为什么会这样容易反编译.NET IL code? [英] Why is it so easy to decompile .NET IL code?
问题描述
为什么那么容易反编译.NET IL-code到源$ C $ C,相比于反编译原生x86二进制文件? (反射器产生相当不错的来源$ C $ C的大部分时间,而C ++编译器的反编译的输出几乎是不可能的。)
Why is it so easy to decompile .NET IL-code into source code, compared to decompiling native x86 binaries? (Reflector produces quite good source code most of the time, while decompiling the output of a C++ compiler is almost impossible.)
是不是因为IL含有大量的元数据?还是因为白细胞介素是一种更高的抽象比x86指令?我做了一些研究,发现,以下两个有用的文章,但他们都没有回答我的问题。
Is it because IL contains a lot of meta data? Or is it because IL is a higher abstraction than x86 instructions? I did some research and found the following two usefull articles, but neither of them answers my question.
- MSIL Decompiler Theory
- C Decompiler - Quick primer
推荐答案
我想你已经得到了最重要的位了。
I think you've got the most important bits already.
- 正如你所说的,还有更多的元数据可用。我不知道什么是C或C ++编译器发出的细节,但我怀疑的据的多个名称和类似的信息都包含在IL。只要看看什么是反编译器知道什么是在一个特定的堆栈帧,例如 - 至于86而言,你只懂得堆栈的使用的;在IL你知道堆栈的内容的再present 的(或至少,类型 - !不语义)
- 同样,因为你已经提到,IL比86更高层次的抽象。 86不知道什么方法或函数调用,或者一个事件,或者财产等IL有所有的信息仍然在其中。
- 通常C和C ++编译器的优化更重比(说)C#编译器。这是因为C#编译假定最优化的,仍然可以稍后执行 - 由JIT。在某些方面,它是有道理的C#编译器的没有的尝试做太多优化,因为有各种信息位,可向JIT而不是C#编译器。优化code是难以反编译,因为它是远离成为原始出处code自然再presentation。
- 在IL被设计为JIT编译; 86被设计为(通过微code诚然)本身执行。 JIT编译器所需要的信息是类似的,一个反编译器会想,这样一个反编译器有一个更简单的时间与IL。在某些方面,这是真正的第二点只是重述。
- As you say, there's more metadata available. I don't know the details of what is emitted by a C or C++ compiler, but I suspect far more names and similar information are included in IL. Just look at what the decompiler knows about what's in a particular stack frame, for example - as far as the x86 is concerned, you only know how the stack is used ; in IL you know what the contents of the stack represent (or at least, the type - not the semantic meaning!)
- Again, as you've already mentioned, IL is a higher level abstraction than x86. x86 has no idea what a method or function call is, or an event, or a property etc. IL has all that information still within it.
- Typically C and C++ compilers optimise much more heavily than (say) the C# compiler. This is because the C# compiler assumes that most of the optimisation can still be performed later - by the JIT. In some ways it makes sense for the C# compiler not to try to do much optimisation, as there are various bits of information which are available to the JIT but not the C# compiler. Optimised code is harder to decompile, because it's further away from being a natural representation of the original source code.
- IL was designed to be JIT-compiled; x86 was designed to be executed natively (admittedly via micro-code). The information the JIT compiler needs is similar to that that a decompiler would want, so a decompiler has an easier time with IL. In some ways this is really just a restatement of the second point.
这篇关于为什么会这样容易反编译.NET IL code?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
