1 / 25

Disassembling for Fun

Disassembling for Fun. Jason Haley . Who is this guy?. Certifiable (MCSD.net certified that is) Blog – http://jasonhaley.com/blog Co-leader of Beantown .Net User Group Member of Boston Area Code Brew A nerd dinner organizer for Boston area TA for Programming .Net at Harvard

mare
Télécharger la présentation

Disassembling for Fun

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Disassembling for Fun Jason Haley

  2. Who is this guy? • Certifiable (MCSD.net certified that is) • Blog – http://jasonhaley.com/blog • Co-leader of Beantown .Net User Group • Member of Boston Area Code Brew • A nerd dinner organizer for Boston area • TA for Programming .Net at Harvard • Sr. Software Engineer - Cheshire Software

  3. Disassembling is useful • See how efficient a compiler is • Translate IL to a higher level language • View all pieces of an assembly • Extract resources • Edit source code to recompile

  4. Example of disassembling • What is Round-tripping? • Demos: ILDasm, Reflector

  5. Agenda • Define disassembling • Applied disassembling • Writing a disassembler

  6. What is disassembling? • Disassembling is not reflection Demos: WinCV, Asmex • Disassemble or decompile Demos: ILDasm, Reflector

  7. Agenda • Define disassembling • Applied disassembling • Writing a disassembler

  8. What is in an assembly file? • PE/COFF File • CLR Header • Metadata • IL code

  9. PE File • Portable Executable File Format PE/COFF headers Data directories Sections • Demos: Dumpbin, .Net Explorer

  10. CLR Header • Contains CLR specific information “Required runtime” version Metadata location Managed resources location Strong name signature location • Demo: .Net Explorer

  11. Metadata • Assembly metadata Metadata header Metadata streams (tables and heaps) • Demos: Monodis, Asmex, Spices.Net

  12. IL Code • Recognizing the pieces Metadata table contents Metadata heap contents IL code • Demos: Metadata diagram, ILDasm, Dis#

  13. Disassemblers/Decompilers • ILDasm • Monodis • DILE – Dotnet IL Editor • Reflector for .Net • Asmex – Free source .Net Assembly Examiner • Dis# - .Net decompiler • .Net Explorer • Spices.Net

  14. DILE – Dotnet IL Editor • Open source (Zsolt Petreny) – http://sourceforge.net/projects/dile • Disassembles to IL • Quick search for name and tokens • Debugger functionality – can debug IL! • Demo: Debugging IL vs. Assembler

  15. Reflector for .Net • Lutz Roeder – http://www.aisto.com/roeder/dotnet • Great code browsing tool • Add-ins created by community - http://csharp21.tripod.com/ReflectorAddIns • Demo: Reflector and its add-ins

  16. Asmex – Assembly Examiner • Free source (Ben Peterson) - http://www.jbrowse.com/products/asmex/ • Graphical representation • Most pieces of an assembly • Demo: Look at the code

  17. Agenda • Define disassembling • Applied disassembling • Writing a disassembler

  18. Writing a disassembler • PE/COFF File • CLR Header • Metadata • IL Code

  19. PE File • Finding the PE header Signatures (MS-DOS, PE) Necessary structures • Demos: Vijay

  20. CLR Header • Finding the CLR Header Need information from PE Header Calculate the offset in file • Demos: Vijay

  21. Metadata • Tables are a “normalized database” • Heaps String – zero-terminated character GUID – 16 byte binary objects Blob – binary object, preceded by its length • Manifest • Demos: metainfo, Vijay

  22. IL Code • Getting to the IL code Signatures RVA Method format (tiny or fat) Method data section Exception handling clause (small or fat) • Demos: Dile, Vijay

  23. Summary • What is disassembling? • What is a disassembler and what can it do for you? • Where can I find a disassembler? • What are some of the things you need to know to write your own disassembler? • Why do you care?

  24. Resources • Inside Microsoft .Net IL Assembler – Serge Lidin • Standard ECMA-335 – CLI – http://ecma-international.org/publications/standards/Ecma-335.htm • Metadata diagram - Chris King • .Net SDK (especially ILDasm)

  25. Questions ?

More Related