disassembling for fun l.
Download
Skip this Video
Download Presentation
Disassembling for Fun

Loading in 2 Seconds...

play fullscreen
1 / 25

Disassembling for Fun - PowerPoint PPT Presentation


  • 449 Views
  • Uploaded on

Disassembling for Fun. Jason Haley . Who is this guy?. Certifiable (MCSD.net certified that is) Blog – http://jasonhaley.com/blog Co-leader of Beantown .Net User Group Member of Boston Area Code Brew A nerd dinner organizer for Boston area TA for Programming .Net at Harvard

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Disassembling for Fun' - mare


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
who is this guy
Who is this guy?
  • Certifiable (MCSD.net certified that is)
  • Blog – http://jasonhaley.com/blog
  • Co-leader of Beantown .Net User Group
  • Member of Boston Area Code Brew
  • A nerd dinner organizer for Boston area
  • TA for Programming .Net at Harvard
  • Sr. Software Engineer - Cheshire Software
disassembling is useful
Disassembling is useful
  • See how efficient a compiler is
  • Translate IL to a higher level language
  • View all pieces of an assembly
  • Extract resources
  • Edit source code to recompile
example of disassembling
Example of disassembling
  • What is Round-tripping?
  • Demos: ILDasm, Reflector
agenda
Agenda
  • Define disassembling
  • Applied disassembling
  • Writing a disassembler
what is disassembling
What is disassembling?
  • Disassembling is not reflection

Demos: WinCV, Asmex

  • Disassemble or decompile

Demos: ILDasm, Reflector

agenda7
Agenda
  • Define disassembling
  • Applied disassembling
  • Writing a disassembler
what is in an assembly file
What is in an assembly file?
  • PE/COFF File
  • CLR Header
  • Metadata
  • IL code
pe file
PE File
  • Portable Executable File Format

PE/COFF headers

Data directories

Sections

  • Demos: Dumpbin, .Net Explorer
clr header
CLR Header
  • Contains CLR specific information

“Required runtime” version

Metadata location

Managed resources location

Strong name signature location

  • Demo: .Net Explorer
metadata
Metadata
  • Assembly metadata

Metadata header

Metadata streams (tables and heaps)

  • Demos: Monodis, Asmex, Spices.Net
il code
IL Code
  • Recognizing the pieces

Metadata table contents

Metadata heap contents

IL code

  • Demos: Metadata diagram, ILDasm, Dis#
disassemblers decompilers
Disassemblers/Decompilers
  • ILDasm
  • Monodis
  • DILE – Dotnet IL Editor
  • Reflector for .Net
  • Asmex – Free source .Net Assembly Examiner
  • Dis# - .Net decompiler
  • .Net Explorer
  • Spices.Net
dile dotnet il editor
DILE – Dotnet IL Editor
  • Open source (Zsolt Petreny) – http://sourceforge.net/projects/dile
  • Disassembles to IL
  • Quick search for name and tokens
  • Debugger functionality – can debug IL!
  • Demo: Debugging IL vs. Assembler
reflector for net
Reflector for .Net
  • Lutz Roeder – http://www.aisto.com/roeder/dotnet
  • Great code browsing tool
  • Add-ins created by community - http://csharp21.tripod.com/ReflectorAddIns
  • Demo: Reflector and its add-ins
asmex assembly examiner
Asmex – Assembly Examiner
  • Free source (Ben Peterson) - http://www.jbrowse.com/products/asmex/
  • Graphical representation
  • Most pieces of an assembly
  • Demo: Look at the code
agenda17
Agenda
  • Define disassembling
  • Applied disassembling
  • Writing a disassembler
writing a disassembler
Writing a disassembler
  • PE/COFF File
  • CLR Header
  • Metadata
  • IL Code
pe file19
PE File
  • Finding the PE header

Signatures (MS-DOS, PE)

Necessary structures

  • Demos: Vijay
clr header20
CLR Header
  • Finding the CLR Header

Need information from PE Header

Calculate the offset in file

  • Demos: Vijay
metadata21
Metadata
  • Tables are a “normalized database”
  • Heaps

String – zero-terminated character

GUID – 16 byte binary objects

Blob – binary object, preceded by its length

  • Manifest
  • Demos: metainfo, Vijay
il code22
IL Code
  • Getting to the IL code

Signatures

RVA

Method format (tiny or fat)

Method data section

Exception handling clause (small or fat)

  • Demos: Dile, Vijay
summary
Summary
  • What is disassembling?
  • What is a disassembler and what can it do for you?
  • Where can I find a disassembler?
  • What are some of the things you need to know to write your own disassembler?
  • Why do you care?
resources
Resources
  • Inside Microsoft .Net IL Assembler – Serge Lidin
  • Standard ECMA-335 – CLI – http://ecma-international.org/publications/standards/Ecma-335.htm
  • Metadata diagram - Chris King
  • .Net SDK (especially ILDasm)