Sam Nasr

1
Understanding MSIL

• By
• Sam Nasr
• September 28, 2004

2
Objectives

• Learn MSIL terminology
• Understand sections of an Assembly
• Discuss IL Tools
• Discuss additional resources

3
Advantages of Understanding MSIL

• Better understandingBetter troubleshooting.
• Understanding of possible security
  vulnerabilities.
• All roads lead to CLR

4
Definitions

• CLR Common Language Runtime
• Assembly Managed .Net application.
• Each assembly contains minimum 1 prime module,
  but possibly other additional modules.
• Module Managed executable

5
Definitions

• Metadata Data descriptors (i.e. info that
  describes the data).
• MSIL Microsoft Intermediate Language
• ILDASM Intermediate Language Disassembler.

6
Background

• Compiling in a .Net Framework
• (IL, similar to JVM)
• VS.
• Compiling in a traditional environment
• (native executable code)

7
Execution in .Net

• .Net Applications (assemblies) consist of one or
  more managed executables, each carrying metadata
  and managed code.
• JIT Compiler compiles IL to machine code
  dynamically as needed.
• Objects are loaded only when used.
• Machine code compilations are cached for
  subsequent executions.

8
Execution in .Net

• Code is executed in Managed Environment (type
  control, garbage collection, exception handling).
• Can compile from IL to native machine code using
  NGEN utility.
• Cost of Code (Sizes of Hello World .exe)
• C(3K) VS. C(32K) VS. C(173K)

9
CLR Requirements

• The CLR requires the following information about
• each method, which is available through metadata.
• Instructions each method has a pointer to the
  instruction set.
• Signature describes the calling convention,
  return type, parameter count and type

10
CLR Requirements

1. Exception Handling Array a list of exceptions
   and the offset address to the handling code.
2. Evaluation Stack Size typically seen as
   .maxstack in the ILDASM listing.
3. Locals Array all local variables used.

11
Example

• Create a program in Visual Studio.Net
• Debug and compile.
• Use ILDASM to generate .IL file.
• Use file editor to edit .IL file.
• Use ILASM to create the new assembly.

12
Reading IL

• RVA Relative Virtual Address
• ldstr loads a string token
• .assembly extern defines an external application
  referenced in the existing program.
• .module defines the current module.
• .field defines a metadata item used in the
  module

13
Reading IL

• .method defines a member method of the given
  class.
• .entrypoint defines the entry point of the
  current method
• .locals init defines the single local variable
  of the current method.

14
ILDASM Conventions

15
MSIL Utilities

• ildasm.exe Converts IL to human readable code
• C\Program Files\Microsoft Visual Studio.NET\
  FrameworkSDK\Bin
• dumpbin.exe Converts IL to human readable code
• C\Program Files\Microsoft Visual Studio
  .NET\Vc7\bin
• Reflector.exe Converts IL to human readable code
• http//www.aisto.com/roeder/dotnet/
• ILASM.EXE Converts human readable code to IL
• C\WINDOWS\Microsoft.NET\Framework\v1.1.4322
• NGEN.exe Compiles IL to machine code.
• C\WINDOWS\Microsoft.NET\Framework\v1.1.4322

16
Resources

• Inside Microsoft .NET IL Assembler by Serge Lidin
• .NET Common Language Runtime Unleashed by Kevin
  Burton
• (http//www.samspublishing.com/title/0672321246)
• Assemblies Ins and Outs by Chris Rausch
  (http//www.vbdotnetheaven.com)
• DotFuscator
• (http//www.preemptive.com/products/dotfuscator/FA
  Q.html)