Tag Archives: reverse

Fun with ILDASM and ILASM: tweaking the code of an existing library

Today I decided it was the appropriate time to upgrade my work PC from Windows 7 to Windows 8. I’m already using Windows 8 on my personal PC as well as on my //BUILD/ Slate. Re-installing an OS is never really exciting but this time I faced an interesting challenge… In this short blog post I share this story !

Check-list

The PC I’m using at work is a HP Elitebook8560P laptop. I had no doubt Windows8 would work like a charm on it, so I started by writing up the list of major tools I need:

  • VS2005 (yes, the 2005 version – that’s a long story… it’s for C++ work)
  • VS2010 + SP1
  • Office 2010
  • Office 2013

I also would like to install VS2012 but one of the .Net component I’m using in the large WPF app I’m currently working on has a bug with .Net 4.5. If I install VS2012 .Net4.5 will be installed to and prevent the execution of my app. This was at least the behavior I found out on Windows7 while taking a look at VS12.

The team in charge of the component (which are co-workers btw) are aware of the issue and already fixed it. We didn’t integrate their last version yet however.

Installation

This is the part you press and button, grab a cup of cofee and get back in front of the screen to press another button. Nothing really interesting here…

Fun-time

Ok, everything is installed. Time to check I can run my app. Arrrrg !!! Crash !!!

I took me a few seconds to figure out that Windows8 comes with .Net 4.5 pre-installed. Well, that’s a problem, at least for me. I reviewed the option I had:

  • go back to Windows 7 and reinstall everything again. I didn’t have the time for that.
  • remove .Net 4.5 from my laptop. This is actually not possible since .Net 4.5 comes with Windows8.
  • come at work very early monday morning and try to grab the new version of the buggy component. This is a very bad option since I’m in the middle of an important delivery…
Then I realize I knew exactly what was going wrong in the component that lead to the crash. What about disassembling the code to IL (Intermediate Language), recompile it and use this hacked DLL ? This is what I did, and it worked very well 😀

Why a crash ?

Just to share the context, the buggy component is a WPF control. It contains UI virtualization stuff. One of the method contains a “throw NotImplementedException”. This method is called when a particular Dispose() method is called. This method was NEVER called prior to .Net 4.5 hiding the problem. The new version of the .Net framework calls the Dispose method properly… and then throws the exception 🙂

Introducing ILDASM and its friend ILASM

ILDASM is the MSIL disassembler provider with Visual Studio. It comes with a very basic UI but you can also use it a command line and dump the content of a .Net binary to a file (containing the IL). So I fired up the VS2010 command prompt and typed:

ildasm.exe Company.BuggyComponent.dll /output Company.BuggyComponent.il

I then opened the file using a basic text editor, navigate to the method which contains this code:

.method public hidebysig newslot virtual final 
 instance void Clear() cil managed
{
 // Code size 6 (0x6)
 .maxstack 8
 IL_0000: newobj instance void [mscorlib]System.NotSupportedException::.ctor()
 IL_0005: throw
} // end of method VirtualizingCollectionSelector`1::Clear

I changed it to:

.method public hidebysig newslot virtual final
 instance void Clear() cil managed
{
 // Code size 1 (0x1)
 .maxstack 8
 IL_0000: ret
} // end of method VirtualizingCollectionSelector`1::Clear

Then I rebuilt a new DLL using ILASM. The tool is able to create an executable or an assembly from IL code in a text fix. So I simply typed:

ilasm Company.BuggyComponent.il /key=company.snk /output=CompanyBuggyComponent.dll

I dropped the newly created assembly in the bin directory, and boom, it’s working again. Of course this is a temporary solution but I had fun coming to it 🙂

PS: the 3 screens running Windows8 at home: personal workstation, slate and work laptop