Disassembling .NET Applications

Upcoming Interviews

Disassembling .NET Applications


You may come across many reasons to examine the code of an existing application. Your reasons may be among:

How is this Possible?

Microsoft .NET languages "compile" to the MSIL so all languages meet at a common denominator. Then, the MSIL is compiled at the first run of the application to binary. Since the MSIL is not yet compiled to binary, utility programs can read the DLL and reverse engineer the code.

Note: Use your powers for good! This is a technique I provide for you to learn hints and pointers to the right direction of someone's code, not to use or re-purpose without permission.

Obfuscated or Not?

There are two "types" applications, obfuscated (scrambled code) and simply compiled DLLs. Obfuscation is a process used to cloak the internal workings of source code. An obfuscated program will have its class names, method names, variable names, and signatures renamed in a random and cryptic manner in order hide what is really going on.

The point is, only custom code can be obfuscated. Whenever a code fragment uses an outside DLL, these calls can not be scrambled. The calls to the external objects are the types and methods of objects that can not be renamed. So by examining these calls you can begin to infer what the application is doing.