刚刚接触.net的逆向学习,Reflector无法逆向出流程混淆的程序,IL汇编看了半天也没看懂,求教有没有IL的中文资料以及实例讲解啊?
比如下面这段程序,翻译成C#应该怎么翻译呢?
希望各位大大给与指点,把IL指令和对应的C#语句写出来,我这样的新手就能更快上手IL汇编手工逆向了!!!
再次感谢各位大大!!
.method private hidebysig instance void
WriteRecords() cil managed
{
// 代码大小 521 (0x209)
.maxstack 6
.locals init (int32 V_0,
int32 V_1,
class [mscorlib]System.Collections.ArrayList V_2,
class [mscorlib]System.Collections.ArrayList V_3,
int32 V_4,
class ebexcel.ExcelWorksheet V_5,
class ebexcel.AbsXLSRecords V_6,
class ebexcel.LimitEventArgs V_7,
class ebexcel.ExcelWorksheet V_8,
class ebexcel.AbsXLSRecords V_9,
class ebexcel.AbsXLSRecords V_10,
class ebexcel.AbsXLSRec V_11,
class [mscorlib]System.Collections.IEnumerator V_12,
class [mscorlib]System.Collections.IEnumerator V_13,
class [mscorlib]System.IDisposable V_14)
IL_0000: ldarg.0
IL_0001: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_0006: callvirt instance class ebexcel.ExcelWorksheetCollection ebexcel.ExcelFile::get_Worksheets()
IL_000b: callvirt instance int32 ebexcel.ExcelWorksheetCollection::get_Count()
IL_0010: stloc.0
IL_0011: ldc.i4.0
IL_0012: stloc.1
IL_0013: newobj instance void [mscorlib]System.Collections.ArrayList::.ctor()
IL_0018: br IL_0119
IL_001d: ldloc.0
IL_001e: ldc.i4.1
IL_001f: call instance class ebexcel.ExcelWorksheet ebexcel.XLSFileWriter::CreateWarningWorksheet(int32,
int32,
bool)
IL_0024: stloc.s V_8
IL_0026: br.s IL_004b
IL_0028: ldloc.1
IL_0029: br.s IL_007e
IL_002b: ldarg.0
IL_002c: ldloc.1
IL_002d: ldloc.0
IL_002e: ldc.i4.0
IL_002f: call instance class ebexcel.ExcelWorksheet ebexcel.XLSFileWriter::CreateWarningWorksheet(int32,
int32,
bool)
IL_0034: stloc.s V_8
IL_0036: br.s IL_004b
IL_0038: ldloc.s V_8
IL_003a: ldloca.s V_1
IL_003c: call instance void ebexcel.XLSFileWriter::WriteWorksheetRecords(class ebexcel.AbsXLSRecords,
class ebexcel.ExcelWorksheet,
int32&)
IL_0041: ldloc.2
IL_0042: ldloc.s V_9
IL_0044: callvirt instance int32 [mscorlib]System.Collections.ArrayList::Add(object)
IL_0049: br.s IL_005b
IL_004b: ldloc.s V_8
IL_004d: brfalse.s IL_006a
IL_004f: newobj instance void ebexcel.AbsXLSRecords::.ctor()
IL_0054: stloc.s V_9
IL_0056: ldarg.0
IL_0057: ldloc.s V_9
IL_0059: br.s IL_0038
IL_005b: pop
IL_005c: ldloc.3
IL_005d: ldloc.s V_8
IL_005f: callvirt instance string ebexcel.ExcelWorksheet::get_Name()
IL_0064: callvirt instance int32 [mscorlib]System.Collections.ArrayList::Add(object)
IL_0069: pop
IL_006a: ldarg.0
IL_006b: br.s IL_007c
IL_006d: ldc.i4.4
IL_006e: mul
IL_006f: ldc.i4.5
IL_0070: div
IL_0071: ble.s IL_004b
IL_0073: ldarg.0
IL_0074: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_0079: ldarg.0
IL_007a: br.s IL_0097
IL_007c: br.s IL_00b5
IL_007e: ldarg.0
IL_007f: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_0084: ldfld int32 ebexcel.ExcelFile::HashFactorA
IL_0089: ldarg.0
IL_008a: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_008f: ldfld int32 ebexcel.ExcelFile::HashFactorB
IL_0094: sub
IL_0095: br.s IL_006d
IL_0097: ldfld string ebexcel.XLSFileWriter::diagnosticsFileName
IL_009c: ldc.i4.2
IL_009d: ldloc.1
IL_009e: ldloc.0
IL_009f: ldc.i4.1
IL_00a0: callvirt instance class ebexcel.LimitEventArgs ebexcel.ExcelFile::OnLimitNear(string,
valuetype ebexcel.IoOperation,
int32,
int32,
bool)
IL_00a5: stloc.s V_7
IL_00a7: ldloc.s V_7
IL_00a9: callvirt instance bool ebexcel.LimitEventArgs::get_WriteWarningWorksheet()
IL_00ae: brfalse.s IL_004b
IL_00b0: br IL_002b
IL_00b5: ldarg.0
IL_00b6: ldfld class ebexcel.AbsXLSRecords ebexcel.XLSFileWriter::records
IL_00bb: ldloc.2
IL_00bc: ldloc.3
IL_00bd: call instance void ebexcel.XLSFileWriter::WriteGlobalRecords(class ebexcel.AbsXLSRecords,
class [mscorlib]System.Collections.ArrayList,
class [mscorlib]System.Collections.ArrayList)
IL_00c2: ldloc.2
IL_00c3: br.s IL_0112
IL_00c5: callvirt instance string ebexcel.ExcelWorksheet::get_Name()
IL_00ca: callvirt instance int32 [mscorlib]System.Collections.ArrayList::Add(object)
IL_00cf: pop
IL_00d0: ldloc.s V_4
IL_00d2: ldc.i4.1
IL_00d3: add
IL_00d4: stloc.s V_4
IL_00d6: ldloc.s V_4
IL_00d8: br.s IL_00f3
IL_00da: ldarg.0
IL_00db: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_00e0: ldfld int32 ebexcel.ExcelFile::HashFactorA
IL_00e5: ldarg.0
IL_00e6: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_00eb: ldfld int32 ebexcel.ExcelFile::HashFactorB
IL_00f0: sub
IL_00f1: br.s IL_00ff
IL_00f3: ldloc.0
IL_00f4: blt.s IL_0141
IL_00f6: ldnull
IL_00f7: stloc.s V_7
IL_00f9: ldnull
IL_00fa: stloc.s V_8
IL_00fc: ldloc.1
IL_00fd: br.s IL_00da
IL_00ff: ble IL_0028
IL_0104: ldarg.0
IL_0105: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_010a: ldarg.0
IL_010b: ldfld string ebexcel.XLSFileWriter::diagnosticsFileName
IL_0110: br.s IL_0166
IL_0112: callvirt instance class [mscorlib]System.Collections.IEnumerator [mscorlib]System.Collections.ArrayList::GetEnumerator()
IL_0117: br.s IL_0184
IL_0119: stloc.2
IL_011a: newobj instance void [mscorlib]System.Collections.ArrayList::.ctor()
IL_011f: stloc.3
IL_0120: br.s IL_0139
IL_0122: stloc.s V_5
IL_0124: newobj instance void ebexcel.AbsXLSRecords::.ctor()
IL_0129: stloc.s V_6
IL_012b: ldarg.0
IL_012c: ldloc.s V_6
IL_012e: ldloc.s V_5
IL_0130: ldloca.s V_1
IL_0132: call instance void ebexcel.XLSFileWriter::WriteWorksheetRecords(class ebexcel.AbsXLSRecords,
class ebexcel.ExcelWorksheet,
int32&)
IL_0137: br.s IL_0155
IL_0139: ldc.i4.0
IL_013a: stloc.s V_4
IL_013c: br IL_00d6
IL_0141: ldarg.0
IL_0142: ldfld class ebexcel.ExcelFile ebexcel.XLSFileWriter::excelFile
IL_0147: callvirt instance class ebexcel.ExcelWorksheetCollection ebexcel.ExcelFile::get_Worksheets()
IL_014c: ldloc.s V_4
IL_014e: callvirt instance class ebexcel.ExcelWorksheet ebexcel.ExcelWorksheetCollection::get_Item(int32)
IL_0153: br.s IL_0122
IL_0155: ldloc.2
IL_0156: ldloc.s V_6
IL_0158: callvirt instance int32 [mscorlib]System.Collections.ArrayList::Add(object)
IL_015d: pop
IL_015e: ldloc.3
IL_015f: ldloc.s V_5
IL_0161: br IL_00c5
IL_0166: ldc.i4.2
IL_0167: ldloc.1
IL_0168: ldloc.0
IL_0169: ldc.i4.1
IL_016a: callvirt instance class ebexcel.LimitEventArgs ebexcel.ExcelFile::OnLimitReached(string,
valuetype ebexcel.IoOperation,
int32,
int32,
bool)
IL_016f: stloc.s V_7
IL_0171: ldloc.s V_7
IL_0173: callvirt instance bool ebexcel.LimitEventArgs::get_WriteWarningWorksheet()
IL_0178: brfalse IL_004b
IL_017d: ldarg.0
IL_017e: ldloc.1
IL_017f: br IL_001d
IL_0184: stloc.s V_12
.try
{
IL_0186: br.s IL_01dd
IL_0188: ldloc.s V_12
IL_018a: callvirt instance object [mscorlib]System.Collections.IEnumerator::get_Current()
IL_018f: castclass ebexcel.AbsXLSRecords
IL_0194: stloc.s V_10
IL_0196: ldloc.s V_10
IL_0198: callvirt instance class [mscorlib]System.Collections.IEnumerator ebexcel.AbsXLSRecords::GetEnumerator()
IL_019d: stloc.s V_13
.try
{
IL_019f: br.s IL_01bd
IL_01a1: ldloc.s V_13
IL_01a3: callvirt instance object [mscorlib]System.Collections.IEnumerator::get_Current()
IL_01a8: castclass ebexcel.AbsXLSRec
IL_01ad: stloc.s V_11
IL_01af: ldarg.0
IL_01b0: ldfld class ebexcel.AbsXLSRecords ebexcel.XLSFileWriter::records
IL_01b5: ldloc.s V_11
IL_01b7: callvirt instance int32 ebexcel.AbsXLSRecords::Add(class ebexcel.AbsXLSRec)
IL_01bc: pop
IL_01bd: ldloc.s V_13
IL_01bf: callvirt instance bool [mscorlib]System.Collections.IEnumerator::MoveNext()
IL_01c4: brtrue.s IL_01a1
IL_01c6: leave.s IL_01dd
} // end .try
finally
{
IL_01c8: ldloc.s V_13
IL_01ca: isinst [mscorlib]System.IDisposable
IL_01cf: stloc.s V_14
IL_01d1: ldloc.s V_14
IL_01d3: brfalse.s IL_01dc
IL_01d5: ldloc.s V_14
IL_01d7: callvirt instance void [mscorlib]System.IDisposable::Dispose()
IL_01dc: endfinally
} // end handler
IL_01dd: ldloc.s V_12
IL_01df: callvirt instance bool [mscorlib]System.Collections.IEnumerator::MoveNext()
IL_01e4: brtrue.s IL_0188
IL_01e6: leave.s IL_01fd
} // end .try
finally
{
IL_01e8: ldloc.s V_12
IL_01ea: isinst [mscorlib]System.IDisposable
IL_01ef: stloc.s V_14
IL_01f1: ldloc.s V_14
IL_01f3: brfalse.s IL_01fc
IL_01f5: ldloc.s V_14
IL_01f7: callvirt instance void [mscorlib]System.IDisposable::Dispose()
IL_01fc: endfinally
} // end handler
IL_01fd: ldloc.s V_8
IL_01ff: brfalse.s IL_0208
IL_0201: ldloc.s V_8
IL_0203: callvirt instance void ebexcel.ExcelWorksheet::Delete()
IL_0208: ret
}
[课程]Linux pwn 探索篇!