Download
disassembling for fun n.
Skip this Video
Loading SlideShow in 5 Seconds..
Disassembling for Fun PowerPoint Presentation
Download Presentation
Disassembling for Fun

Disassembling for Fun

97 Views Download Presentation
Download Presentation

Disassembling for Fun

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Disassembling for Fun Jason Haley

  2. Who is this guy? • Certifiable (MCSD.net certified that is) • Blog – http://jasonhaley.com/blog • Co-leader of Beantown .Net User Group • Member of Boston Area Code Brew • A nerd dinner organizer for Boston area • TA for Programming .Net at Harvard • Sr. Software Engineer - Cheshire Software

  3. Disassembling is useful • See how efficient a compiler is • Translate IL to a higher level language • View all pieces of an assembly • Extract resources • Edit source code to recompile

  4. Example of disassembling • What is Round-tripping? • Demos: ILDasm, Reflector

  5. Agenda • Define disassembling • Applied disassembling • Writing a disassembler

  6. What is disassembling? • Disassembling is not reflection Demos: WinCV, Asmex • Disassemble or decompile Demos: ILDasm, Reflector

  7. Agenda • Define disassembling • Applied disassembling • Writing a disassembler

  8. What is in an assembly file? • PE/COFF File • CLR Header • Metadata • IL code

  9. PE File • Portable Executable File Format PE/COFF headers Data directories Sections • Demos: Dumpbin, .Net Explorer

  10. CLR Header • Contains CLR specific information “Required runtime” version Metadata location Managed resources location Strong name signature location • Demo: .Net Explorer

  11. Metadata • Assembly metadata Metadata header Metadata streams (tables and heaps) • Demos: Monodis, Asmex, Spices.Net

  12. IL Code • Recognizing the pieces Metadata table contents Metadata heap contents IL code • Demos: Metadata diagram, ILDasm, Dis#

  13. Disassemblers/Decompilers • ILDasm • Monodis • DILE – Dotnet IL Editor • Reflector for .Net • Asmex – Free source .Net Assembly Examiner • Dis# - .Net decompiler • .Net Explorer • Spices.Net

  14. DILE – Dotnet IL Editor • Open source (Zsolt Petreny) – http://sourceforge.net/projects/dile • Disassembles to IL • Quick search for name and tokens • Debugger functionality – can debug IL! • Demo: Debugging IL vs. Assembler

  15. Reflector for .Net • Lutz Roeder – http://www.aisto.com/roeder/dotnet • Great code browsing tool • Add-ins created by community - http://csharp21.tripod.com/ReflectorAddIns • Demo: Reflector and its add-ins

  16. Asmex – Assembly Examiner • Free source (Ben Peterson) - http://www.jbrowse.com/products/asmex/ • Graphical representation • Most pieces of an assembly • Demo: Look at the code

  17. Agenda • Define disassembling • Applied disassembling • Writing a disassembler

  18. Writing a disassembler • PE/COFF File • CLR Header • Metadata • IL Code

  19. PE File • Finding the PE header Signatures (MS-DOS, PE) Necessary structures • Demos: Vijay

  20. CLR Header • Finding the CLR Header Need information from PE Header Calculate the offset in file • Demos: Vijay

  21. Metadata • Tables are a “normalized database” • Heaps String – zero-terminated character GUID – 16 byte binary objects Blob – binary object, preceded by its length • Manifest • Demos: metainfo, Vijay

  22. IL Code • Getting to the IL code Signatures RVA Method format (tiny or fat) Method data section Exception handling clause (small or fat) • Demos: Dile, Vijay

  23. Summary • What is disassembling? • What is a disassembler and what can it do for you? • Where can I find a disassembler? • What are some of the things you need to know to write your own disassembler? • Why do you care?

  24. Resources • Inside Microsoft .Net IL Assembler – Serge Lidin • Standard ECMA-335 – CLI – http://ecma-international.org/publications/standards/Ecma-335.htm • Metadata diagram - Chris King • .Net SDK (especially ILDasm)

  25. Questions ?