Monday, January 19, 2009

[.NET] Understanding ildasm & Reflector

When I was a newbie to .NET world one of the most interesting thing I find is .NET's Common Intermediate Language (CIL)code. You may be wondering whats special with an intermediate language code ! Ok let me explain,
When .NET languages are compiled, the source code is translated into CIL code rather than platform specific object code. CIL is a CPU/Platform-independent instruction set that can be executed in any environment supporting the .NET framework. Since CIL is defined and is generic it is obvious that it can be read and interpreted and reverse engineered. So it is the time to call your attention to two disassembler utilities Ildasm and Reflector.



ildasm
Intermediate Language Disassembler utility (ildasm.exe), is shipped with .NET Framework 3.5 SDK. It allows you to load any .NET assembly and investigate its contents, including the associated manifest, CIL code, and type metadata. Take Ildasm from Microsoft Visual Studio 2008 Tools and if it is not available search ildasm.exe some where in the Visual studio install directories say C:\Program Files\Microsoft.NET\FrameworkSDK\bin. Follow the below stops,
1. Start ildasm and take File->Open menu.
2. Browse and select the assembly (.NET binary) for exploring.
3. Try exploring the details available (CIL code and assembly metadata)
Check out the below figure which shows exploring a Main() of an assembly using ildasm.




Reflector
Next most important and most popular object browser available is Reflector (originally written by Lutz Roeder). MSDN magazine named it as one of the Ten Must-Have utilities for developers ! So what's special with this ?
It allows to inspect, navigate, search, analyze, and browse the contents of a NET assembly and translates the intermediate language code to choosen .NET programming language, i.e Reflector allows you to decompile .NET assemblies into C#, Visual Basic, Delphi, MC++. It will show you the metadata, each call tree details, resources and XML documentation (what else you need ?). Follow the below steps and experience the wonder !
1. Download Reflector from here.
2. Take File->Open and browse for the .NET binary.
3. Select the class or function you want to explore.
4. For changing the Intermediate language code displayed to any other .NET language choose the same from the drop down. See the below snapshots of Reflector.




.NET Reflector's major use include tracking down performance problems and bugs, browsing classes, and familiarizing the code bases. It is also powerful in finding assembly dependencies, and even windows DLL dependencies, by using the Analyzer option. So try it and find what all you can do with Reflector !


1 comment:

Akanchha Shrivastava said...

i want to make a reverse engineered compiler but iam not getting from where to start and how to link three things:
1.to accept a .exe or .dll file from the user, read its contents.
2.convert it into msil using ildasm
3.finally, to use reflector to obtain the source code.

but iam really not getting how to fulfill these objectives.. please help