I am well aware that one can use reflector to browse the content inside an assembly, and one can use FileDisassembler to convert the content into the c# source code with cs projects. But the source code outputted by FileDisassembler may not be able to compile if it has interface with property.
Is the other similar applications that do what FileDisassembler does?
I would not trust Reflector's decompiler.
Many times I have seen it just ignore instruction it did not understand, or just optimized certain sequences away, and changing the meaning the process.
The only trusty way is to use IL.
Regarding more tools, look at the CCI. IIRC, they had a C# source emitter at some stage, but it was removed for some reason.
dotPeek from jetBrains is a good decompiler for c#. http://confluence.jetbrains.net/display/NETPEEK/dotPeek+Early+Access+Program
Related
I am creating a complex class with AssemblyBuilder that Im later creating objects from. There is however uncertainties in how this class is really contructed. So is there any way to write this dynamicly created class to a cs file for inspection?
I can get the dll file written to disk but I need the cs file.
You can decompile managed .NET dll to C# code using
DotPeek by JetBrains (free, sources are closed)
ILSpy open source project (MIT license sources are available at github)
Reflector by Red Gates (Paid tool, sources are closed)
JustDecompile by Telerik (free with open source decompilation engine available at github Apache License)
There is also a Microsoft's ildasm tool.
If you need to write custom tool you can download open-source code and give it a try.
Do you have a requirement to use AssemblyBuilder? I'm asking because AssemblyBuilder wont allow you to see the generated class without using a decompiler and if the class you´re generating is quite complicated, the decompiled code wont be of good quality.
You are almost in the same situation if you use Reflection.Emit because it generates low level IL.
If you really need to see the source code that you're generating dynamically your best option is CodeDom. Here's an example How to: Create a Class Using CodeDOM
You might be able to kill two bird with one stone with Roslyn (aka ".NET Compiler Platform"). You'll need the package Microsoft.CodeAnalysis.CSharp.
First, you can use the SyntaxFactory class to generate syntax nodes, which you can combine into larger structures (members, methods, classes, namespaces, compilation units).
You can also get a nicely formatted representation of your syntax nodes with ToString() or ToFullString() (with correct indentation and line breaks and everything), which is what you were originally looking for.
There are quite a few tutorials online on how to use this API (like 1, 2), and there's the Roslyn Quoter website that can convert a piece of C# code into SyntaxFactory calls.
Second, you can then use the resulting CSharpSyntaxNode to create a CSharpSyntaxTree, which you can compile into IL with the help of CSharpCompilation (after all, Roslyn is the reference C# compiler).
If you want, you can even emit the generates assembly into a stream, get the assembly's binary data from there, and load your newly created assembly into your currently executing assembly, and dynamically instantiate the types you just defined.
You need to use the .NET reflection.
Ildasm.exe cannot help you because it will not create the .cs file you need.
So either the ILSpy is the open-source .NET assembly browser and decompiler from the SharpDevelop team or dotPeek from Jetbrains.
Depending on the platform you may also check Mono Cecil. Cecil is a library written by Jb Evain to generate and inspect programs and libraries in the ECMA CIL format.
If you need speed JustDecompile from Telerik is a free tool for .NET assembly browsing and decompiling that claims to be 10x faster than competitors.
All these tools lets you take an existing compiled assembly (.dll or .exe) and easily browse the symbols it contains, and then just as easily decompile the assembly language back to readable C# and IL.
I have an application written in C# (without the source of course), that needs to be changed a little bit. For example, I need to stop a few lines of code that create an unnecessary menu. So I think I should comment them out.
The source code is not obfuscated. I know I can completely decompile, change, and compile again, using tools like Reflector/Reflexil. But everyone knows that by doing this, many parts of code won't compile again! Is there a way in Reflector (or any other product) that a part of could be disabled/changed without this process?
Thanks.
You might want to try dnSpy. It is a .NET assembly editor, decompiler, and debugger forked from ILSpy.
https://github.com/0xd4d/dnSpy
If you really needed to do this, you could decompile it with Reflector (or a similar product) and then use that to try to recreate a solution in .Net that will produce the same executable.
You may run into issues around:
Obfuscated code
Sections where the decompile shows you accurate code for specific sections, but for some reason it just doesn't work in your new solution (and then what do you do?)
This is not to mention the potential legal issues related to doing this. If the executable was released under a license that would permit you to do this, then you would most likely have access to the source code. So the fact that you do not have access to the source code implies that doing what you are suggesting might not be legal.
Eventually I managed to "disable" a few lines of code in the compiled exe.
I used Reflector with Reflexil plugin installed. Reflexil allowed me to edit an MSIL instruction, and then save the result back to an exe file. So, it involved learning a few MSIL instructions, especially the "no operation" command (making a line of code do nothing). To see the list of instructions and a tutorial, see here and here.
Hope it helps someone else.
for the sake of completeness:
Another possible solution is to use the ildasm http://msdn.microsoft.com/en-US/library/f7dy01k1%28v=vs.80%29.aspx
MSIL Disassembler, edit the MSIL and feed it back to ilasm.
How practical this solution is, depends on you of course
This thread may help: dotnet dll decompile and change the code
Last time When I tried with decompile the source using reflection, I got too many compilation issues with regarding to resources and other subs though the dll isn't obfuscated. So there could be things beyond just extracting the source and modifying in order to make your new dll work as the old one.
SO I would suggest to go with direct dll manipulation using any of the options mentioned in the other thread.
If you have source code on the same machine on which you are testing your exe file, and if you are making changes in your sourcecode in visual studio, then while compiling it will automatically get reflected in your exe file.
You need not do any special thing for it. And if it is not, then just make the changes in code and paste your debugg folder's new exe (with debugg folder) on another machine having all recent changes.
I would first like to say my goal is to convert MSIL into native X86 code. I am fine with my assembly's still needing the .net framework installed. NGEN is not what I want as you still need the original assembly's.
I came across ilasm, and what I am wondering is this what I want, will this make pure assembly code?
I have looked at other projects like mono (which does not support some of the key features my app uses) and .net linkers but they simple just make a single EXE with the .net framework which is not what I am looking for.
So far any research has come up with...you can't do it. I am really no sure as to why as the JIT does it when it loads the MSIL assembly. I have my own reasons for wanting this, so I guess my question(s) come down to this.
Is the link I posted helpful in anyway?
Is there anything out there that can turn MSIL into x86 assembly?
There are various third-party code-protection packages available that hide the IL by encrypting it and packing it with a special bootloader that only unpacks it during runtime. This might be an option if you're concerned about disassembly of your code, though most of these third-party packages are also already cracked (somewhat unavoidable, unfortunately.) Simple obfuscation may ultimately be just as effective, assuming this is your underlying goal.
One the major challenges associated with 'pre-jitting' the IL is that you end up including fixed address references in the native code. These in turn will need to be 're-based' when the native code is loaded for execution under the CLR. This means you need more than just the logic that gets compiled; you also need all of the reference context information necessary to rebase the fixed references when the code is loaded. It's a lot more than just caching code.
As with most things, the first question should be why instead of how. I assume you have a specific goal in mind, if you want to generate native code yourself (also, why x86? Why not x64 too?). This is the job of the JIT compiler - to compile an optimized instruction set on a particular platform only when needed, and execute it later.
The best source I can recommend to try and understand how the CLR works and how JIT works is taking a look at SSCLI - an implementation of the CLR based on the ECMA-335 spec.
Have you considered not using C#? Given that the output of the C# compiler is MSIL, it would make sense to develop on a different platform if that is not what you want.
Alternatively it sounds like NGEN does the operation you are wanting, it just doesn't handle putting the entire thing into an executable. You could analyze the resultant NGEN image to determine what needs to be done to accomplish that (note that NGENed images are PE files per the documentation)
Here is a link on NGEN that contains information on where the images are stored: C:\windows\assembly\NativeImages_CLR_Bit for instance C:\windows\assembly\NativeImages_v2.0.50727_86. Note that .NET 3.0 and 3.5 are both part of 2.0.
Take ILSPy. When I view my assembly am I looking at my original C#? Or, is this code reconstructed from CIL using some type of reverse engineering process?
My understanding is that release assemblies do not include any original code, just CIL. So, does it make a difference if I build my assembly in release mode?
Neither release nor debug assemblies contain original source code.
ILSpy & friends analyze the compiled CIL to extract a reasonable C# equivalent.
Release vs Debug still makes a huge difference. The compiler does optimize. See Scott Hanselman's post about Release vs Debug.
In terms of what ILSpy does, yes it displays CIL and then reverse engineers it to a reasonable C#/VB representation. I'll admit ILSpy does a very good job with it! I've reversed others' assemblies with it and can make perfect sense of their code. The only time I've had it break down was with WPF and GUI stuff, but I'm sure there are ways to work that as well.
In terms of preventing reversal of your assembly and protecting your intellectual property, use Dotfuscator or other obfuscation tool.
You are seeing code reconstructed from the IL. This reconstruction process can be performed on any .NET assembly regardless of whether it is built in debug or release mode.
You can't prevent your source code from being reconstructed from your assembly in this way, but if you want to make the code less useful/understandable you can use various .NET obfuscation tools.
Actually, you could use ILMerge or .net FuZe to wrap your exe and dlls into an exe or dll container, making it more difficult to disassemble.
I use reflector to decompile a asp.net dll, after that I find the bug and fixed it, now I want to compile it back to a dll, then I can deploy, but it seems that I can't how can I do this ?
You have two choices, either you use Reflector's addin Filedisassembler, which is free, or commercial ( and pricy) .net dissemblers such as spices.net or salamander decompiler.
I used Filedisassembler; the quality of the decompiled code is very bad. The decompiler code cannot be recompiled.
I'm sure about the quality of commercial decompilers but I suspect that it would be much better.
Edit: To use Filedisassembler, go to Reflector, View->Addins, click Add and select the Filedisassembler.dll.
If the fix is simple enough and you know IL, you are better of round tripping it using IL instead of a high-level language such as C# or VB.Net.
See search: http://www.google.com/#hl=en&q=ildasm+IL+round-tripping