Managed Code .NET

Managed Code .NET

• 1.
  Managed Code In thecontext of .NET
• 2.
  What is aprogram? ● ● ● ● ● ● ● How to locate and parse them? ? Program.exe
• 3.
  Introducing PE ● ● ● ● ●
• 4.
  Introducing PE
• 5.
  Introducing PE
• 6.
  Introducing PE
• 7.
  Introducing PE
• 8.
  DEMOExploring PE fileformat with PPEE (puppy) PPEE Tool Website: https://www.mzrst.com/
• 9.
  Managed code loading ● ●
• 10.
  Managed code loading Program.exe mscoree.dll clr.dll Process 1.Read PE Headers 2. Examine headers to decide if it is managed code 3. Load mscoree.dll 4. Load correct version of CLR 5. CLR takes over the execution PE Headers mscoree.dll clr.dll
• 11.
  mscoree.dll and clr.dllare unmanaged
• 12.
  The manager, CLR TheCommon Language Runtime (CLR) is a complete, high level virtual machine designed to support a broad variety of programming languages and interoperation among them.” ● A Virtual Machine, analogous to Java Virtual Machine ● Supports many languages; C#, VB.NET, Visual C++, F# etc. ● Interoperation between the languages: CLS and CTS ● Extra features https://github.com/dotnet/coreclr/blob/master/Documentation/botr/intro-to-clr.md
• 13.
  CLR in thecontext of CLI ● CLR is part of a container of standards called Common Language Infrastructure ● Source code is compiled to CIL ● CLR takes CIL, compiles it to machine code at runtime using JIT ● CLR manages the execution of the code to provide extra features
• 14.
  The managed code,CIL Common Intermediate Language (CIL), formerly called Microsoft Intermediate Language (MSIL), is the lowest-level human-readable programming language defined by the Common Language Infrastructure (CLI) specification and is used by the .NET Framework, .NET Core, and Mono. Languages which target a CLI-compatible runtime environment compile to CIL, which is assembled into an object code that has a bytecode-style format. CIL is an object-oriented assembly language, and is entirely stack-based. Its bytecode is translated into native code or—most commonly—executed by a virtual machine.
• 15.
  DEMODisassembling CIL toC# using ILSPY https://github.com/icsharpcode/ILSpy
• 16.
  Advantages of managedcode ● ● ● ● ● ● ●
• 17.
  Compilation tools C# CIL 100101101010 101110101010 011100101101 100111010001 NativeCode C# compiler JIT compiler ILDASM
• 18.
  There is amistake, look closer C# CIL 100101101010 101110101010 011100101101 100111010001 Native Code C# compiler JIT compiler ILDASM
• 19.
  ILASM and ILDASM CIL HumanReadable Code CIL bytecode ILASM ILDASM
• 20.
  DEMODisassembling with ILDASM
• 21.
  Thanks