Hello,
Is there a way to take a chuck of msil code saved as a byte stream and reverse engineer it to some higher level code (e.g. C#)?
Edit: MSIL instructions that are not a whole assembly
Thanks,
Jon
A:
Reflector does just that... so yes, it is possible, assuming that you do have the correct context (to resolve type tokens etc.).
However, just as with Reflector, the reverse engineered code may be completely different than the original code, but it will have the same semantics (if there's no bug in the code generator).
Lucero
2010-10-17 19:47:08
Reflector works on _assemblies_. I am not sure this is what the OP is asking for.
Oded
2010-10-17 19:47:35
The question was if "there is a way" - my answer is that yes, if you have the additional information required to make something meaningful from all the data in the MSIL stream (opcodes are no problem, but type and method tokens etc. are a problem).
Lucero
2010-10-17 19:50:07
Oded, True. It is not an assmebly, and reflector does not know how to handle it.
Jon
2010-10-17 19:50:07
Lucero, where can I find that required information, and once I have it how can it be integrated with the MSIL code to become a meanningful high level language? (if I understood you correctly it is possible)
Jon
2010-10-17 19:52:08
Can you make an intermediate assembly out of the bytecode stream?
Merlyn Morgan-Graham
2010-10-17 19:54:46
Jon, give us some more information about where you get that MSIL from. Without metadata information, the MSIL stream is pretty useless, because it cannot be bound to types, fields, methods, or even constant strings loaded onto the stack. So the primary question is, do you have this metadata as well? See also http://msdn.microsoft.com/en-us/library/ms404456.aspx for some info on that.
Lucero
2010-10-17 19:58:46
Sorry merlyn, I dont know what you mean. Can you please supply more information?
Jon
2010-10-17 19:59:24
Lucero, that byte stream represents a dynamic loadable method. In order to load elements dynamicly (using reflection) their metadata are not neccesrly attached, correct?
Jon
2010-10-17 20:02:40
Can you give more specific details on the "dynamic loadable method" thing? What are they, if not in an assembly? Where do they come from? In order to use anything you need the metadata, reflection is about nothing but metadata.
Lucero
2010-10-18 09:37:57
A:
Mono.Cecil offers some analysis functionality:
http://www.mono-project.com/Cecil
Not sure if it can analyze pure IL code.
CodeInChaos
2010-10-17 19:52:04
From the site: "In simple English, with Cecil, you can load existing managed assemblies". So, an assembly is required.
Oded
2010-10-17 19:53:01
A:
Not sure it this will work, but ILDASM sounds about right:
The MSIL Disassembler is a companion tool to the MSIL Assembler (Ilasm.exe). Ildasm.exe takes a portable executable (PE) file that contains Microsoft intermediate language (MSIL) code and creates a text file suitable as input to Ilasm.exe.
Note the requirement for the file to be a PE file, so for anything practical this would still essentially be a managed assembly.
Since these instructions are low level, they will not necessarily correspond directly to high level code - even reflector will not give you the exact original code.
You may need to write your own tool in order to achieve this, as an assembly will contain some potentially required information (referenced assemblies, for instance).
Oded
2010-10-17 19:52:21
That will how ever only give me the MSIL commands not a high level syntax, correct?
Jon
2010-10-17 19:56:19
@Robert Harvey - I don't believe it does. http://en.wikipedia.org/wiki/Portable_Executable
Oded
2010-10-17 19:57:40
@Oded: Well, OK. But if the PE has IL in it, that essentially makes it a managed assembly.
Robert Harvey
2010-10-17 20:08:34