Closed leonhardzp closed 2 weeks ago
Looks like this assembly has completely bogus (invalid) method bodies that the .NET runtime wouldn't accept either.
The <Module>
static constructor seems to perform some kind of in-memory decryption of the currently-running assembly; allowing the .NET runtime to load those methods after they have been decrypted.
Without running this decryption step, ILSpy doesn't have a chance at decompilation.
I can still fix the crashes in the disassembler so that at least the IL view can show just how meaningless the method bodies are.
Thanks for answering this question, Then I understand how they can do this decryption. I am a C# beginner. Do you have any info about the method you mentioned above (
Input code
I upload the dll assebmly. Please checked it. All methods can not be opened. Experior.Engine.dll.zip I guess maybe it comes from [module: SuppressIldasm] , But I am note sure, since I think that ILSpy will ignore this attribute.
Erroneous output
Error decompiling @0600009C Experior.Engine.EngineBase.UnloadDomain in assembly "C:\Program Files\Schneider Electric\EcoStruxure Machine Expert Twin2.0\Experior.Engine.dll" ---> System.BadImageFormatException: Read out of bounds. at System.Reflection.Throw.OutOfBounds() in offset 10 at System.Reflection.Metadata.BlobReader.ReadInt32() in offset 0 at ICSharpCode.Decompiler.Disassembler.ILParser.DecodeBranchTarget(BlobReader& blob, ILOpCode opCode) in ILParser.cs:line 77 at ICSharpCode.Decompiler.Disassembler.ILParser.SetBranchTargets(BlobReader& blob, BitSet branchTargets) in ILParser.cs:line 143 at ICSharpCode.Decompiler.IL.ILReader.ReadInstructions(CancellationToken cancellationToken) in ILReader.cs:line 475 at ICSharpCode.Decompiler.IL.ILReader.ReadIL(MethodDefinitionHandle method, MethodBodyBlock body, GenericContext genericContext, ILFunctionKind kind, CancellationToken cancellationToken) in ILReader.cs:line 703 at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.DecompileBody(IMethod method, EntityDeclaration entityDecl, DecompileRun decompileRun, ITypeResolveContext decompilationContext) in CSharpDecompiler.cs:line 1715 -- continuing with outer exception (ICSharpCode.Decompiler.DecompilerException) -- at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.DecompileBody(IMethod method, EntityDeclaration entityDecl, DecompileRun decompileRun, ITypeResolveContext decompilationContext) in CSharpDecompiler.cs:line 1773 at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.DoDecompile(IMethod method, DecompileRun decompileRun, ITypeResolveContext decompilationContext) in CSharpDecompiler.cs:line 1622 at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.<>cDisplayClass74_0.gDoDecompileMember|0(IEntity entity, RecordDecompiler recordDecompiler, PartialTypeInfo partialType) in CSharpDecompiler.cs:line 1497
at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.DoDecompile(ITypeDefinition typeDef, DecompileRun decompileRun, ITypeResolveContext decompilationContext) in CSharpDecompiler.cs:line 1364
at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.Decompile(IEnumerable`1 definitions) in CSharpDecompiler.cs:line 1033
at ICSharpCode.Decompiler.CSharp.CSharpDecompiler.Decompile(EntityHandle[] definitions) in CSharpDecompiler.cs:line 1005
at ICSharpCode.ILSpy.CSharpLanguage.DecompileType(ITypeDefinition type, ITextOutput output, DecompilationOptions options) in offset 65
at ICSharpCode.ILSpy.TreeNodes.TypeTreeNode.Decompile(Language language, ITextOutput output, DecompilationOptions options) in offset 0
at ICSharpCode.ILSpy.TextView.DecompilerTextView.DecompileNodes(DecompilationContext context, ITextOutput textOutput) in offset 103
at ICSharpCode.ILSpy.TextView.DecompilerTextView.<>cDisplayClass53_0.b 0() in offset 18
Details
I tried other decompiler like Ildasm, dnSpy, They don't work too. So , I think there are some method can prevent the assembly to be decompiled. But which method can do this? AOT or just suppressIldasm ? Strange.
Experior.Engine.dll.zip