructions and learn remaining sophisticated features (Interface, Boxing, and Branching) of the runtime and ILASM. We’ll get to an understanding of details analysis of each opcode instruction and, how to integrate an IL code into an existing high-level C# written code and how to convert an already built C# code into IL code directly, in order to free the programmer from writing complex IL instruction code.
CIL Data Types
CIL also has the provision of data type like other high level languages in order to map the data into their specific compartment. The following table demonstrates how a .NET base class type maps to the equivalent C# keyword, and how each C# keyword maps into CIL codes with constant.
MSIL Code Labels
Perhaps, you would have noticed the earlier article sample codes that each line of implementation is prefixed or annotated with special token of forms IL_XXX (e.g., IL_0000, IL _0002). These tokens are called code labels and they are completely optional (can be named in any manner). When we dump the assembly source code file using ILDASM.exe, it will automatically generate code labels. However, you may change them to make the code more descriptive. We can extract the token’s information from an assembly by using following command:
ILDASM /Token test.exe
This command produces the corresponding Token information with IL_XXXX as:
We can transform the label’s information to more descriptive information. It doesn’t matter what information we are putting in the label because they are optional as:
MSIL Opcodes
This section will explain various MSIL instructions which are generally termed as Opcodes (operation codes). Some of the instructions already appeared in the previous article sample codes, but they have not been reviewed in detail so far. Opcodes typically, a CIL token used to build the implementation logic, i.e. if you need to load a string variable into memory, you have to use ldstr opcode rather than friendly Load Function. The complete set of CIL opcodes can be grouped into three broad segments as the following:
Retrieve Instructions
Control Instructions
Operations Instructions
Retrieve (Store) Instruction
Details Analysis of Opcode Instruction
We have concentrated on individual opcode instructions up till now. In order to understand the each opcode instruction’smeaning in detail, we are presenting some complex sample code which encapsulates numerous tasks such as executing a loop, creating new class types etc…basically our prime motive is to encounter multiple instructions sets.
The following C# code performs addition of two local integer variables;
Now the aforementioned code will convert into its corresponding CIL code, and will be interpreted in opcode terminology as following:
Branching
The iteration is performed using “for”, “for each” and “while” in the loop construct for C# programming language. Here, the following C# code simply is executed for loop till 7 and performs the addition of all numbers from 1 to 5 until the loop local variable reaches to 5 as the following;
Here, the”"blt”, “br” and “bgt” opcodes are used to control breaks in the flow when some condition has been met. Here, the CIL opcode labels would be interpreted as the following:
Boxing
Boxing is the process of explicitly assigning a value type to a Reference type (System. Object). When we box a value, the CLR allocates a new object on the heap and copies the values of 10 into instance. The opposite operation is unboxing which converts a value held in reference, back into corresponding value types as the following:
If you examine your compile code using ILDASM, you would encounter boxing and unboxing entries in the CIL code as the following:
Interface
Interface can be defined in the MSIL using the interface keyword directly. Fields are not allowed in interface and member function must be public, abstract and virtual. A class uses the implemented keyword to list the interface that must be implemented as following:
MSIL Code Generation
The .NET framework offers a utility ILDASM.exe to convert the existing C# code into MSIL code in order to spare the hassle of manually writing CIL code which is deemed as one the most error-prone tasks, because each set of instructions are bizarre in terms of syntax specification and stipulates different meanings.
Suppose we are writing a program using CIL opcode instruction in which we are simply flashing a “Hello Ajay” message over the screen. Despite having a simple nature of such programming, there are still lots of complications when we opt MSIL programming language as a medium to execute instruction. Because MSIL opcode instructions are not in the English language format. However, there is a trick, first write such instruction code implementation by using user friendly C# language and compile this project file, then its corresponding executable is created in the Bin/Debug folder.
Now, open the Visual Studio Command prompt and go the project Bin/Debug folder and execute this command in order to convert this existing C# code instruction into MSIL code as the following;
ILDASM CILComplexTest.exe /out:test.il
Notice that test.il file is created in the Bin/Debug folder which has the same set implementations instructions as its C# counterpart code. Now just open this file using any editor and compile it using the ILASM utility. Here’s the automatically generated IL code as the following:
Summary
This article provides an overview of the various CIL Data type syntax and opcode instructions. We have seen detail analysis of each instruction opcdoe meaning. We have also looked at complex type codes such as: boxing, unboxing, branching, interface in form of CIL opcodes. Finally, you took an introductory look at the process of conversion existing C# source code file to MSIL opcode instruction using ILDASM utility.
sursa:
Ajay Yadav July 26, 2013
Introduction
The first Article of this series touched the most significant aspect of the MSIL code Instructions, for instance, how a program written in ILASM, and how to define the basic components (classes, fields, function and methods). In this article, we will continue working with IL code various data type, opcode instructions and learn remaining sophisticated features (Interface, Boxing, and Branching) of the runtime and ILASM. We’ll get to an understanding of details analysis of each opcode instruction and, how to integrate an IL code into an existing high-level C# written code and how to convert an already built C# code into IL code directly, in order to free the programmer from writing complex IL instruction code.
CIL Data Types
CIL also has the provision of data type like other high level languages in order to map the data into their specific compartment. The following table demonstrates how a .NET base class type maps to the equivalent C# keyword, and how each C# keyword maps into CIL codes with constant.
MSIL Code Labels
Perhaps, you would have noticed the earlier article sample codes that each line of implementation is prefixed or annotated with special token of forms IL_XXX (e.g., IL_0000, IL _0002). These tokens are called code labels and they are completely optional (can be named in any manner). When we dump the assembly source code file using ILDASM.exe, it will automatically generate code labels. However, you may change them to make the code more descriptive. We can extract the token’s information from an assembly by using following command:
ILDASM /Token test.exe
This command produces the corresponding Token information with IL_XXXX as:
We can transform the label’s information to more descriptive information. It doesn’t matter what information we are putting in the label because they are optional as:
MSIL Opcodes
This section will explain various MSIL instructions which are generally termed as Opcodes (operation codes). Some of the instructions already appeared in the previous article sample codes, but they have not been reviewed in detail so far. Opcodes typically, a CIL token used to build the implementation logic, i.e. if you need to load a string variable into memory, you have to use ldstr opcode rather than friendly Load Function. The complete set of CIL opcodes can be grouped into three broad segments as the following:
Retrieve Instructions
Control Instructions
Operations Instructions
Retrieve (Store) Instruction
Details Analysis of Opcode Instruction
We have concentrated on individual opcode instructions up till now. In order to understand the each opcode instruction’smeaning in detail, we are presenting some complex sample code which encapsulates numerous tasks such as executing a loop, creating new class types etc…basically our prime motive is to encounter multiple instructions sets.
The following C# code performs addition of two local integer variables;
Now the aforementioned code will convert into its corresponding CIL code, and will be interpreted in opcode terminology as following:
Branching
The iteration is performed using “for”, “for each” and “while” in the loop construct for C# programming language. Here, the following C# code simply is executed for loop till 7 and performs the addition of all numbers from 1 to 5 until the loop local variable reaches to 5 as the following;
Here, the”"blt”, “br” and “bgt” opcodes are used to control breaks in the flow when some condition has been met. Here, the CIL opcode labels would be interpreted as the following:
Boxing
Boxing is the process of explicitly assigning a value type to a Reference type (System. Object). When we box a value, the CLR allocates a new object on the heap and copies the values of 10 into instance. The opposite operation is unboxing which converts a value held in reference, back into corresponding value types as the following:
If you examine your compile code using ILDASM, you would encounter boxing and unboxing entries in the CIL code as the following:
Interface
Interface can be defined in the MSIL using the interface keyword directly. Fields are not allowed in interface and member function must be public, abstract and virtual. A class uses the implemented keyword to list the interface that must be implemented as following:
MSIL Code Generation
The .NET framework offers a utility ILDASM.exe to convert the existing C# code into MSIL code in order to spare the hassle of manually writing CIL code which is deemed as one the most error-prone tasks, because each set of instructions are bizarre in terms of syntax specification and stipulates different meanings.
Suppose we are writing a program using CIL opcode instruction in which we are simply flashing a “Hello Ajay” message over the screen. Despite having a simple nature of such programming, there are still lots of complications when we opt MSIL programming language as a medium to execute instruction. Because MSIL opcode instructions are not in the English language format. However, there is a trick, first write such instruction code implementation by using user friendly C# language and compile this project file, then its corresponding executable is created in the Bin/Debug folder.
Now, open the Visual Studio Command prompt and go the project Bin/Debug folder and execute this command in order to convert this existing C# code instruction into MSIL code as the following;
ILDASM CILComplexTest.exe /out:test.il
Notice that test.il file is created in the Bin/Debug folder which has the same set implementations instructions as its C# counterpart code. Now just open this file using any editor and compile it using the ILASM utility. Here’s the automatically generated IL code as the following:
Summary
This article provides an overview of the various CIL Data type syntax and opcode instructions. We have seen detail analysis of each instruction opcdoe meaning. We have also looked at complex type codes such as: boxing, unboxing, branching, interface in form of CIL opcodes. Finally, you took an introductory look at the process of conversion existing C# source code file to MSIL opcode instruction using ILDASM utility.
sursa:
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding