MSIL code
in [CSharp]
|
From: Arne Vajhøj on 11 Apr 2010 16:07 On 11-04-2010 03:59, Tony Johansson wrote: > Is it possible to say that MSIL can in a way be understood as a language of > it's own just to get a better understanding of MSIL. MSIL is the assembler language for the CLR. You can write manually MSIL code if you want to. ..NET comes with the ILASM utility to assemble it. Example: C.il ---- ..assembly extern mscorlib {} ..assembly C { .ver 1:0:0:0 } ..class public C extends [mscorlib]System.Object { .method public specialname rtspecialname instance void .ctor() cil managed { ret } .method public hidebysig instance void M() cil managed { ldstr "This also works" call void [mscorlib]System.Console::WriteLine(string) ret } } Test.cs ------- using System; public class Test { public static void Main(string[] args) { C o = new C(); o.M(); } } Build & run ----------- C:\>ilasm /dll C.il Microsoft (R) .NET Framework IL Assembler. Version 2.0.50727.3053 Copyright (c) Microsoft Corporation. All rights reserved. Assembling 'C.il' to DLL --> 'C.dll' Source file is ANSI Assembled method C::.ctor Assembled method C::M Creating PE file Emitting classes: Class 1: C Emitting fields and methods: Global Class 1 Methods: 2; Emitting events and properties: Global Class 1 Writing PE file Operation completed successfully C:\>csc /r:C.dll Test.cs Microsoft (R) Visual C# 2008 Compiler version 3.5.30729.1 for Microsoft (R) .NET Framework version 3.5 Copyright (C) Microsoft Corporation. All rights reserved. C:\>Test This also works Arne
From: Arne Vajhøj on 11 Apr 2010 16:20
On 10-04-2010 15:09, Tony Johansson wrote: > I just wonder about this Reflector tool. > If I made a dll in .NET can then a person that have this DLL look at all the > source code by using the Reflector tool ? > I mean can he/she recreate all the source code. He/she can create source code that compiles to the same binary as your source code. What will be missing is: - comments - names of local variables Plus what is not the original source code: - documentation - the knowledge of the developers that write the code For the typical business app then the missing parts is sufficient to make it more costly to reverse engineer the entire binary in a form that is maintainable than it is to create source code from scratch. But it does also mean that it takes about 10 seconds to find embedded passwords or other secrets in the code. Passwords/keys should be entered not embedded in the code. And security should not rely on the algorithm being secret. > If I instead have a DLL unmanaged code for example made in C++ is it here > possible look at the source code by using some kind of tool. > I mean something that remind of Reflector ? A lot more difficult. Under normal circumstances nobody would even try to decompile a large native binary. But if the gain by doing it is sufficient high, then someone will do it. Arne |