-
-
[原创] .net 方法头自动分析
-
发表于:
2012-6-25 13:35
5625
-
好久没写过c#代码了 今天研究.net 自己动手写了一个 方法头自动分析玩具
private void btnParse_Click(object sender, EventArgs e)
{
//获取数据 去掉非16进制字符
string methodHead = txtText.Text.Trim().ToUpper ();
StringBuilder sb = new StringBuilder();
foreach (char c in methodHead)
{
if (Char.IsNumber(c))
{
sb.Append(c);
}
else if(c>='A' && c<='F')
{
sb.Append(c);
}
}
methodHead = sb.ToString();
//转换成字节数组
byte[] nums = new byte[methodHead.Length /2];
for (int i = 0; i < nums.Length; i++)
{
nums[i] = Convert.ToByte(methodHead .Substring (i*2,2), 16);
}
//分析方法头数据
byte methodType = (byte)(nums[0] & 3);
if (methodType == 2)
{
// Tiny 头
int codeSize = nums[0] / 4;
//输出信息
sb.Clear();
sb.AppendFormat("{0}\r\n",txtText.Text);
sb.AppendFormat("Tiny Method \r\nCodeSize: {0}", codeSize);
txtText.Text = sb.ToString();
}
else if (methodType == 3)
{
// Fat 头
UInt16 flagAndSize = BitConverter.ToUInt16(nums, 0);
UInt16 flag = (ushort)(flagAndSize &0x0FFC);
flag /= 4;
int headSize = flagAndSize>>12;
bool bHasException = ((flag & 2) !=0);
bool bInitLocal = ((flag & 4) !=0);
int maxStack = BitConverter.ToUInt16(nums, 2);
int codeSize = BitConverter.ToInt32(nums, 4);
uint localVarSigTok = BitConverter.ToUInt32(nums, 8);
sb.Clear();
sb.AppendFormat("{0}\r\n", txtText.Text);
sb.AppendFormat("Fat Method \r\n"
+"头大小:{0}\r\n"
+"异常处理:{1}\r\n"
+"自动初始化局部变量为0:{2}\r\n"
+"栈深度:{3}\r\n"
+ "IL字节数:{4} Hex({4:X2})\r\n"
+"局部变量签名标记:{5:X8}\r\n",
headSize,bHasException ,bInitLocal ,maxStack ,codeSize ,localVarSigTok );
txtText.Text = sb.ToString();
}
}
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
