1 / 21

Disassembling for Fun

Disassembling for Fun. Jason Haley . Who is this guy?. Certifiable (MCSD.net certified that is) Blog – http://jasonhaley.com/blog Co-leader of Beantown .Net User Group Member of Boston Area Code Brew A nerd dinner organizer for Boston area Sr. Software Engineer - Cheshire Software.

leighna
Download Presentation

Disassembling for Fun

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disassembling for Fun Jason Haley New England Code Camp IV: “Developer’s Gone Wild”

  2. Who is this guy? • Certifiable (MCSD.net certified that is) • Blog – http://jasonhaley.com/blog • Co-leader of Beantown .Net User Group • Member of Boston Area Code Brew • A nerd dinner organizer for Boston area • Sr. Software Engineer - Cheshire Software New England Code Camp IV: “Developer’s Gone Wild”

  3. Disassembling is useful • See how efficient a compiler is • Translate IL to a higher level language • View all pieces of an assembly • Extract resources • Edit source code to recompile New England Code Camp IV: “Developer’s Gone Wild”

  4. Example of disassembling • What is Round-tripping? • Demos: ILDasm, Reflector New England Code Camp IV: “Developer’s Gone Wild”

  5. Agenda • Define disassembling • Applied disassembling • Writing a disassembler New England Code Camp IV: “Developer’s Gone Wild”

  6. What is disassembling? • Disassembling is not reflection Demos: WinCV, Asmex • Disassemble or decompile Demos: ILDasm, Reflector New England Code Camp IV: “Developer’s Gone Wild”

  7. Agenda • Define disassembling • Applied disassembling • Writing a disassembler New England Code Camp IV: “Developer’s Gone Wild”

  8. What is in an assembly file? • PE/COFF File • CLR Header • Metadata • IL code New England Code Camp IV: “Developer’s Gone Wild”

  9. PE File • Portable Executable File Format PE/COFF headers Data directories Sections • Demos: Dumpbin, .Net Explorer New England Code Camp IV: “Developer’s Gone Wild”

  10. CLR Header • Contains CLR specific information “Required runtime” version Metadata location Managed resources location Strong name signature location • Demo: .Net Explorer New England Code Camp IV: “Developer’s Gone Wild”

  11. Metadata • Assembly metadata Metadata header Metadata streams (tables and heaps) • Demos: Monodis, Asmex New England Code Camp IV: “Developer’s Gone Wild”

  12. IL Code • Recognizing the pieces Metadata table contents Metadata heap contents IL code • Demos: ILDasm, Spices.Net, Dis# New England Code Camp IV: “Developer’s Gone Wild”

  13. Agenda • Define disassembling • Applied disassembling • Writing a disassembler New England Code Camp IV: “Developer’s Gone Wild”

  14. Writing a disassembler • PE/COFF File • CLR Header • Metadata • IL Code New England Code Camp IV: “Developer’s Gone Wild”

  15. PE File • Finding the PE header Signatures (MS-DOS, PE) Necessary structures • Demos: Vijay New England Code Camp IV: “Developer’s Gone Wild”

  16. CLR Header • Finding the CLR Header Need information from PE Header Calculate the offset in file • Demos: Vijay New England Code Camp IV: “Developer’s Gone Wild”

  17. Metadata • Tables are a “normalized database” • Heaps String – zero-terminated character GUID – 16 byte binary objects Blob – binary object, preceded by its length • Manifest • Demos: metainfo, Vijay New England Code Camp IV: “Developer’s Gone Wild”

  18. IL Code • Getting to the IL code Signatures RVA Method format (tiny or fat) Method data section Exception handling clause (small or fat) • Demos: Dile, Vijay New England Code Camp IV: “Developer’s Gone Wild”

  19. Summary • What is disassembling? • What is a disassembler and what can it do for you? • What are some of the things you need to know to write your own disassembler? • Why do you care? New England Code Camp IV: “Developer’s Gone Wild”

  20. Resources • Inside Microsoft .Net IL Assembler – Serge Lidin • Standard ECMA-335 – CLI – http://ecma-international.org/publications/standards/Ecma-335.htm • Metadata diagram - Chris King • .Net SDK (especially ILDasm) New England Code Camp IV: “Developer’s Gone Wild”

  21. Questions ? New England Code Camp IV: “Developer’s Gone Wild”

More Related