Introduction
Most of the times when we want to see the disassembled code we will go for the ILDASM tool and give the mapped path of the dll and see the disassembled code in the tool. Now we have an option for that in Visual Studio itself. Let’s see in this article on how to do this step by step.
[more]Steps
Let’s open a console application and make a small application and see how visual studio disassembles the code and shows the output.
Create a console application and place the below code in the main method.
try
{
Console.Write(“Please Enter the Year: “);
int year = int.Parse(Console.ReadLine());
if ((year % 4 == 0) && (year % 100 != 0) || (year % 400 == 0))
{
Console.WriteLine(“The year {0}, is a Leap Year”, year);
}
else
{
Console.WriteLine(“The year {0}, is not a Leap Year”, year);
}
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
Console.ReadLine();
Place a break point at the execution end level to see the disassembled code as shown in the below image
Now run the application by pressing F5 from the keyboard or directly press the arrow button in the IDE to start the execution process. It will run the steps and go to the break point as shown below.
Now right click on the code and u can see the option Go To Disassembly as shown in the below image
Finally it will open a new window where you can see the disassembled code as shown in the below image
The output of the disassembled code will be similar to the below
— C:\Users\karthik\Documents\Visual Studio 2010\Projects\ConAppDisassemble\ConAppDisassemble\Program.cs
{
00000000 push ebp
00000001 mov ebp,esp
00000003 push edi
00000004 push esi
00000005 push ebx
00000006 sub esp,64h
00000009 mov esi,ecx
0000000b lea edi,[ebp-38h]
0000000e mov ecx,0Bh
00000013 xor eax,eax
00000015 rep stos dword ptr es:[edi]
00000017 mov ecx,esi
00000019 xor eax,eax
0000001b mov dword ptr [ebp-1Ch],eax
0000001e mov dword ptr [ebp-3Ch],ecx
00000021 cmp dword ptr ds:[005A14B0h],0
00000028 je 0000002F
0000002a call 6415370F
0000002f xor edx,edx
00000031 mov dword ptr [ebp-40h],edx
00000034 xor edx,edx
00000036 mov dword ptr [ebp-44h],edx
00000039 mov dword ptr [ebp-48h],0
00000040 nop
try
{
00000041 nop
Console.Write(“Please Enter the Year: “);
00000042 mov ecx,dword ptr ds:[02942088h]
00000048 call 6337B098
0000004d nop
int year = int.Parse(Console.ReadLine());
0000004e call 638F9E40
00000053 mov dword ptr [ebp-4Ch],eax
00000056 mov ecx,dword ptr [ebp-4Ch]
00000059 call 632FF19C
0000005e mov dword ptr [ebp-50h],eax
00000061 mov eax,dword ptr [ebp-50h]
00000064 mov dword ptr [ebp-40h],eax
if ((year % 4 == 0) && (year % 100 != 0) || (year % 400 == 0))
00000067 mov eax,dword ptr [ebp-40h]
0000006a and eax,80000003h
0000006f jns 00000076
00000071 dec eax
00000072 or eax,0FFFFFFFCh
00000075 inc eax
00000076 test eax,eax
00000078 jne 00000089
0000007a mov eax,dword ptr [ebp-40h]
0000007d mov ecx,64h
00000082 cdq
00000083 idiv eax,ecx
00000085 test edx,edx
00000087 jne 000000A2
00000089 nop
0000008a mov eax,dword ptr [ebp-40h]
0000008d mov ecx,190h
00000092 cdq
00000093 idiv eax,ecx
00000095 test edx,edx
00000097 setne al
0000009a movzx eax,al
0000009d mov dword ptr [ebp-54h],eax
000000a0 jmp 000000A7
000000a2 xor edx,edx
000000a4 mov dword ptr [ebp-54h],edx
000000a7 movzx eax,byte ptr [ebp-54h]
000000ab mov dword ptr [ebp-48h],eax
000000ae cmp dword ptr [ebp-48h],0
000000b2 jne 000000EA
{
000000b4 nop
Console.WriteLine(“The year {0}, is a Leap Year”, year);
000000b5 mov ecx,638A2978h
000000ba call FFE6FBE0
000000bf mov dword ptr [ebp-58h],eax
000000c2 mov eax,dword ptr ds:[0294208Ch]
000000c8 mov dword ptr [ebp-64h],eax
000000cb mov eax,dword ptr [ebp-58h]
000000ce mov edx,dword ptr [ebp-40h]
000000d1 mov dword ptr [eax+4],edx
000000d4 mov eax,dword ptr [ebp-58h]
000000d7 mov dword ptr [ebp-68h],eax
000000da mov ecx,dword ptr [ebp-64h]
000000dd mov edx,dword ptr [ebp-68h]
000000e0 call 6331B090
000000e5 nop
}
000000e6 nop
000000e7 nop
000000e8 jmp 0000011D
else
{
000000ea nop
Console.WriteLine(“The year {0}, is not a Leap Year”, year);
000000eb mov ecx,638A2978h
000000f0 call FFE6FBE0
000000f5 mov dword ptr [ebp-58h],eax
000000f8 mov eax,dword ptr ds:[02942090h]
000000fe mov dword ptr [ebp-6Ch],eax
00000101 mov eax,dword ptr [ebp-58h]
00000104 mov edx,dword ptr [ebp-40h]
00000107 mov dword ptr [eax+4],edx
0000010a mov eax,dword ptr [ebp-58h]
0000010d mov dword ptr [ebp-70h],eax
00000110 mov ecx,dword ptr [ebp-6Ch]
00000113 mov edx,dword ptr [ebp-70h]
00000116 call 6331B090
0000011b nop
}
0000011c nop
}
0000011d nop
0000011e nop
0000011f jmp 0000014A
catch (Exception ex)
00000121 mov dword ptr [ebp-5Ch],eax
00000124 mov eax,dword ptr [ebp-5Ch]
00000127 mov dword ptr [ebp-44h],eax
{
0000012a nop
Console.WriteLine(ex.Message);
0000012b mov ecx,dword ptr [ebp-44h]
0000012e mov eax,dword ptr [ecx]
00000130 mov eax,dword ptr [eax+28h]
00000133 call dword ptr [eax+10h]
00000136 mov dword ptr [ebp-60h],eax
00000139 mov ecx,dword ptr [ebp-60h]
0000013c call 63324C6C
00000141 nop
}
00000142 nop
00000143 call 63E9FE98
00000148 jmp 0000014A
0000014a nop
Console.ReadLine();
0000014b call 638F9E40
00000150 nop
}
00000151 nop
00000152 lea esp,[ebp-0Ch]
00000155 pop ebx
00000156 pop esi
00000157 pop edi
00000158 pop ebp
00000159 ret