Disassembling for Fun Jason Haley. Who is this guy? Certifiable (MCSD.net certified that is) Blog...
25
Disassembling for Disassembling for Fun Fun Jason Haley Jason Haley
-
Upload
meagan-johnston -
Category
Documents
-
view
217 -
download
2
Transcript of Disassembling for Fun Jason Haley. Who is this guy? Certifiable (MCSD.net certified that is) Blog...
- Slide 1
- Disassembling for Fun Jason Haley
- Slide 2
- Who is this guy? Certifiable (MCSD.net certified that is) Blog http://jasonhaley.com/blog http://jasonhaley.com/blog Co-leader of Beantown.Net User Group Member of Boston Area Code Brew A nerd dinner organizer for Boston area TA for Programming.Net at Harvard Sr. Software Engineer - Cheshire Software
- Slide 3
- Disassembling is useful See how efficient a compiler is Translate IL to a higher level language View all pieces of an assembly Extract resources Edit source code to recompile
- Slide 4
- Example of disassembling What is Round-tripping? Demos: ILDasm, Reflector
- Slide 5
- Agenda Define disassembling Applied disassembling Writing a disassembler
- Slide 6
- What is disassembling? Disassembling is not reflection Demos: WinCV, Asmex Disassemble or decompile Demos: ILDasm, Reflector
- Slide 7
- Agenda Define disassembling Applied disassembling Writing a disassembler
- Slide 8
- What is in an assembly file? PE/COFF File CLR Header Metadata IL code
- Slide 9
- PE File Portable Executable File Format PE/COFF headers Data directories Sections Demos: Dumpbin,.Net Explorer
- Slide 10
- CLR Header Contains CLR specific information Required runtime version Metadata location Managed resources location Strong name signature location Demo:.Net Explorer
- Slide 11
- Metadata Assembly metadata Metadata header Metadata streams (tables and heaps) Demos: Monodis, Asmex, Spices.Net
- Slide 12
- IL Code Recognizing the pieces Metadata table contents Metadata heap contents IL code Demos: Metadata diagram, ILDasm, Dis#
- Slide 13
- Disassemblers/Decompilers ILDasm Monodis DILE Dotnet IL Editor Reflector for.Net Asmex Free source.Net Assembly Examiner Dis# -.Net decompiler .Net Explorer Spices.Net
- Slide 14
- DILE Dotnet IL Editor Open source (Zsolt Petreny) http://sourceforge.net/projects/dile http://sourceforge.net/projects/dile Disassembles to IL Quick search for name and tokens Debugger functionality can debug IL! Demo: Debugging IL vs. Assembler
- Slide 15
- Reflector for.Net Lutz Roeder http://www.aisto.com/roeder/dotnet http://www.aisto.com/roeder/dotnet Great code browsing tool Add-ins created by community - http://csharp21.tripod.com/ReflectorAddIns http://csharp21.tripod.com/ReflectorAddIns Demo: Reflector and its add-ins
- Slide 16
- Asmex Assembly Examiner Free source (Ben Peterson) - http://www.jbrowse.com/products/asmex/ http://www.jbrowse.com/products/asmex/ Graphical representation Most pieces of an assembly Demo: Look at the code
- Slide 17
- Agenda Define disassembling Applied disassembling Writing a disassembler
- Slide 18
- Writing a disassembler PE/COFF File CLR Header Metadata IL Code
- Slide 19
- PE File Finding the PE header Signatures (MS-DOS, PE) Necessary structures Demos: Vijay
- Slide 20
- CLR Header Finding the CLR Header Need information from PE Header Calculate the offset in file Demos: Vijay
- Slide 21
- Metadata Tables are a normalized database Heaps String zero-terminated character GUID 16 byte binary objects Blob binary object, preceded by its length Manifest Demos: metainfo, Vijay
- Slide 22
- IL Code Getting to the IL code SignaturesRVA Method format (tiny or fat) Method data section Exception handling clause (small or fat) Demos: Dile, Vijay
- Slide 23
- Summary What is disassembling? What is a disassembler and what can it do for you? Where can I find a disassembler? What are some of the things you need to know to write your own disassembler? Why do you care?
- Slide 24
- Resources Inside Microsoft.Net IL Assembler Serge Lidin Standard ECMA-335 CLI http://ecma- international.org/publications/standards/Ec ma-335.htm http://ecma- international.org/publications/standards/Ec ma-335.htmhttp://ecma- international.org/publications/standards/Ec ma-335.htm Metadata diagram - Chris King .Net SDK (especially ILDasm)
- Slide 25
- Questions ?