Disassembling ForFun2

50 %
50 %
Information about Disassembling ForFun2

Published on June 19, 2007

Author: Sharck

Source: authorstream.com

Disassembling for Fun:  Disassembling for Fun Jason Haley Who is this guy?:  Who is this guy? Certifiable (MCSD.net certified that is) Blog – http://jasonhaley.com/blog Co-leader of Beantown .Net User Group Member of Boston Area Code Brew A nerd dinner organizer for Boston area TA for Programming .Net at Harvard Sr. Software Engineer - Cheshire Software Disassembling is useful:  Disassembling is useful See how efficient a compiler is Translate IL to a higher level language View all pieces of an assembly Extract resources Edit source code to recompile Example of disassembling:  Example of disassembling What is Round-tripping? Demos: ILDasm, Reflector Agenda:  Agenda Define disassembling Applied disassembling Writing a disassembler What is disassembling?:  What is disassembling? Disassembling is not reflection Demos: WinCV, Asmex Disassemble or decompile Demos: ILDasm, Reflector Agenda:  Agenda Define disassembling Applied disassembling Writing a disassembler What is in an assembly file?:  What is in an assembly file? PE/COFF File CLR Header Metadata IL code PE File:  PE File Portable Executable File Format PE/COFF headers Data directories Sections Demos: Dumpbin, .Net Explorer CLR Header:  CLR Header Contains CLR specific information 'Required runtime' version Metadata location Managed resources location Strong name signature location Demo: .Net Explorer Metadata:  Metadata Assembly metadata Metadata header Metadata streams (tables and heaps) Demos: Monodis, Asmex, Spices.Net IL Code:  IL Code Recognizing the pieces Metadata table contents Metadata heap contents IL code Demos: Metadata diagram, ILDasm, Dis# Disassemblers/Decompilers:  Disassemblers/Decompilers ILDasm Monodis DILE – Dotnet IL Editor Reflector for .Net Asmex – Free source .Net Assembly Examiner Dis# - .Net decompiler .Net Explorer Spices.Net DILE – Dotnet IL Editor:  DILE – Dotnet IL Editor Open source (Zsolt Petreny) – http://sourceforge.net/projects/dile Disassembles to IL Quick search for name and tokens Debugger functionality – can debug IL! Demo: Debugging IL vs. Assembler Reflector for .Net:  Reflector for .Net Lutz Roeder – http://www.aisto.com/roeder/dotnet Great code browsing tool Add-ins created by community - http://csharp21.tripod.com/ReflectorAddIns Demo: Reflector and its add-ins Asmex – Assembly Examiner:  Asmex – Assembly Examiner Free source (Ben Peterson) - http://www.jbrowse.com/products/asmex/ Graphical representation Most pieces of an assembly Demo: Look at the code Agenda:  Agenda Define disassembling Applied disassembling Writing a disassembler Writing a disassembler:  Writing a disassembler PE/COFF File CLR Header Metadata IL Code PE File:  PE File Finding the PE header Signatures (MS-DOS, PE) Necessary structures Demos: Vijay CLR Header:  CLR Header Finding the CLR Header Need information from PE Header Calculate the offset in file Demos: Vijay Metadata:  Metadata Tables are a 'normalized database' Heaps String – zero-terminated character GUID – 16 byte binary objects Blob – binary object, preceded by its length Manifest Demos: metainfo, Vijay IL Code:  IL Code Getting to the IL code Signatures RVA Method format (tiny or fat) Method data section Exception handling clause (small or fat) Demos: Dile, Vijay Summary:  Summary What is disassembling? What is a disassembler and what can it do for you? Where can I find a disassembler? What are some of the things you need to know to write your own disassembler? Why do you care? Resources:  Resources Inside Microsoft .Net IL Assembler – Serge Lidin Standard ECMA-335 – CLI – http://ecma-international.org/publications/standards/Ecma-335.htm Metadata diagram - Chris King .Net SDK (especially ILDasm) Questions:  Questions ?

Add a comment

Related presentations