Partially disassemble .net executable
I need to write a relatively small program to parse .net executables and generate a call list to external methods. For example, if inside a file is called System.Console.WriteLine
, the tool should print what System.Console.WriteLine
is called somewhere. I cannot (brain and time limited) and do not need (all I need is a call list) to implement a real disassembly. I want to grep friendly friendly relatively short solution that records the names of the calling function and the offset where the call originated.
Things I've already tried:
-
Download specifications from MSDN. Now I know that a static call translates to
0x28
bytecode. :) It is followed by a method descriptor, but understanding what a method descriptor means would probably require reading the entire spec. -
Opening a simple exe in Reflector. Reflector has faithfully reproduced the code of my original application, but I cannot see the bytecode for the calls.
Is it possible to implement the required limited functionality with limited time and knowledge?
If so, what do I know to implement it? Is there a "CIL assembly for dummies" statement?
source to share
If you want something grep / perl-friendly, use ildasm (in command line mode, i.e. with / out or / text) to parse the bytecode into textual IL. Then you can use grep, perl, or the language of your choice to find the calling instructions. (grep probably wouldn't have been enough to figure out which methods the calling instructions indicated, but perl should be able to.)
source to share
The Common Compiler framework can also help you: http://ccimetadata.codeplex.com/ .
I would prefer itowlson's second suggestion to just parse the assembly into an .il file and parse it with grep if that's what you're looking for. Since ILDasm will display complete namespaces for all types that you have to eliminate, it is fairly quick to determine if this is your type or a reference type.
source to share