Hardcore CLR - The Black Art of Rewriting .NET Applications for Fun and Profit in IL and C#


This workshop is part of NDC Oslo 2017.

Using Mono.Cecil, PEVerify, and IL disassembler

What if I told you that there is a way that you could modify almost any compiled .NET application and bend it to your will? What would you do with that power? New .NET languages and new language paradigms might come and go, but the Common Language Runtime is forever. This two-day workshop will teach you how to read, modify, write, and extend your applications in C# using IL, the only language that the CLR understands.

By the end of this workshop, you'll know how to modify your .NET applications so that you can:

  • Read and understand IL, as well as have a better understanding of what code the Roslyn C# compiler creates when you compile your applications from C# to IL.
  • Replace, intercept, surround, and inject new classes into your applications at runtime.
  • Isolate, modify, and test legacy code all without changing your original source code.

When you harness the power of IL, you are no longer limited by the constraints of your compiler. You become the compiler.

Join me, and I'll show you just how deep this rabbit hole goes.

Day 1: Reverse Engineering

  • A simple demonstration
  • Understanding the Tools of the Trade
    • IL Disassembler / IL Spy
    • Mono.Cecil
    • The System.Reflection.* namespace
    • C#
  • Deep Dive into IL and the CLR
    • The 'quick and dirty' way to learn IL from scratch
    • Introducing the Evaluation Stack
    • Value types, reference types, and strong typing
    • The heap versus the stack
    • Decompiling "Hello, World!"
    • Converting a C# method into IL
    • Conditional and unconditional branching
    • Side-by-side C# vs IL comparisons of the common conditional and loop blocks
    • Understanding methods and method calls in IL
    • Static versus instance methods

Day 2: Round Tripping

  • Modifying .NET Assemblies with Cecil
    • Balancing the Evaluation Stack
    • Boxing and unboxing types
    • Bypassing strongly-named assemblies
    • Unsealing sealed types
    • Replacing method calls
  • Common Techniques for Runtime Code Modification
    • Dynamic Proxies
    • Method Call Redirection
    • Interface Injection
  • How PEVerify can be your best friend and worst enemy
    • Common PEVerify errors and how to handle them
    • Handling imbalanced stacks
    • Fixing evaluation stack over/underflows
    • Using Console.WriteLine to triangulate common errors
  • Putting it all together with examples
    • Defeating the licensing restrictions of ACME Fictitious Evil Corp's assembly

Level: Intermediate to Expert.

Expected Audience

The expected audience includes developers who have a deep understanding of the C# language and want to take their language skills even further by understanding the code that is emitted by the C# compiler. Prior knowledge of IL assembler/disassembler is highly recommended, but completely optional.

Computer Setup

Attendees will need to bring a computer with Visual Studio 2015, Update 1 installed. https://www.visualstudio.com/en-us/downloads/download-visual-studio-vs.aspx


09:00 - 17:00