Why is decompilation possible?

February 26, 2020 19:40

Tagged in .NET, .NET Core, Debugging, Visual Studio

There are a lot of decompilers available in the .NET ecosystem and this has always been the case. I mean always. However, I sometimes forget that not everyone knows or appreciates this and that my perspective is born from the fact that I was a professional developer during the formative years of .NET. So it was a bit of a shock to see some of the responses to Decompilation being available in Visual Studio.

We do not talk about ILASM and the ILDASM very much these days, but these tools have been shipped with Visual Studio for years and allow you to manually assemble and disassemble modules at will.

I wrote about this orthogonally but it is important to repeat some fundamental Intermediate Language and Just in Time compilation are important concepts. Lets define them again here:

IL (Intermediate Language) - All .NET compilers generate Intermediate Language (IL) no matter what the underlying language used to develop the application. The CLR actually has no idea about the language used to develop a given application. All .NET compilers will generate a standard, common language we refer to as IL (aka, MSIL and CIL).

So you have executable or assembly replete with IL, now what? We have to execute it right? That is where JIT comes in:

JIT (Just in Time) - Before Intermediate Language (IL) can be executed, it must converted by the .NET Framework's JIT compiler to native code, which is CPU specific code that run on some computer architecture as the JIT compiler. Rather than using time and memory to convert all the MSIL in portable executable (PE) file to native code, it converts the MSIL as it is needed during execution and stored in resulting native code so it is accessible for subsequent calls.

There are some real advantages to this IL/JIT strategy:

  • You can potentially run your code on any platform because you are not stuck with native code (or specific version of native you built). You will, however, need to an JIT compiler for those platforms.
  • Further you can add run-time optimizations that are not possible had you created native code. So if a new CPU feature is created your IL can potentially take advantage of it (assuming an updated JIT compiler).

Given this pattern it is relatively straight for to create tools that exceed ILDASM, I have written about Lutz Roeder’s Reflector or ILSpy and a couple of others in the past. Decompilers exist and have always existed, so what can you do to protect your code?

Since .NETs inception folks that have sought out additional protection against decompilation have normally turned to obfuscation. There at least a dozen to select from that are free (such as ConfuserEx) to professional grade (such as PreEmptive). I do not have any endorsements to make here only that a quick Bing search can give you much to choose from.

Roslyn Compiler ILSpy integration

One other point of interest is that decompilation with ILSpy has existed in Visual Studio for a few years now but it is still under a preview flag. If you navigate to Options->Text Editor->C#->Advanced the Analysis section allows you to enable navigation to decompiled sources.

decompilation-rosalyn

Once enabled this permits you to F12 (go to definition) into 3rd party software and see what’s going, I think it is a really helpful feature for understanding how code may be helping or hurting you.

But lets say your a software creator who is not keen on Visual Studio users being able to casually browse through your code, you can actually use the SuppressIldasmAttribute class to stop decompilation from occurring on your module. Of course this will not protect you from the plethora of other decompilers on the market.

Visual Studio Debugger ILSpy integration

My team has also done a lot of work with integrating the ILSpy decompilation with the Visual Studio Debugger and you now have the option of decompiling during debugging or when you are analyzing a memory dump. Now if you are confronted with a No Symbols Loaded page? Or maybe experienced an exception occurring in a 3rd party .NET assembly but had no source code to figure out why? You can use Visual Studio to decompile managed code even if you don’t have the symbols, allowing you to look at code, inspect variables and set breakpoints. I love this new feature!

decompilation-visualstudio-debugger
Share on Twitter Facebook

Comment Section

Michael Balloni (February 28, 2020 21:16)
What are your thoughts on .NET obfuscators, like 9rays.NET? These rename symbols, encrypt strings, etc.
Mark Downie (March 02, 2020 1:09)
Hi Michael, I have not tried 9rays.NET myself but its feature set is very impressive.
Hotels San Cassiano (March 08, 2020 8:38)
Pretty nice post. I just stumbled upon your weblog and wished to say that I have really enjoyed browsing your blog posts. After all I'll be subscribing to your rss feed and I hope you write again very soon!
hgf (March 26, 2020 16:47)
Excellent goods from you, man. I've understand your stuff previous to and you're just too excellent. I actually like what you've acquired here, certainly like what you are stating and the way in which you say it. You make it enjoyable and you still care for to keep it sensible. I cant wait to read much more from you. This is really a great site.
coin master free spins link today (March 27, 2020 18:36)
Heya exceptional blog! Does running a blog similar to this require a large amount of work? I've no knowledge of coding however I was hoping to start my own blog in the near future. Anyhow, should you have any suggestions or techniques for new blog owners please share. I know this is off subject however I simply needed to ask. Appreciate it!
infowiesci.com.pl (March 28, 2020 2:26)
http://likeplus.waw.pl http://datasolutions.com.pl http://wmkiw.pl http://amtm.pl http://magicflvacation.com http://gosciniecmurckowski.pl In some methods, it has restored the thought of the newspaper, since we once again read information tales. http://stolpo.pl http://fine-scale.org http://nopix.pl http://imerp.pl http://totalwedding.co.uk http://planetaski.pl
http://dajplus.pl (March 28, 2020 2:55)
http://unspoken.pl http://signwise.pl http://034548.org http://amtm.pl http://auroratennis.org http://mebledosypialni.info.pl http://hellheaven.pl http://meblenaogrod.com.pl http://navisafe.pl http://safetynett-uk.co.uk http://eltying.com.pl http://texturekick.com.pl http://abweb.com.pl http://mastermedia.info.pl http://my-place.pl The top quality experience provided by the Information School has been identified in an exceptional result from the National Student Study (NSS) 2016.
http://godsplanet4haiti.org (March 30, 2020 0:27)
http://kolorowe-kuchnie.pl http://bristolwedding.co.uk http://datasolutions.com.pl http://kb-direct.pl http://magicflvacation.com http://texturekick.com.pl BRUSSELS (AP) - The Trump administration signaled Thursday there shall be no change soon in U.S.-Russian relations, placing the onus on Moscow to show itself if it wants closer cooperation with Washington. http://surreyweddingvideo.co.uk http://fine-scale.org http://wtrawiepiszczy.com.pl http://harwich-ahoy.co.uk http://luxuryartcinema.pl http://yaymicro.pl
wieliczko.eu (March 30, 2020 10:52)
http://wieliczko.eu/ A large benefit of doing it by doing this is that the books are much thinner/ much less cumbersome than albums.
coin master free spins (March 30, 2020 12:13)
Keep this going please, great job!
nieruchomości Opole najem automobiliai is Jav (March 30, 2020 23:23)
Mieszkanie profesjonalnie zaprojektowane na e...
coin master hack tool v1.9 download free pc (March 31, 2020 20:09)
Hi there to every body, it's my first visit of this blog; this webpage consists of amazing and really good material in favor of visitors.
https://slimex365.com/behavioral1969429 (April 01, 2020 14:18)
http://xsle.net/behavioral1316822 FindJobHelper https://Ecuadortenisclub.com/behavioral1847701 http://slnk.info/3n0p6 FindJobHelper http://freeurlredirect.com/behavioral1200509 http://slnk.info/3n0p6 FindJobHelper https://1borsa.com/behavioral1832946 https://jtbtigers.com/behavioral122 FindJobHelper https://slimex365.com/behavioral1969429 https://ecuadortenisclub.com/behavioral1847701 FindJobHelper https://1borsa.com/behavioral1832946
cbd oil (April 01, 2020 20:52)
Good way of explaining, and good post to get facts concerning my presentation subject matter, which i am going to deliver in university.
https://Bogazicitente.com/ (April 04, 2020 16:52)
http://qr.garagebrewers.com/r.php?c=vmWx FindJobHelper https://1borsa.com/1zmj1 https://1borsa.com/1zmj1 FindJobHelper https://Jtbtigers.com/1zjf1 http://s.qurdo.com/2388r FindJobHelper http://S.Qurdo.com/2388r https://1Borsa.com/1zmj1 FindJobHelper http://slnk.info/68fn8 https://frama.link/QnP0kuuK FindJobHelper https://bogazicitente.com/1zq5j
abweb.com.pl (April 04, 2020 23:16)
http://iclear.pl http://burofluo.com http://lubsacro.pl http://absenting.com.pl http://powloki.com.pl http://xannsem.com http://study-abroad.pl http://cycnesa.org http://buzzhouse.pl http://smarter-links.com http://za10froszy.pl http://eltying.com.pl http://jokris.pl http://gosciniecmurckowski.pl http://likeplus.waw.pl Having every one of the information you possibly can before you decide needs to obtain you to have a high quality result.
swiatpoznaj.com.pl (April 04, 2020 23:56)
http://albanese-dev.com http://3dwnetrza.pl http://etc-sa.com http://infozrodlo.com.pl http://mna-sf.org http://filaria.org http://wingate.biz http://jokris.pl http://orally.info http://mastermedia.info.pl http://meblenaogrod.com.pl http://dinusiek.pl
xsle.net (April 05, 2020 9:33)
https://bogazicitente.com/1zq5j FindJobHelper http://xsle.net/22tww https://onlineuniversalwork.com/22pyn FindJobHelper https://huit.re/MTXk1tuR http://qr.garagebrewers.com/r.php?c=vmWx FindJobHelper https://Huit.re/MTXk1tuR https://ecuadortenisclub.com/1zmix FindJobHelper https://slimex365.com/21va8 https://solarpanelcalifornia.wordpress.com/ FindJobHelper http://Xsle.net/22tww
jtbtigers.com (April 05, 2020 15:14)
http://freeurlredirect.com/2470g Tarot card reading https://huit.re/RqZvohgQ http://freeurlredirect.com/2470g tarot reading http://S.qurdo.com/23g0r http://xsle.net/2313c tarot card meanings https://1Borsa.com/1zu0f https://1borsa.com/1zu0f tarot https://ericsundwall.com http://s.qurdo.com/23g0r best tarot https://slimex365.com/222q3
coin master (April 14, 2020 4:59)
Just want to say your article is as astonishing. The clarity on your put up is simply great and that i could suppose you are a professional on this subject. Well along with your permission let me to grasp your feed to stay up to date with coming near near post. Thanks one million and please keep up the rewarding work.
maseczki do Twarzy ochronne (April 16, 2020 1:40)
Do you have a spam issue on this site; I also am a blogger, and I was wanting to know your situation; many of us have developed some nice practices and we are looking to swap techniques with other folks, be sure to shoot me an email if interested.
buy dedicated proxy (April 16, 2020 21:08)
Hi there, I read your new stuff like every week. Your story-telling style is awesome, keep doing what you're doing!
Operatorzy internetu (April 16, 2020 22:05)
hello!,I love your writing very so much! proportion we keep in touch more about your article on AOL? I require a specialist on this area to solve my problem. Maybe that's you! Taking a look forward to look you.
buy premium proxy list (April 17, 2020 0:22)
Hi there, I desire to subscribe for this web site to take newest updates, therefore where can i do it please help out.
najlepsze programy partnerskie (April 17, 2020 21:40)
you are in point of fact a just right webmaster. The web site loading velocity is incredible. It kind of feels that you're doing any unique trick. In addition, The contents are masterwork. you've performed a wonderful job on this matter!
program partnerski kosmetyki (April 18, 2020 0:00)
It's remarkable in support of me to have a web site, which is beneficial in support of my knowledge. thanks admin
programy Partnerskie zarabianie (April 18, 2020 1:47)
This is very interesting, You are a very skilled blogger. I've joined your rss feed and look forward to seeking more of your fantastic post. Also, I have shared your website in my social networks!
Najlepszy Program Partnerski (April 18, 2020 7:41)
I was very pleased to uncover this page. I want to to thank you for your time for this fantastic read!! I definitely appreciated every little bit of it and I have you bookmarked to see new information in your blog.
najlepszy program partnerski (April 18, 2020 8:14)
What's up mates, fastidious paragraph and nice arguments commented here, I am truly enjoying by these.
bezprzewodowy internet bez limitu transferu danych (April 18, 2020 23:51)
What's Going down i am new to this, I stumbled upon this I have discovered It absolutely helpful and it has helped me out loads. I hope to give a contribution & aid different users like its helped me. Good job.
top affiliate programs (April 20, 2020 17:13)
Appreciate this post. Let me try it out.
affiliate programs (April 20, 2020 19:20)
It's not my first time to visit this web page, i am visiting this website dailly and take nice facts from here everyday.
Bogazicitente.com (April 21, 2020 15:32)
https://thegamingnewss.wordpress.com Tarot card reading https://1borsa.com/23rnl https://onlineuniversalwork.com/26vtt tarot reading http://s.qurdo.com/280tb https://Ecuadortenisclub.com/23td7 tarot card meanings https://jtbtigers.com/23pa7 http://slnk.info/zo4eh tarot http://slnk.info/zo4eh https://ecuadortenisclub.com/23td7 best tarot http://s.qurdo.com/280tb
freeurlredirect.com (April 22, 2020 10:13)
https://Darknesstr.com/242m7 Tarot card reading http://slnk.info/db57w https://bogazicitente.com/23wmm tarot reading https://darknesstr.com/242lx https://bogazicitente.com/23wmq tarot card meanings https://onlineuniversalwork.com/26vtt https://jtbtigers.com/23p9z tarot https://bogazicitente.com/23wmx http://s.qurdo.com/280tr best tarot https://thegamingnewss.wordpress.com

Comments are closed.

About us

I work as a technical lead in the field of software engineering and development, with expertise in financial services, healthcare and manufacturing. More details here.

Get in Touch

Pages

© 2020 - Mark Downie, All Rights Reserved.

Powered by Dasblog-Core commit 707617