1 / 5

Decompilation of .NET bytecode

Decompilation of .NET bytecode. Stephen Horne Trinity Hall. Computer Science Part II Project Progress Report. http://hal.trinhall.cam.ac.uk/~srh38/project. 10 th February 2004. The .NET framework. .NET and the Common Language Runtime Microsoft’s answer to Java

alessandra-tandy
Télécharger la présentation

Decompilation of .NET bytecode

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Decompilation of .NET bytecode Stephen Horne Trinity Hall Computer Science Part II Project Progress Report http://hal.trinhall.cam.ac.uk/~srh38/project 10th February 2004

  2. The .NET framework • .NET and the Common Language Runtime • Microsoft’s answer to Java • CLR is .NET equivalent of the JVM • Lots of useful metadata provided in assemblies C# C# compiler J# J# compiler Common Language Runtime CIL and Metadata Managed C++ Managed C++ compiler VB .NET VB .NET compiler • What about reversing the compilation process? • Sometimes we want to recover source from a binary • Language translation • Lost source recovery • Checking for malicious code • Obvious legal and ethical ramifications Slide 2

  3. Structure of a decompiler Executable Front end • Reads in bytecode • Divides into basic blocks Low-level intermediate code Unstructured control-flow graph UDM Decompiler • Data-flow analysis • Control-flow analysis Structured control-flow graph High-level intermediate code Source Back end • Code generation Slide 3

  4. Example decompilation CIL bytecode Control-flow graph Process IL_0000: ldc.i4.0 IL_0001: stloc.0 IL_0002: ldc.i4.0 IL_0003: stloc.1 IL_0004: br.s IL_0023 Entry 1 • Divide code into basic blocks and create CFG • Data-flow analysis • Register copy propogation • Control-flow analysis • Divide graph into intervals • Loops induced by back-edges within intervals • Nesting of intervals  nesting of loops • Conditionals found by common follow nodes • Order of nodes  nesting of conditionals • Generate code from structured CFG 1 IL_0006: ldc.i4.3 IL_0007: ldloc.1 IL_0008: mul IL_0009: ldarg.0 IL_000a: bge.s IL_0012 3 2 IL_000c: ldloc.0 IL_000d: ldc.i4.1 IL_000e: sub IL_000f: stloc.0 IL_0010: br.s IL_0016 4 8 3 IL_0012: ldloc.0 IL_0013: ldc.i4.1 IL_0014: add IL_0015: stloc.0 5 9 4 5 IL_0016: ldloc.0 IL_0017: call Math::Abs(int32) IL_001c: ldloc.1 IL_001d: blt.s IL_0006 6 Exit 6 IL_001f: ldloc.1 IL_0020: ldc.i4.1 IL_0021: add IL_0022: stloc.1 7 7 IL_0023: ldloc.1 IL_0024: ldarg.0 IL_0025: blt.s IL_0006 2 IL_0027: ldloc.0 IL_0028: stloc.2 IL_0029: br.s IL_002b 8 9 IL_002b: ldloc.2 IL_002c: ret Slide 4

  5. Current status Original • Features implemented: • Analysis for basic conditional and looping structures • Control flow graph generation • C# code generation • Almost half the CIL instruction set • Decompiles very basic applications • Remaining tasks (lots!): • Local variable names • Basic language features (arrays, switching, breaks etc.) • Advanced features (custom indexers, operator overloading, properties) • Object oriented features • Extensions: • Decompilation for other stack-based architectures (e.g. Java) • Code generation for other languages (e.g VB .NET) • Graphical user interface public static int ControlExample(int x) { int y = 0; for(int i = 0; i < x; i++) { do { if(3 * i < x) y--; else y++; } while(Math.Abs(y) < i); } return y; } Decompiled public static Int32 ControlExample(Int32 x) { Int32 local0; Int32 local1; Int32 local2; local0 = 0; local1 = 0; while (local1 < x) { do { if (((3 * local1) < x)) { local0 = (local0 - 1); } else { local0 = (local0 + 1); } } while (Math.Abs(local0) < local1); local1 = (local1 + 1); } local2 = local0; return local2; } Slide 5

More Related