MSIL to machine level instructions

  • Thread starter Thread starter ARVIND LAKRA
  • Start date Start date
A

ARVIND LAKRA

Hello All,

I am looking forward for converting MSIL or exe or dll genrated
by .Net framwrok into machine level or low level instruction set.

It can be looked as obtaining the same instruction set that unmanaged(c
++) code genrate .

As we can get all machine level instruction set from C++ genrated exe
along with PDb file associated by using various tools. Tools like IDA
Pro , Zynamics , etc.

I want to know , is there a way to do the same for .net exe or
libraries.
 
ARVIND said:
Hello All,

I am looking forward for converting MSIL or exe or dll genrated
by .Net framwrok into machine level or low level instruction set.

It can be looked as obtaining the same instruction set that unmanaged(c
++) code genrate .

As we can get all machine level instruction set from C++ genrated exe
along with PDb file associated by using various tools. Tools like IDA
Pro , Zynamics , etc.

I want to know , is there a way to do the same for .net exe or
libraries.

http://en.wikipedia.org/wiki/Common_Intermediate_Language
http://en.wikipedia.org/wiki/Native_Image_Generator
http://msdn.microsoft.com/en-us/library/6t9t5wcf(v=VS.100).aspx
http://msdn.microsoft.com/en-us/library/f7dy01k1(v=VS.100).aspx
http://www.red-gate.com/products/reflector/
 


Hello Jason,
thanks for the reply . but there is one problem ..
ngen.exe or as it is known as native image generator creates the image
with machine instruction in its buffer . So we dont have a copy which
we can convert to machine instruction state. my target is have a
machine instruction set of any .net binary.
For eg:- whenever we crate any project using unmanaged C++ or u can
say VC++ , it gives a exe containing machine instruction set . now ,
we can disassemble that exe and pdb file genrated to get machine
instruction set of our code. I want something like that for .Net
binaries or DLL.

With Regards,
Arvind
 
Hello Jason,
thanks for the reply . but there is one problem ..
ngen.exe or as it is known as native image generator creates the image
with machine instruction in its buffer . So we dont have a copy which
we can convert to machine instruction state. my target is have a
machine instruction set of any .net binary.
For eg:- whenever we crate any project using unmanaged C++ or u can
say VC++ , it gives a exe containing machine instruction set . now ,
we can disassemble that exe and pdb file genrated to get machine
instruction set of our code.  I want something like that for .Net
binaries or DLL.

With Regards,
Arvind- Hide quoted text -

- Show quoted text -

hi ,
i am looking generate this corresponding Assembly Code for complete
EXE with all the symbols resolved. I know that machine code is
generated by JIT compiler when the EXE is run, but for my purpose I
need the assembly code for complete EXE.

eg:-
C# Code:

static void Main(String[] args)
{
int Pick = 1;

switch (Pick)
{
case 0:
Console.WriteLine("You picked 0");
break;
case 1:
Console.WriteLine("You picked 1");
break;
}

C# and VB are both converted to IL:

..method private hidebysig static void Main(string[] args) cil managed
{
.entrypoint
// Code size 98 (0x62)
.maxstack 2
.locals init ([0] int32 Pick,
[1] int32 CS$4$0000,
[2] bool CS$4$0001)
IL_0000: nop
IL_0001: ldc.i4.1
IL_0002: stloc.0
IL_0003: ldloc.0
IL_0004: stloc.1
IL_0005: ldloc.1
IL_0006: switch (
IL_0015,
IL_0022)
IL_0013: br.s IL_002f
IL_0015: ldstr "You picked 0"
IL_001a: call void
[mscorlib]System.Console::WriteLine(string)
IL_001f: nop
IL_0020: br.s IL_002f
IL_0022: ldstr "You picked 1"
IL_0027: call void
[mscorlib]System.Console::WriteLine(string)
IL_002c: nop
IL_002d: br.s IL_002f


IL is compiled to assembly (C# included for readability):

static void Main(String[] args)
{
00000000 mov qword ptr [rsp+8],rcx
00000005 sub rsp,68h
00000009 mov dword ptr [rsp+20h],0
00000011 mov dword ptr [rsp+24h],0
00000019 mov byte ptr [rsp+28h],0
0000001e mov rax,7FF001E1E00h
00000028 mov eax,dword ptr [rax]
0000002a test eax,eax
0000002c je 0000000000000033
0000002e call FFFFFFFFF0928280
00000033 nop
int Pick = 1;
00000034 mov dword ptr [rsp+20h],1

switch (Pick)
0000003c mov eax,dword ptr [rsp+20h]
00000040 mov dword ptr [rsp+24h],eax
00000044 mov eax,dword ptr [rsp+24h]
00000048 mov dword ptr [rsp+40h],eax
0000004c cmp dword ptr [rsp+40h],2
00000051 jae 0000000000000071
00000053 movsxd rcx,dword ptr [rsp+40h]
00000058 lea rax,[0000011Bh]
0000005f movsxd rcx,dword ptr [rax+rcx*4]
00000063 lea rax,[0000006Fh]
0000006a add rcx,rax
0000006d jmp rcx
0000006f jmp 000000000000006F
00000071 jmp 000000000000009D
{
case 0:
Console.WriteLine("You picked 0");
00000073 mov rcx,126E3100h
0000007d mov rcx,qword ptr [rcx]
00000080 call FFFFFFFFEF826100
00000085 nop
break;
00000086 jmp 000000000000009D
case 1:
Console.WriteLine("You picked 1");
00000088 mov rcx,126E3108h
00000092 mov rcx,qword ptr [rcx]
00000095 call FFFFFFFFEF826100
0000009a nop
break;
0000009b jmp 000000000000009D
}

With regards
Arvind
 
ARVIND said:
Hello Jason,
thanks for the reply . but there is one problem ..
ngen.exe or as it is known as native image generator creates the image
with machine instruction in its buffer . So we dont have a copy which
we can convert to machine instruction state. my target is have a
machine instruction set of any .net binary.
For eg:- whenever we crate any project using unmanaged C++ or u can
say VC++ , it gives a exe containing machine instruction set . now ,
we can disassemble that exe and pdb file genrated to get machine
instruction set of our code. I want something like that for .Net
binaries or DLL.

With Regards,
Arvind

Yes, it's not as easy as I thought. NGen creates the files in
C:\Windows\assembly - which is a "special" folder.

You can use something like
subst z: c:\windows\assembly
to get access to the output, but your .exe will still be dependent on
the .NET Framework, eg mscorlib. The disassemblers I tried (IDA Pro Free
and W32Dasm) produced much more assembly code than the example you provided.

I believe Xenocode Postbuild can produce stand-alone executables (by
linking in the parts of the .NET Framework used by your application) -
but haven't tried it. It may be worth your while to test the trial version.
 
Jason,
IDA Pro (even paid version) produces IL as output. If we give it as a
simple PE file, it does not give any meaningful assembly.
But I think there has to be some tool which can produce the kind of
assembly code Arvind is looking for.

Regards,
Shreshth
 
sl said:
Jason,
IDA Pro (even paid version) produces IL as output. If we give it as a
simple PE file, it does not give any meaningful assembly.
But I think there has to be some tool which can produce the kind of
assembly code Arvind is looking for.

Regards,
Shreshth

I tried disassembling an NGENed version of a .NET (console) program. It
did provide assembly code as output, not IL - but I don't know if the
output would be useful to Arvind.

In my opinion the quoted example provided did not display realistic
assembly code, as the Console.WriteLine function was not disassembled.
 
Back
Top