埃克编程语言标识 [英] Exe programming language identity
问题描述
要继续我的课<一个href="http://stackoverflow.com/questions/29660057/$c$c-injection-to-set-and-extract-data-from-mfc-application">project,我需要找出一个样本EXE的程序设计语言。以下是我所了解的EXE:
- 在使用的x86的.Net 4.0框架 - 它引用mscorlib程序通过JetBrains的 dotPeek 计划。
- 有一个Win32 GUI的Win32按钮和标签 - 根据对 UI框架ID验证(仍在使用旧版本)。我测试的用户界面验证对一个WPF和WinForm的样品EXE框架ID。
起初,我以为它是一个C ++ / CLI的项目,但我也发现了一个参考System.Windows.Forms的和方法,将反编译为C#。
什么编程语言是此exe写的?
更新1:使用ILSpy,我发现EXE是混合+原生code作为每@xanatos建议。我也注意到它引用Microsoft.VisualC。
更新2:至于我的参考,并为他人谁可能确定一个.NET引用EXE需要帮助,我做了以下内容:
- 通过JetBrains公司或ILSpy验证exe文件引用。NET(.mscorlib)
- 选中的图形用户界面和控制,以帮助识别框架ID 通过用户界面验证
- 检查
.corflags
来确定是否是ILONLY或通过混 ILSpy的IL看法 - 通过ILSpy确定exe文件的入口点(我不得不将其更改为C# 查看和选择的exe文件)
- 检查入口点方法通过ILSpy了
hidebysig
(我点击了 入口点,它重定向我的方法,我改变了看法 回到IL)
我通过创建在Visual Studio一些空的控制台应用程序做了一些实验。
C#:
没有什么特别的C#程序。这是非常简单。有没有奇怪的参照其它组件。一个空的应用程序只引用mscorlib程序。该主
方法是hidebysig。
VB.NET:
即使是空的控制台应用程序引用了 Microsoft.VisualBasic程序
。有在定义的东西吨(assemblynamespace)。我的
和(assemblynamespace).My.Resources
。该主
方法的不可以 hidebysig。
F#:
即使是一个几乎空康寿应用程序引用了 FSharp.Core
。该主
方法的不可以 hidebysig。
C ++ / CLI使用/ clr:
有类于&LT; CppImplementationDetails&GT;
和&LT; CrtImplementationDetails&GT;
的命名空间。引用KERNEL32.DLL显示在ILSPY。启动方法是内部不安全的静态INT mainCRTStartupStrArray(字符串[]参数)
。这不是 hidebysig
。
C ++ / CLI与/纯:
有类于&LT; CppImplementationDetails&GT;
和&LT; CrtImplementationDetails&GT;
的命名空间。引用KERNEL32.DLL显示在ILSPY。启动方法是内部不安全的静态INT mainCRTStartupStrArray(字符串[]参数)
。这不是 hidebysig
。
C ++ / CLI使用/安全:
方法外类中定义的内部类&LT;模块&GT;
。该主
(小写)方法的不可以 hidebysig。
ILASM:
没测试过,但相当确信任何东西是可以产生纯IL code
其他语言:
您可以经常看引用的程序集。通常是编译的.NET语言有特殊的班级一些附加组件为他们(如VB.NET Microsoft.VisualBasic程序
-
请注意,如果EXE是纯IL code应该有一个
.corflags 00000001 // ILONLY
如果是混合的原生+ IL code来代替:
.corflags 00000000 // 0
我可以通过加载的EXE在ILSPY,选择它,并在工具栏上的下拉框中选择IL看到它。它是最后一行
起初我以为它是一个C ++ / CLI的项目,但我也发现了一个参考System.Windows.Forms的和方法,将反编译为C#。
使用C ++ / CLI或C#,并使用 System.Windows.Forms的
是正交的。你可以使用任何.NET语言与 System.Windows.Forms的
。最大的区别是,与C ++ / CLI,你可以把这个exe非IL code和IL code,而使用C#,你只能产生IL code。
To continue my class project, I need to identify the programming language of a sample exe. The following is what I know about the exe:
- Uses x86 .Net 4.0 framework - It references mscorlib via JetBrains dotPeek program.
- Has a Win32 gui with win32 buttons and labels - According to the framework id on UI Verify (still using the old version). I tested UI Verify framework id against a WPF and WinForm sample exe.
At first I assumed its a C++ / CLI project but I also discovered a reference to System.Windows.Forms and methods that would decompile to C#.
What programming language is this exe written with?
Update 1: Using ILSpy, I discovered exe was "mixed + native code" as per @xanatos advice. I also noticed it references Microsoft.VisualC .
Update 2: As for my reference and for others who may need help in identifying a .net referenced exe, I did the following:
- Verify exe referenced .Net (.mscorlib) via JetBrains or ILSpy
- Checked the GUI and its controls to help identify the framework id via UI Verify
- Check the
.corflags
to identify if it is ILOnly or mixed via ILSpy's IL view - Identify the exe's entry point via ILSpy (I had to change it to C# View and selected the exe)
- Check if entry point method had
hidebysig
via ILSpy (I clicked the entry point, it redirected me to the method, and I changed the view back to IL)
I've done some experiments by creating some empty console applications in Visual Studio.
C#:
There is nothing particular in a C# program. It is very "plain". There is no strange reference to other assemblies. An empty app references only mscorlib. The Main
method is hidebysig.
VB.NET:
Even an empty Console App has a reference to Microsoft.VisualBasic
. There are tons of things defined in (assemblynamespace).My
and in (assemblynamespace).My.Resources
. The Main
method is not hidebysig.
F#:
Even a nearly empty Consol App has a reference to FSharp.Core
. The Main
method is not hidebysig.
C++/CLI with /clr:
There are classes in the <CppImplementationDetails>
and in the <CrtImplementationDetails>
namespaces. A reference to kernel32.dll is shown in ILSPY. The start method is internal unsafe static int mainCRTStartupStrArray(string[] arguments)
. It is not hidebysig
.
C++/CLI with /pure:
There are classes in the <CppImplementationDetails>
and in the <CrtImplementationDetails>
namespaces. A reference to kernel32.dll is shown in ILSPY. The start method is internal unsafe static int mainCRTStartupStrArray(string[] arguments)
. It is not hidebysig
.
C++/CLI with /safe:
Methods outside classes are defined inside an internal class <Module>
. The main
(lowercase) method is not hidebysig.
ILAsm:
Not tested, but quite sure that anything that is pure IL code can be generated
Other languages:
You can often look at the referenced assemblies. Often languages that compile for .NET have some additional assemblies with special classes for them (like the VB.NET Microsoft.VisualBasic
-
Note that if the exe is "pure" IL Code there should be a
.corflags 0x00000001 // ILOnly
If it is mixed native + ILCode instead:
.corflags 0x00000000 // 0
I can see it by loading the exe in ILSPY, choosing it and selecting IL in the combo box in the toolbar. It is the last line
At first I assumed its a C++ / CLI project but I also discovered a reference to System.Windows.Forms and methods that would decompile to C#.
Using C++ / CLI or C# and using System.Windows.Forms
are orthogonal. You can use any .NET language with System.Windows.Forms
. The big difference is that with C++ / CLI you can put in the exe non-IL code plus IL code, while with C# you can only generate IL code.
这篇关于埃克编程语言标识的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!