Transcript Understanding MSIL

Understanding MSIL
By
Sam Nasr
September 28, 2004
Objectives

Learn MSIL terminology

Understand sections of an Assembly

Discuss IL Tools

Discuss additional resources
Advantages of
Understanding MSIL

Better understanding=Better
troubleshooting.

Understanding of possible security
vulnerabilities.

“All roads lead to CLR”
Definitions

CLR: Common Language Runtime

Assembly: Managed .Net application.
Each assembly contains minimum 1 prime
module, but possibly other additional modules.

Module: Managed executable
Definitions

Metadata: Data descriptors (i.e. info that
describes the data).

MSIL: Microsoft Intermediate Language

ILDASM: Intermediate Language
Disassembler.
Background
Compiling in a .Net Framework
(IL, similar to JVM)
VS.
Compiling in a traditional environment
(native executable code)
Execution in .Net

.Net Applications (assemblies) consist of one or
more managed executables, each carrying
metadata and managed code.

“JIT” Compiler compiles IL to machine code
dynamically as needed.

Objects are loaded only when used.

Machine code compilations are cached for
subsequent executions.
Execution in .Net

Code is executed in “Managed Environment”
(type control, garbage collection, exception
handling).

Can compile from IL to native machine code
using NGEN utility.

Cost of Code: (Sizes of “Hello World” .exe)
C#(3K) VS. C(32K) VS. C++(173K)
CLR Requirements
The CLR requires the following information about
each method, which is available through metadata.
1.
Instructions: each method has a pointer to the
instruction set.
2.
Signature: describes the calling convention, return
type, parameter count and type
CLR Requirements
3.
Exception Handling Array: a list of exceptions and
the offset address to the handling code.
4.
Evaluation Stack Size: typically seen as .maxstack
in the ILDASM listing.
5.
Locals Array: all local variables used.
Example
1.
2.
3.
4.
5.
Create a program in Visual Studio.Net
Debug and compile.
Use ILDASM to generate .IL file.
Use file editor to edit .IL file.
Use ILASM to create the new assembly.
Reading IL

RVA: Relative Virtual Address

ldstr: loads a string token

.assembly extern: defines an external application
referenced in the existing program.

.module: defines the current module.

.field: defines a metadata item used in the module
Reading IL

.method: defines a member method of the given class.

.entrypoint: defines the entry point of the current
method

.locals init: defines the single local variable of the
current method.
ILDASM Conventions
MSIL Utilities

ildasm.exe: Converts IL to human readable code
C:\Program Files\Microsoft Visual Studio.NET\ FrameworkSDK\Bin

dumpbin.exe: Converts IL to human readable code
C:\Program Files\Microsoft Visual Studio .NET\Vc7\bin

Reflector.exe: Converts IL to human readable code
http://www.aisto.com/roeder/dotnet/

ILASM.EXE: Converts human readable code to IL
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

NGEN.exe: Compiles IL to machine code.
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
Resources

Inside Microsoft .NET IL Assembler by Serge
Lidin

.NET Common Language Runtime Unleashed by
Kevin Burton
(http://www.samspublishing.com/title/0672321246)

Assemblies Ins and Outs by Chris Rausch

DotFuscator
(http://www.vbdotnetheaven.com)
(http://www.preemptive.com/products/dotfuscator/FAQ.html)