Truly no way to "generate" C# from byte[] containing IL with method body?

719 views Asked by At

I`ve being playing around with reversing of some obfuscated code out there and I have stumbled upon one tricky DLL that had a "method body" (IL code) in a byte[] array and was later on invoking it with dynamic invoke. Is analyzing MSIL the only way here? How do you handle those?

I`ve spent hours researching online for tooling that would allow me to generate C# code (at least some basics) from IL in byte array. Is there truly none?

ldarg.0
ldarg.1     
add

Would be great if something existed out there, that could with some basic MSIL like above would generate a + b.

1

There are 1 answers

3
OzrenTkalcecKrznaric On

MZ64, hello and welcome to SO!

Unfortunately what you're asking is a decompiler service/API/tool and that is simply not built into .NET framework. You may want to check various third party solution for this.

Back in the days, .NET Reflector was #1 tool used for that. Today there are various tools, notably dotPeek - and Reflector should still be around. You will have to pay some money for most of them, but you may find a good free tool (I tried and failed).

However, if you want to take the IL code as plain text and just try to run it, then you should use built-in ILGenerator.Emit(). Easiest way I can think of should be to map your plain text to OpCode/variables, and emit your IL line by line. I don't know if it helps but in theory it should be possible.

Look here for an example:

https://learn.microsoft.com/en-us/dotnet/framework/reflection-and-codedom/how-to-define-and-execute-dynamic-methods