Understanding MSIL
Download
Report
Transcript Understanding MSIL
Understanding MSIL
By
Sam Nasr
September 28, 2004
Objectives
Learn MSIL terminology
Understand sections of an Assembly
Discuss IL Tools
Discuss additional resources
Advantages of
Understanding MSIL
Better understanding=Better
troubleshooting.
Understanding of possible security
vulnerabilities.
“All roads lead to CLR”
Definitions
CLR: Common Language Runtime
Assembly: Managed .Net application.
Each assembly contains minimum 1 prime
module, but possibly other additional modules.
Module: Managed executable
Definitions
Metadata: Data descriptors (i.e. info that
describes the data).
MSIL: Microsoft Intermediate Language
ILDASM: Intermediate Language
Disassembler.
Background
Compiling in a .Net Framework
(IL, similar to JVM)
VS.
Compiling in a traditional environment
(native executable code)
Execution in .Net
.Net Applications (assemblies) consist of one or
more managed executables, each carrying
metadata and managed code.
“JIT” Compiler compiles IL to machine code
dynamically as needed.
Objects are loaded only when used.
Machine code compilations are cached for
subsequent executions.
Execution in .Net
Code is executed in “Managed Environment”
(type control, garbage collection, exception
handling).
Can compile from IL to native machine code
using NGEN utility.
Cost of Code: (Sizes of “Hello World” .exe)
C#(3K) VS. C(32K) VS. C++(173K)
CLR Requirements
The CLR requires the following information about
each method, which is available through metadata.
1.
Instructions: each method has a pointer to the
instruction set.
2.
Signature: describes the calling convention, return
type, parameter count and type
CLR Requirements
3.
Exception Handling Array: a list of exceptions and
the offset address to the handling code.
4.
Evaluation Stack Size: typically seen as .maxstack
in the ILDASM listing.
5.
Locals Array: all local variables used.
Example
1.
2.
3.
4.
5.
Create a program in Visual Studio.Net
Debug and compile.
Use ILDASM to generate .IL file.
Use file editor to edit .IL file.
Use ILASM to create the new assembly.
Reading IL
RVA: Relative Virtual Address
ldstr: loads a string token
.assembly extern: defines an external application
referenced in the existing program.
.module: defines the current module.
.field: defines a metadata item used in the module
Reading IL
.method: defines a member method of the given class.
.entrypoint: defines the entry point of the current
method
.locals init: defines the single local variable of the
current method.
ILDASM Conventions
MSIL Utilities
ildasm.exe: Converts IL to human readable code
C:\Program Files\Microsoft Visual Studio.NET\ FrameworkSDK\Bin
dumpbin.exe: Converts IL to human readable code
C:\Program Files\Microsoft Visual Studio .NET\Vc7\bin
Reflector.exe: Converts IL to human readable code
http://www.aisto.com/roeder/dotnet/
ILASM.EXE: Converts human readable code to IL
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
NGEN.exe: Compiles IL to machine code.
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
Resources
Inside Microsoft .NET IL Assembler by Serge
Lidin
.NET Common Language Runtime Unleashed by
Kevin Burton
(http://www.samspublishing.com/title/0672321246)
Assemblies Ins and Outs by Chris Rausch
DotFuscator
(http://www.vbdotnetheaven.com)
(http://www.preemptive.com/products/dotfuscator/FAQ.html)