24

Since these IL codes what I see more, I like to learn how to interpret them correctly.

I couldn't find a documentation like C# Compiler or any other so I think I can pretty much take care of the rest after I learn this common ones:

Below are some sample IL codes containing what I need to know :

Sample 1:

.method private hidebysig static void  Main(string[] args) cil managed
{
  .entrypoint
  // Code size       15 (0xf)
  .maxstack  1
  .locals init ([0] class EnumReflection.DerivedClass derivedClass)
  IL_0000:  nop
  IL_0001:  newobj     instance void EnumReflection.DerivedClass::.ctor()
  IL_0006:  stloc.0
  IL_0007:  ldloc.0
  IL_0008:  callvirt   instance void EnumReflection.DerivedClass::WriteOutput()
  IL_000d:  nop
  IL_000e:  ret
} // end of method Program::Main

Sample 2:

.method public hidebysig specialname rtspecialname 
        instance void  .ctor() cil managed
{
  // Code size       38 (0x26)
  .maxstack  8
  IL_0000:  ldarg.0
  IL_0001:  ldstr      "Hello"
  IL_0006:  stfld      string EnumReflection.DerivedClass::hello
  IL_000b:  ldarg.0
  IL_000c:  ldstr      "World"
  IL_0011:  stfld      string EnumReflection.DerivedClass::world
  IL_0016:  ldarg.0
  IL_0017:  ldc.i4.s   123
  IL_0019:  stfld      int32 EnumReflection.DerivedClass::age
  IL_001e:  ldarg.0
  IL_001f:  call       instance void EnumReflection.BaseClass::.ctor()
  IL_0024:  nop
  IL_0025:  ret
} // end of method DerivedClass::.ctor

I know what these codes do since I produced them :-) however I'd like to learn more about corresponding IL code.

These samples contain IL codes like, and could you please explain command with question marks? and also what do those command stand for? So we can memorize them easily.

  • nop (for debugging - no operation)
  • newobj (it seems it is creating new object in heap)
  • stloc.0 ?
  • ldloc.0 ?
  • ret ?
  • ldarg.0 ?
  • ldstr ?
  • stfld ?
  • ldc.i4.s ?
  • .ctor - constructor

Understanding IL is important as it exposes how particular compiler produces codes and act in specific cases.

However, I couldn't find a nice docs which contain examples as well about IL. CLR with C# 3.0 is a good book however eventually it isn't a IL book so it doesn't explain everything about IL.

EDIT:

I've found the specs and they tell these: Thanks to @usr.

  • nop (for debugging - no operation)
  • newobj - create a new object
  • stloc.0 - pop value from stack to local variable
  • ldloc.0 ? - load local variable onto the stack
  • ret - return from method
  • ldarg.0 - Load argument 0 onto the stack.
  • ldstr - load a literal string
  • stfld - store into a field of an object
  • ldc.i4.s - Push num onto the stack as int32 , short form.
  • .ctor - constructor
Tarik
  • 79,711
  • 83
  • 236
  • 349
  • 2
    Download ILSpy and switch it to show decompiled IL code. You can click all the opcodes and ILSpy will lead you to Microsoft documentation. – mslot Oct 24 '13 at 20:30
  • +1 @mslot, thanks for the comment about IL code in ILSpy, I have used ILSpy a bit but have not used IL part. it's very helpful to click the opcode and read the docs about it. – yantaq Jun 03 '15 at 23:39

4 Answers4

13

There are a few books that do cover IL:

Also some books on reverse engineering have sections on IL.

See also:

Community
  • 1
  • 1
Richard Anthony Hein
  • 10,550
  • 3
  • 42
  • 62
10

Microsoft standardized the CLR and published those standards. Partition III contains a wealth of information about IL/CIL and is suitable for learning. It is an excellent document.

You can also learn IL by example. Compile a few simple methods in C# and look at the IL in reflector (it has an IL-mode).

usr
  • 168,620
  • 35
  • 240
  • 369
  • That's what I did however I would love to what these commands stand for too. – Tarik Apr 21 '12 at 15:28
  • Yes, I recommend you look into the spec then. Partition III actually looks pretty good and understandable. – usr Apr 21 '12 at 15:29
  • I've found what I'm looking for actually in the specs here in this pdf file: http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf – Tarik Apr 21 '12 at 15:41
  • The ECMA-335's link is: https://www.ecma-international.org/publications/files/ECMA-ST/ECMA-335.pdf – SUN Jiangong Aug 02 '18 at 22:15
9
  • nop - no-op
  • newobj - create an object and call its constructor.
  • stloc.0 - Pop a value from the stack, and store it in the first local variable
  • ldloc.0 - Push the first local variable onto the stack
  • ret - return
  • ldarg.0 - Push the first argument (this in instance methods) onto the stack
  • ldstr - Push a string onto the stack
  • stfld - set the field, using data on the stack.
  • ldc.i4.s - Push the specified number as an int.
  • .ctor - constructor

I recommend that you find a good source of documentation on these opcodes (Wikipedia may be the best, though :( ). The documentation for System.Reflection.Emit has fairly detailed documentation for opcodes.

And above all, build small programs and examine the IL output. That is the best way to learn.

Kendall Frey
  • 43,130
  • 20
  • 110
  • 148
8

If you want a brief synopsis of each opcode, you could do worse than inspecting the System.Reflection.Emit namespace.

For instance, there is an OpCodes class that has a static field for each opcode. Each one of these is then described in further detail, in terms of its stack behaviour. E.g. Ldarg_0:

The ldarg.0 instruction pushes the argument indexed at 0 onto the evaluation stack. The ldarg.0 instruction can be used to load a value type or a primitive value onto the stack by copying it from an incoming argument.

Damien_The_Unbeliever
  • 234,701
  • 27
  • 340
  • 448