由浅至深,谈谈.NET混淆原理 （一） [转]

前段时间特别忙，没有时间更新自己的博客，也感到非常过意不去。可是我工作中的经历也许不是大家更感兴趣的话题，再加上framesniper兄把我拉进了 Inside IL and CLR 团队.method public hidebysig instance int32 Level3(int32 a) cil managed

// .method 是说这个区域 是方法 区域指的是 ｛｝ 中的内容

// public hidebysig instance 是此方法的属性

// int32 是这个方法的反回值，如果是VB.NET中的 sub 在这里翻译出来返回值为 void

// Level3 是方法名称，与原代码一至

// int32 a 是进入的参数，与原代码一至

// cil managed 是托管方法

// 由于net的一大特性就是MetaData，而它带上了许多的程序信息，所以基本上，il与C#很相以。还是一句老话嘛，凡事有利必有弊。

这样，根据上面

下面是以上四个指令的官方说明：

ldarg.<length> - load argument onto the stack

Format	Assembly Format	Description
FE 09 <unsigned int16>	ldarg num	Load argument numbered num onto stack.
0E <unsigned int8>	ldarg.s num	Load argument numbered num onto stack, short form.
02	ldarg.0	Load argument 0 onto stack
03	ldarg.1	Load argument 1 onto stack
04	ldarg.2	Load argument 2 onto stack
05	ldarg.3	Load argument 3 onto stack

Stack Transition:

… à …, value

Description:

The ldarg num instruction pushes the num’th incoming argument, where arguments are numbered 0 onwards (see Partition I_alink_partitionI) onto the evaluation stack. The ldarg instruction can be used to load a value type or a built-in value onto the stack by copying it from an incoming argument. The type of the value is the same as the type of the argument, as specified by the current method’s signature.

The ldarg.0, ldarg.1, ldarg.2, and ldarg.3 instructions are efficient encodings for loading any of the first 4 arguments. The ldarg.s instruction is an efficient encoding for loading argument numbers 4 through 255.

For procedures that take a variable-length argument list, the ldarg instructions can be used only for the initial fixed arguments, not those in the variable part of the signature. (See the arglist instruction)

Arguments that hold an integer value smaller than 4 bytes long are expanded to type int32 when they are loaded onto the stack. Floating-point values are expanded to their native size (type F).

Exceptions:

None.

Verifiability:

Correct CIL guarantees that num is a valid argument index. See Section 1.5_1.5_OperandTypeTable for more details on how verification determines the type of the value loaded onto the stack.

starg.<length> - store a value in an argument slot

Format	Assembly Format	Description
FE 0B <unsigned int16>	starg num	Store a value to the argument numbered num
10 <unsigned int8>	starg.s num	Store a value to the argument numbered num, short form

Stack Transition:

… value à …,

Description:

The starg num instruction pops a value from the stack and places it in argument slot num (see Partition I_alink_partitionI). The type of the value must match the type of the argument, as specified in the current method’s signature. The starg.s instruction provides an efficient encoding for use with the first 256 arguments.

For procedures that take a variable argument list, the starg instructions can be used only for the initial fixed arguments, not those in the variable part of the signature.

Storing into arguments that hold an integer value smaller than 4 bytes long truncates the value as it moves from the stack to the argument. Floating-point values are rounded from their native size (type F) to the size associated with the argument.

Exceptions:

None.

Verifiability:

Correct CIL requires that num is a valid argument slot.

Verification also checks that the verification type of value matches the type of the argument, as specified in the current method’s signature (verification types are less detailed than CLI types).

ldloc - load local variable onto the stack

Format	Assembly Format	Description
FE 0C<unsigned int16>	ldloc indx	Load local variable of index indx onto stack.
11 <unsigned int8>	ldloc.s indx	Load local variable of index indx onto stack, short form.
06	ldloc.0	Load local variable 0 onto stack.
07	ldloc.1	Load local variable 1 onto stack.
08	ldloc.2	Load local variable 2 onto stack.
09	ldloc.3	Load local variable 3 onto stack.

Stack Transition:

… à …, value

Description:

The ldloc indx instruction pushes the contents of the local variable number indx onto the evaluation stack, where local variables are numbered 0 onwards. Local variables are initialized to 0 before entering the method only if the initialize flag on the method is true (see Partition I_alink_partitionI). The ldloc.0, ldloc.1, ldloc.2, and ldloc.3 instructions provide an efficient encoding for accessing the first four local variables. The ldloc.s instruction provides an efficient encoding for accessing local variables 4 through 255.

The type of the value is the same as the type of the local variable, which is specified in the method header. See Partition I_alink_partitionI.

Local variables that are smaller than 4 bytes long are expanded to type int32 when they are loaded onto the stack. Floating-point values are expanded to their native size (type F).

Exceptions:

VerificationException is thrown if the the “zero initialize” bit for this method has not been set, and the assembly containing this method has not been granted SecurityPermission.SkipVerification (and the CIL does not perform automatic definite-assignment analysis)

Verifiability:

Correct CIL ensures that indx is a valid local index. See Section 1.5_1.5_OperandTypeTable for more details on how verification determines the type of a local variable. For the ldloca indx instruction, indx must lie in the range 0 to 65534 inclusive (specifically, 65535 is not valid)

Rationale: The reason for excluding 65535 is pragmatic: likely implementations will use a 2-byte integer to track both a local’s index, as well as the total number of locals for a given method. If an index of 65535 had been made legal, it would require a wider integer to track the number of locals in such a method.

Also, for verifiable code, this instruction must guarantee that it is not loading an uninitialized value – whether that initialization is done explicitly by having set the “zero initialize” bit for the method, or by previous instructions (where the CLI performs definite-assignment analysis)

stloc - pop value from stack to local variable

Format	Assembly Format	Description
FE 0E <unsigned int16>	stloc indx	Pop value from stack into local variable indx.
13 <unsigned int8>	stloc.s indx	Pop value from stack into local variable indx, short form.
0A	stloc.0	Pop value from stack into local variable 0.
0B	stloc.1	Pop value from stack into local variable 1.
0C	stloc.2	Pop value from stack into local variable 2.
0D	stloc.3	Pop value from stack into local variable 3.

Stack Transition:

…, value à …

Description:

The stloc indx instruction pops the top value off the evalution stack and moves it into local variable number indx (see Partition I_alink_partitionI), where local variables are numbered 0 onwards. The type of value must match the type of the local variable as specified in the current method’s locals signature. The stloc.0, stloc.1, stloc.2, and stloc.3 instructions provide an efficient encoding for the first four local variables; the stloc.s instruction provides an efficient encoding for local variables 4 through 255.

Storing into locals that hold an integer value smaller than 4 bytes long truncates the value as it moves from the stack to the local variable. Floating-point values are rounded from their native size (type F) to the size associated with the argument.

Exceptions:

None.

Verifiability:

Correct CIL requires that indx is a valid local index. For the stloc indx instruction, indx must lie in the range 0 to 65534 inclusive (specifically, 65535 is not valid)

Rationale: The reason for excluding 65535 is pragmatic: likely implementations will use a 2-byte integer to track both a local’s index, as well as the total number of locals for a given method. If an index of 65535 had been made legal, it would require a wider integer to track the number of locals in such a method.

Verification also checks that the verification type of value matches the type of the local, as specified in the current method’s locals signature.

所有的官方文档皆在：D:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Tool Developers Guide\docs。有兴趣的朋友可以阅读一番。

1 public int Level3(int a)

2

3