Professional Documents
Culture Documents
What is .NET?
Topics of Discussion
Introduction to .NET
Assemblies
Microsofts implementation of .NET
.NET Hook (dotNetHook) tool
Introduction to .NET
Partition I Architecture
Partition II Metadata
Partition III CIL
Partition IV Library
Partition V Annexes
Class Library (XML specification)
4
Introduction to .NET
Execution Engine
Managed heap
Class Loader
External Assembly
JIT
Execution Engine
Machine Code
9
Assemblies
Manifest
Metadata
MSIL (or native) code
Resources
10
Manifest
Defines assembly
Strong name
Files in the assembly
Type references
Referenced assemblies
11
Metadata
#Strings
#Blob
#GUID
#US
#- or #~
In a predefined order
I.e., MethodDef, AssemblyRef, Constant
12
Metadata
Signature, Version, Flags
Stream count
Metadata Header
Data offset
Stream size
Stream Header 1
Name
Stream Header 2
Stream bodies
13
#~ and #- Stream
Version
Heap sizes
Tables Header
Valid tables
Sorted tables
Table row count
Valid Table 1
Valid Table 2
Table bodies
14
Offset to method
Implementation flags
Method flags
Method name
Signature
Parameters
15
Parameter name
Signature Blob
Flags
Parameter count
Return type
Parameter types
16
MSIL
Pseudo-assembly
MSIL
ldc.i4.s 9
call Print(Int32)
IL
Assembler
0x1f 0x09
0x28 0x06000006
Method token
Token
Table Number
Row Index
Upper 8 bits
Lower 24 bits
18
Call Stack
ClassType a;
ldc.i4.1
a.func(1, 2)
ldc.i4.2
call ClassType::func(Int32, Int32)
1
2
this pointer
Stack top
Left-to-right ordering
19
MSIL Samples
Ldloc
Ldarg
Ldelem
Ldlen
Ld*a
20
Brtrue <target>
Dup
Ldnull
21
%SystemRoot%\Microsoft.NET
%SystemRoot%\Assembly +
\GAC
\NativeImages*
22
System Libraries
23
.NET Application
EEStartup
ExecuteEXE
24
EEStartup
GCHeap.Initialize
ECall.Init
NDirect.Init
UMThunkInit.UMThunkInit
COMDelegate.Init
ExecutionManger.Init
COMNlsInfo.InitializeNLS
25
EEStartup (cont.)
Security::Start
SystemDomain.Init
Loads BCL
SystemDomain.NotifyProfilerStartup
SystemDomain.NotifyNewDomainLoads
SystemDomain.PublishAppDomainAndInfor
mDebugger (ICorPublish/ICorDebug)
26
SystemDomain.Init
LoadBaseSystemClasses
SystemDomain.CreatePreallocatedExceptions
27
LoadBaseSystemClasses
SystemDomain.LoadSystemAssembly
Loads mscorlib.dll
Binder::StartupMscorlib
Binder::FetchClass(OBJECT)
MethodTable::InitForFinalization
InitJITHelpers2
Binder::FetchClass(VALUE)
Binder::FetchClass(ARRAY)
28
LoadBaseSystemClasses
Binder.FetchType(OBJECT_ARRAY)
Binder.FetchClass(STRING)
Binder.FetchClass(ENUM)
Binder.FetchClass(ExceptionClass)
Binder.FetchClass(OutOfMemoryExceptionClass
)
Binder.FetchClass(StackOverflowExceptionClass
)
29
LoadBaseSystemClasses
Binder.FetchClass(ExecutionEngineException
Class)
Binder.FetchClass(DelegateClass)
Binder.FetchClass(MultiDelegateClass)
30
EEStartup
ExecuteEXE
31
ExecuteEXE
StrongNamesignatureVerification
PEFile::Create
In mscorsn.dll
Loads executable
ExecuteMainMethod
FushionBind.CreateFushionName
Assembly.ExecuteMainMethod
32
ExecuteMainMethod
Thread.EnterRestrictiedContext
PEFile::GetMDImport
SystemDomain.SetDefaultDomainAttributes
SystemDomain.InitializeDefaultDomain
BaseDomain.LoadAssembly
33
BaseDomain.LoadAssembly
BaseDomain.ApplySharePolicy
AssemblySecurityDescriptor.Init
Module.Create
BaseDomain.SetAssemblyManifestModule
AssemblySecurityDescriptor.AddDescriptorTo
DomainList
34
ExecuteEXE (review)
StrongNamesignatureVerification
PEFile::Create
In mscorsn.dll
Loads executable
ExecuteMainMethod
FushionBind.CreateFushionName
Assembly.ExecuteMainMethod
35
Assembly.ExecuteMainMethod
Assembly::GetEntryPoint
ClassLoader::ExecuteMainMethod
36
EEClass.FindMethod
ValidateMainMethod
CorCommandLine.GetArgvW
MethodDesc.Call
MethodDesc.IsRemotingIntercepted
MethodDesc.CallDescr calls
MethodDesc.CallDescrWorker
CallDescrWorker calls Main()
37
.NET Application
38
MethodDesc.DoPrestub
MethodDesc.GetSecurityFlags
MethodDesc.GetUnsafeAddrofCode
MethodDesc.GetILHeader
MethodDesc.GetRVA
COR_DECODE_METHOD
Security._CanSkipVerification
39
MethodDesc.DoPrestub
EEConfig.ShouldJitMethod
MakeJitWorker
JITFunction
GetPrejittedCode
40
JITFunction
ExecutionManager::GetJitForType
EEJitManager::LoadJIT
Loads mscorjit.dll (in LoadJIT)
Calls getJit in mscorjit (in LoadJIT)
CallCompileMethodWithSEHWrapper
Debugger.JitBeginning
CILJit.compileMethod
Debugger.JitComplete
41
CILJit.compileMethod
Calls jitNativeCode
jitNativeCode
Compiler.compInit
Compiler.compCompile
42
Compiler.compCompile
Compiler.eeGetMethodClass
Compiler.eeGetClassAttribs
emitter.emitBegCG
Compiler.eeGetMethodAttribs
Compiler.comptInitDebuggingInfo
Compiler.genGenerateCode
emitter.emitEndCG
43
Compiler.genGenerateCode
emitter.emitBegFN
Compiler.genCodeForBBlist
Compiler.genFnProlog
Compiler.genFnEpilog
emitter.emitEndCodeGen
Compiler.gcInfoBlocKHdrSave
emitter.emitEndFN
44
.NET Application
Show flowchart
45
.NET Hook
Offset to method
Implementation flags
Method flags
Method name
Signature
Parameters
47
48
Tiny Method
Header (flags and code size)
Method body (IL)
49
Fat Method
Inserted
51
Updated
Inserted
Updated
52
Hooked Assembly
.text section
Functions (IL)
Metadata
Import Address Table
Hooked Functions (IL)
References both
End of old
.text section
End of new
.text section
53