-1

I have disassembled some code, using telerik JD, and I notice that some labels are omitted, and portion of the code is useless.

IL:

    .method assembly hidebysig instance void xxx (
        int32 p_intPer
    ) cil managed noinlining 
{
    IL_0000: br.s IL_000a

    IL_0002: call

    IL_0007: ldnull
    IL_0008: ldind.ref
    IL_0009: pop

    IL_000a: ldc.i4.0
    IL_000b: brtrue.s IL_0007
    .try
    {
        IL_000d: ldarg.0
        IL_000e: ldfld class [Reader]aaa bbb::getP 
        IL_0013: brfalse IL_0024

        IL_0018: ldarg.0
        IL_0019: ldfld class [Reader]aaa bbb::getP 
        IL_001e: ldarg.1
        IL_001f: callvirt instance void [Reader]aaa::Invoke(int32)

        IL_0024: leave IL_002f
    }
    catch [mscorlib]System.Object
    {
        IL_0029: pop
        IL_002a: leave IL_002f
    }

    IL_002f: ret
}

C#:

        internal void xxx(int per)
    {
        while (0 != 0) { }
        try
        {
            if (this.getP != null)
            {
                this.getP(per);
            }
        }
        catch { }
    }

I mean IL_0000 -> IL_0002 -> IL_0007

Is the decompiler stupid, or is it normal? Also, I'm not very skilled in IL, but this doesn't look like the actual source C# to me

justanothercoder
  • 223
  • 2
  • 4
  • 10
  • 1
    I strongly suspect the IL here has been obfuscated. The lack of any reference to `getP` is pretty damning.. – Jon Skeet Sep 11 '15 at 12:20
  • I've renamed the methods for the example, sorry about that... – justanothercoder Sep 11 '15 at 12:31
  • 2
    It is seems pretty obvious that the owner of this software does not want you to do this. So don't do it. – Hans Passant Sep 11 '15 at 12:31
  • @JonSkeet: I assume that might also be related to him manually 'obfuscating' the code before posting it. – Mark Jansen Sep 11 '15 at 12:31
  • @MarkJansen: Apparently so - all of which makes it rather harder to tell what's going on. – Jon Skeet Sep 11 '15 at 12:32
  • There are quite a few reasons to reverse software apart from cracking or anything malicious – justanothercoder Sep 11 '15 at 12:38
  • no problem with that il code , it does exactly the same thing as the c# code infact it makes the while(0!=0) into a while(true) wich is quite nice :) , the use of null is to align code so that it is not on uneven memory adress and is very common. – Thorarins Sep 11 '15 at 13:03

2 Answers2

2

The number in the labels are the offset in the methodbody of the following instruction. But not every instruction and operand are of the same size.

  • IL_0000: br.s 1byte opcode 1byte operand
  • IL_0002: call 1byte opcode 4byte operand
  • IL_0007: ldnull 1byte opcode
  • IL_0008: ldind.ref 1byte opcode
  • [...]
thehennyy
  • 4,020
  • 1
  • 22
  • 31
1

It is normal that the labels skip a few numbers now and then, not every instruction has the same size.

Mark Jansen
  • 1,491
  • 12
  • 24