I'm a newer in MSIL , nowadays I have a problem about
disassemble/assemble .net MSIL.
I found a dll plugin
Can you tell us what it is?
,i want to dissamble it for studing ,
The .NET Reflector tool (
http://www.aisto.com/roeder/DotNet/) is an
easier tool to work with if you just want to look inside the assembly.
However, you're trying to reassemble, so you're performing
modifications. Be aware that current obfuscation techniques can
currently create identifiers in Unicode that, by default, don't
round-trip because ILDASM outputs in ANSI by default. You need to use
the /unicode flag to ILDASM if you want to preserve these identifiers.
Also, ILDASM is only really expert about CLI assembly sections. Windows
..EXE files are in PE format, which can include resources that can be
read by the native Win32 APIs, which ILDASM may not extract correctly.
The .NET reflector tool above is a good example of an obfuscated
assembly. It uses a Win32 .rsrc section which (last time I checked)
contains an XOR encrypted .DLL assembly, using a simple key. As well as
that, the assemblies are strong named. If you simply run:
ildasm /unicode /all /out:reflector.il reflector.exe
followed by
ilasm reflector.il /resource=reflector.res
.... it won't work. The .res file extracted by ILDASM is only the start
of the actual .rsrc section in the object file, which is actually a good
750KB or so in size. Opening up the section using the Win32 resource
APIs allows reading in the extra parts of the .rsrc - but that won't
help you for round-tripping Reflector.exe.
so i ildasm
it to prog.il, and then i ilasm it ,but it not works and failure.i do
not konw why it failed.
here is the command:
ilasm /resource=prog.src prog.il /DLL
and it failed~
What was the error message from running this at the command prompt?
-- Barry
