埃克编程语言标识 [英] Exe programming language identity

问题描述

要继续我的课<一个href="http://stackoverflow.com/questions/29660057/$c$c-injection-to-set-and-extract-data-from-mfc-application">project,我需要找出一个样本EXE的程序设计语言。以下是我所了解的EXE：

1. 在使用的x86的.Net 4.0框架 - 它引用mscorlib程序通过JetBrains的 dotPeek 计划。
2. 有一个Win32 GUI的Win32按钮和标签 - 根据对 UI框架ID验证（仍在使用旧版本）。我测试的用户界面验证对一个W​​PF和WinForm的样品EXE框架ID。

起初，我以为它是一个C ++ / CLI的项目，但我也发现了一个参考System.Windows.Forms的和方法，将反编译为C＃。

什么编程语言是此exe写的？

---

更新1：使用ILSpy，我发现EXE是混合+原生code作为每@xanatos建议。我也注意到它引用Microsoft.VisualC。

---

更新2：至于我的参考，并为他人谁可能确定一个.NET引用EXE需要帮助，我做了以下内容：

1. 通过JetBrains公司或ILSpy验证exe文件引用。NET（.mscorlib）
2. 选中的图形用户界面和控制，以帮助识别框架ID 通过用户界面验证
3. 检查 .corflags 来确定是否是ILONLY或通过混 ILSpy的IL看法
4. 通过ILSpy确定exe文件的入口点（我不得不将其更改为C＃ 查看和选择的exe文件）
5. 检查入口点方法通过ILSpy了 hidebysig （我点击了 入口点，它重定向我的方法，我改变了看法 回到IL）

解决方案

我通过创建在Visual Studio一些空的控制台应用程序做了一些实验。

C＃：

没有什么特别的C＃程序。这是非常简单。有没有奇怪的参照其它组件。一个空的应用程序只引用mscorlib程序。该主方法是hidebysig。

VB.NET：

即使是空的控制台应用程序引用了 Microsoft.VisualBasic程序。有在定义的东西吨（assemblynamespace）。我的和（assemblynamespace）.My.Resources 。该主方法的不可以 hidebysig。

F＃：

即使是一个几乎空康寿应用程序引用了 FSharp.Core 。该主方法的不可以 hidebysig。

C ++ / CLI使用/ clr：

有类于＆LT; CppImplementationDetails＆GT; 和＆LT; CrtImplementationDetails＆GT; 的命名空间。引用KERNEL32.DLL显示在ILSPY。启动方法是内部不安全的静态INT mainCRTStartupStrArray（字符串[]参数）。这不是 hidebysig 。

C ++ / CLI与/纯：

有类于＆LT; CppImplementationDetails＆GT; 和＆LT; CrtImplementationDetails＆GT; 的命名空间。引用KERNEL32.DLL显示在ILSPY。启动方法是内部不安全的静态INT mainCRTStartupStrArray（字符串[]参数）。这不是 hidebysig 。

C ++ / CLI使用/安全：

方法外类中定义的内部类＆LT;模块＆GT; 。该主（小写）方法的不可以 hidebysig。

ILASM：

没测试过，但相当确信任何东西是可以产生纯IL code

其他语言：

您可以经常看引用的程序集。通常是编译的.NET语言有特殊的班级一些附加组件为他们（如VB.NET Microsoft.VisualBasic程序

-

请注意，如果EXE是纯IL code应该有一个

.corflags 00000001 // ILONLY

如果是混合的原生+ IL code来代替：

.corflags 00000000 // 0

我可以通过加载的EXE在ILSPY，选择它，并在工具栏上的下拉框中选择IL看到它。它是最后一行

起初我以为它是一个C ++ / CLI的项目，但我也发现了一个参考System.Windows.Forms的和方法，将反编译为C＃。

使用C ++ / CLI或C＃，并使用 System.Windows.Forms的是正交的。你可以使用任何.NET语言与 System.Windows.Forms的。最大的区别是，与C ++ / CLI，你可以把这个exe非IL code和IL code，而使用C＃，你只能产生IL code。

To continue my class project, I need to identify the programming language of a sample exe. The following is what I know about the exe:

1. Uses x86 .Net 4.0 framework - It references mscorlib via JetBrains dotPeek program.
2. Has a Win32 gui with win32 buttons and labels - According to the framework id on UI Verify (still using the old version). I tested UI Verify framework id against a WPF and WinForm sample exe.

At first I assumed its a C++ / CLI project but I also discovered a reference to System.Windows.Forms and methods that would decompile to C#.

What programming language is this exe written with?

---

Update 1: Using ILSpy, I discovered exe was "mixed + native code" as per @xanatos advice. I also noticed it references Microsoft.VisualC .

---

Update 2: As for my reference and for others who may need help in identifying a .net referenced exe, I did the following:

1. Verify exe referenced .Net (.mscorlib) via JetBrains or ILSpy
2. Checked the GUI and its controls to help identify the framework id via UI Verify
3. Check the .corflags to identify if it is ILOnly or mixed via ILSpy's IL view
4. Identify the exe's entry point via ILSpy (I had to change it to C# View and selected the exe)
5. Check if entry point method had hidebysig via ILSpy (I clicked the entry point, it redirected me to the method, and I changed the view back to IL)

解决方案

I've done some experiments by creating some empty console applications in Visual Studio.

C#:

There is nothing particular in a C# program. It is very "plain". There is no strange reference to other assemblies. An empty app references only mscorlib. The Main method is hidebysig.

VB.NET:

Even an empty Console App has a reference to Microsoft.VisualBasic. There are tons of things defined in (assemblynamespace).My and in (assemblynamespace).My.Resources . The Main method is not hidebysig.

F#:

Even a nearly empty Consol App has a reference to FSharp.Core. The Main method is not hidebysig.

C++/CLI with /clr:

There are classes in the <CppImplementationDetails> and in the <CrtImplementationDetails> namespaces. A reference to kernel32.dll is shown in ILSPY. The start method is internal unsafe static int mainCRTStartupStrArray(string[] arguments). It is not hidebysig.

C++/CLI with /pure:

There are classes in the <CppImplementationDetails> and in the <CrtImplementationDetails> namespaces. A reference to kernel32.dll is shown in ILSPY. The start method is internal unsafe static int mainCRTStartupStrArray(string[] arguments). It is not hidebysig.

C++/CLI with /safe:

Methods outside classes are defined inside an internal class <Module>. The main (lowercase) method is not hidebysig.

ILAsm:

Not tested, but quite sure that anything that is pure IL code can be generated

Other languages:

You can often look at the referenced assemblies. Often languages that compile for .NET have some additional assemblies with special classes for them (like the VB.NET Microsoft.VisualBasic

-

Note that if the exe is "pure" IL Code there should be a

.corflags 0x00000001 // ILOnly

If it is mixed native + ILCode instead:

.corflags 0x00000000 // 0

I can see it by loading the exe in ILSPY, choosing it and selecting IL in the combo box in the toolbar. It is the last line

At first I assumed its a C++ / CLI project but I also discovered a reference to System.Windows.Forms and methods that would decompile to C#.

Using C++ / CLI or C# and using System.Windows.Forms are orthogonal. You can use any .NET language with System.Windows.Forms. The big difference is that with C++ / CLI you can put in the exe non-IL code plus IL code, while with C# you can only generate IL code.

这篇关于埃克编程语言标识的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！