Partially disassembling .net executable

Question

I need to write a relatively small program to parse .net executables and generate the list of calls to external methods. For example if System.Console.WriteLine is called inside the file the tool should print that System.Console.WriteLine is called somewhere. I cannot (limited brain and time) and need not (all I need is a list of calls) implement a real disassembly. I want a grep friendly perl friendly relatively short solution that writes the names of the functions called and the offset where the call happened.

Things I already tried:

1. Downloading specs from MSDN. Now I know that static call is translated to 0x28 in bytecode. :) It is followed by method descriptor but understanding what method descriptor means will probably require reading the entire spec.

2. Opening simple exe in Reflector. Reflector precisely reproduced the code of my original application yet I can not see the bytecode for the calls.

Is it possible to implement the desired limited functionality with limited time and knowledge?

If so what do I know to implement it? Is there any "CIL assembly for dummies" guide?

Answer 1

The Common Compiler Infrastructure might help you too: http://ccimetadata.codeplex.com/.

I would second itowlson's suggestion to just disassemble the assembly into an .il file and parse it using grep if that is what you are looking for. Since ILDasm will show full namespaces for all types you should beable to figure it out rather quickly if it is your type or a referenced type.

Answer 2

If you want something grep/perl-friendly, use ildasm (in its command line mode i.e. with /out or /text) to disassemble the byte code to textual IL. You can then use grep, perl or the language of your choice to locate call instructions. (grep probably wouldn't suffice to identify which methods the call instructions were located in, but perl should be able to.)

Answer 3

The Cecil project is a library to do exactly what you want.