ILSpy
ILSpy copied to clipboard
icsharpcode
Error code on decompiled file
Input code
.class private auto ansi Configurator
extends [System.Runtime]System.Object
{
// Nested Types
.class nested private auto ansi sealed serializable beforefieldinit '<>c'
extends [System.Runtime]System.Object
{
.custom instance void [System.Runtime]System.Runtime.CompilerServices.CompilerGeneratedAttribute::.ctor() = (
01 00 00 00
)
// Fields
.field public static initonly class Configurator/'<>c' '<>9'
.field public static class [System.Runtime]System.Func`2<class [System.Diagnostics.Process]System.Diagnostics.ProcessModule, bool> '<>9__1_0'
// Methods
.method private hidebysig specialname rtspecialname static
void .cctor () cil managed
{
// Method begins at RVA 0x3d234
// Header size: 1
// Code size: 11 (0xb)
.maxstack 8
IL_0000: newobj instance void Configurator/'<>c'::.ctor()
IL_0005: stsfld class Configurator/'<>c' Configurator/'<>c'::'<>9'
IL_000a: ret
} // end of method '<>c'::.cctor
.method public hidebysig specialname rtspecialname
instance void .ctor () cil managed
{
// Method begins at RVA 0x3d240
// Header size: 1
// Code size: 7 (0x7)
.maxstack 8
IL_0000: ldarg.0
IL_0001: call instance void [System.Runtime]System.Object::.ctor()
IL_0006: ret
} // end of method '<>c'::.ctor
.method assembly hidebysig
instance bool '<InjectCoreClr>b__1_0' (
class [System.Diagnostics.Process]System.Diagnostics.ProcessModule x
) cil managed
{
// Method begins at RVA 0x3d248
// Header size: 1
// Code size: 17 (0x11)
.maxstack 8
IL_0000: ldarg.1
IL_0001: callvirt instance string [System.Diagnostics.Process]System.Diagnostics.ProcessModule::get_ModuleName()
IL_0006: ldstr "coreclr.dll"
IL_000b: call bool [System.Runtime]System.String::op_Equality(string, string)
IL_0010: ret
} // end of method '<>c'::'<InjectCoreClr>b__1_0'
} // end of class <>c
// Methods
.method public hidebysig static pinvokeimpl("kernel32.dll" nomangle lasterr winapi)
bool marshal(bool) VirtualProtect (
[in] native int lpAddress,
uint64 dwSize,
uint32 flNewProtect,
[out] uint32& lpflOldProtect
) cil managed preservesig
{
} // end of method Configurator::VirtualProtect
.method public hidebysig static
void Configure (
uint32[] dynamicKeys,
uint32 staticKey
) cil managed
{
.custom instance void [System.Runtime]System.Runtime.CompilerServices.NullableContextAttribute::.ctor(uint8) = (
01 00 01 00 00
)
// Method begins at RVA 0x3cbe8
// Header size: 12
// Code size: 361 (0x169)
.maxstack 5
.locals init (
[0] class [System.Diagnostics.Process]System.Diagnostics.ProcessModule,
[1] uint8&,
[2] valuetype [System.Runtime]System.ReadOnlySpan`1<uint8>,
[3] valuetype [System.Runtime]System.Nullable`1<uint8>[],
[4] valuetype [System.Runtime]System.Nullable`1<int64>,
[5] native int,
[6] uint8&,
[7] valuetype [System.Runtime]System.Span`1<uint8>,
[8] native int,
[9] valuetype [System.Runtime]System.Span`1<uint8>,
[10] class [System.Collections]System.Collections.Generic.List`1<uint8>,
[11] native int,
[12] valuetype [System.Runtime]System.Span`1<uint8>,
[13] valuetype [System.Runtime]System.ReadOnlySpan`1<uint8>,
[14] valuetype [System.Runtime]System.Span`1<uint8>,
[15] uint8[],
[16] uint32,
[17] valuetype [System.Runtime]System.ReadOnlySpan`1<uint8>,
[18] valuetype [System.Runtime]System.Nullable`1<uint8>,
[19] int64,
[20] valuetype [System.Runtime]System.ReadOnlySpan`1<uint8>,
[21] bool,
[22] valuetype [System.Runtime]System.ReadOnlySpan`1<uint8>&,
[23] int32,
[24] valuetype [System.Runtime]System.Nullable`1<int32>,
[25] valuetype [System.Runtime]System.Nullable`1<int32>,
[26] int32,
[27] uint32,
[28] valuetype [System.Runtime]System.ReadOnlySpan`1<uint8>
)
IL_0000: call class [System.Diagnostics.Process]System.Diagnostics.Process [System.Diagnostics.Process]System.Diagnostics.Process::GetCurrentProcess()
IL_0005: callvirt instance class [System.Diagnostics.Process]System.Diagnostics.ProcessModuleCollection [System.Diagnostics.Process]System.Diagnostics.Process::get_Modules()
// loop start (head: IL_000a)
IL_000a: dup
IL_000b: brtrue.s IL_000a
// end loop
IL_000d: pop
IL_000e: dup
IL_000f: stloc.0
IL_0010: ldloc.0
IL_0011: stloc.1
IL_0012: ldloc.1
IL_0013: ldloc.0
IL_0014: stloc.2
IL_0015: dup
IL_0016: conv.u1
IL_0017: dup
IL_0018: initobj valuetype [System.Runtime]System.Nullable`1<uint8>
IL_001e: dup
IL_001f: initobj valuetype [System.Runtime]System.Nullable`1<uint8>
IL_0025: dup
IL_0026: conv.u1
IL_0027: dup
IL_0028: initobj valuetype [System.Runtime]System.Nullable`1<uint8>
IL_002e: dup
IL_002f: conv.u1
IL_0030: dup
IL_0031: initobj valuetype [System.Runtime]System.Nullable`1<uint8>
IL_0037: dup
IL_0038: conv.u1
IL_0039: stloc.3
IL_003a: initobj valuetype [System.Runtime]System.Nullable`1<int64>
IL_0040: ldc.i4.0
// loop start (head: IL_0041)
IL_0041: conv.i8
IL_0042: br.s IL_0041
// end loop
IL_0044: conv.i4
IL_0045: sub
IL_0046: ldloc.3
IL_0047: ldc.i4.0
// loop start (head: IL_0048)
IL_0048: ldelem valuetype [System.Runtime]System.Nullable`1<uint8>
IL_004d: brtrue.s IL_0048
// end loop
// loop start (head: IL_004f)
IL_004f: initobj valuetype [System.Runtime]System.Nullable`1<int32>
IL_0055: br.s IL_004f
// end loop
IL_0057: ldc.i4.0
IL_0058: ldind.u1
IL_0059: ceq
// loop start (head: IL_005b)
IL_005b: and
IL_005c: brfalse.s IL_005b
// end loop
IL_005e: ldloc.3
IL_005f: dup
IL_0060: ldlen
IL_0061: conv.i4
IL_0062: ldc.i4.1
IL_0063: sub
// loop start (head: IL_0064)
IL_0064: ldelem valuetype [System.Runtime]System.Nullable`1<uint8>
IL_0069: brtrue.s IL_0064
// end loop
// loop start (head: IL_006b)
IL_006b: initobj valuetype [System.Runtime]System.Nullable`1<int32>
IL_0071: br.s IL_006b
// end loop
IL_0073: ldloc.3
IL_0074: ldlen
IL_0075: conv.i4
IL_0076: ldc.i4.1
IL_0077: sub
IL_0078: ldind.u1
IL_0079: ceq
// loop start (head: IL_007b)
IL_007b: and
IL_007c: brfalse.s IL_007b
// end loop
IL_007e: ldc.i4.1
// loop start (head: IL_007f)
IL_007f: ldc.i4.0
IL_0080: br.s IL_007f
// end loop
IL_0082: ldloc.3
// loop start (head: IL_0083)
IL_0083: ldelema valuetype [System.Runtime]System.Nullable`1<uint8>
IL_0088: brfalse.s IL_0083
// end loop
IL_008a: ldloc.3
// loop start (head: IL_008b)
IL_008b: ldelem valuetype [System.Runtime]System.Nullable`1<uint8>
IL_0090: brtrue.s IL_008b
// end loop
// loop start (head: IL_0092)
IL_0092: initobj valuetype [System.Runtime]System.Nullable`1<int32>
IL_0098: br.s IL_0092
// end loop
IL_009a: ldind.u1
IL_009b: ceq
// loop start (head: IL_009d)
IL_009d: and
IL_009e: brtrue.s IL_009d
// end loop
// loop start (head: IL_00a0)
IL_00a0: ldc.i4.0
IL_00a1: br.s IL_00a0
// end loop
IL_00a3: ldc.i4.1
IL_00a4: add
IL_00a5: ldloc.3
IL_00a6: ldlen
IL_00a7: conv.i4
IL_00a8: blt.s IL_00a7
// loop start (head: IL_00aa)
IL_00aa: brfalse.s IL_00a8
IL_00ac: br.s IL_00aa
// end loop
IL_00ae: ldc.i4.1
IL_00af: conv.i8
IL_00b0: add
IL_00b1: conv.i8
// loop start (head: IL_00b2)
IL_00b2: blt.s IL_00b1
IL_00b4: brtrue.s IL_00b2
// end loop
IL_00b6: ret
IL_00b7: ldc.i4.2
IL_00b8: conv.i8
IL_00b9: add
IL_00ba: ldloc.1
IL_00bb: ldarg.0
IL_00bc: ldc.i4.0
IL_00bd: dup
IL_00be: dup
IL_00bf: dup
IL_00c0: dup
IL_00c1: dup
IL_00c2: dup
IL_00c3: dup
IL_00c4: ldc.i4.s 15
IL_00c6: dup
IL_00c7: ldc.i4.0
IL_00c8: dup
IL_00c9: ldc.i4.s 118
IL_00cb: dup
IL_00cc: ldc.i4.s 30
IL_00ce: dup
IL_00cf: ldc.i4.s 72
IL_00d1: dup
IL_00d2: dup
IL_00d3: dup
IL_00d4: dup
IL_00d5: dup
IL_00d6: dup
IL_00d7: ldc.i4.s 120
IL_00d9: dup
IL_00da: ldc.i4.s 86
IL_00dc: dup
IL_00dd: ldc.i4.s 52
IL_00df: dup
IL_00e0: ldc.i4.s 18
IL_00e2: dup
IL_00e3: dup
IL_00e4: dup
IL_00e5: ldc.i4.0
IL_00e6: dup
IL_00e7: ldc.i4.0
IL_00e8: dup
IL_00e9: ldc.i4.0
IL_00ea: dup
IL_00eb: dup
IL_00ec: dup
IL_00ed: dup
IL_00ee: ldc.i4.s 15
IL_00f0: dup
IL_00f1: dup
IL_00f2: dup
IL_00f3: ldc.i4.4
IL_00f4: dup
IL_00f5: ldc.i4.s 51
IL_00f7: dup
IL_00f8: ldc.i4.4
IL_00f9: dup
IL_00fa: dup
IL_00fb: ldc.i4.s 53
IL_00fd: dup
IL_00fe: ldc.i4.s 120
IL_0100: dup
IL_0101: ldc.i4.s 86
IL_0103: dup
IL_0104: ldc.i4.s 52
IL_0106: dup
IL_0107: ldc.i4.s 18
IL_0109: dup
IL_010a: ldc.i4.0
IL_010b: dup
IL_010c: ldc.i4.0
IL_010d: dup
IL_010e: ldc.i4.0
IL_010f: dup
IL_0110: ldc.i4.0
IL_0111: dup
IL_0112: ldc.i4.0
IL_0113: dup
IL_0114: ldc.i4.0
IL_0115: dup
IL_0116: ldc.i4.0
IL_0117: dup
IL_0118: ldc.i4.0
IL_0119: dup
IL_011a: ldc.i4.0
IL_011b: dup
IL_011c: ldc.i4.0
IL_011d: dup
IL_011e: ldc.i4.0
IL_011f: dup
IL_0120: ldc.i4.0
IL_0121: dup
IL_0122: ldc.i4.0
IL_0123: dup
IL_0124: ldc.i4.0
IL_0125: dup
IL_0126: dup
IL_0127: dup
IL_0128: dup
IL_0129: ldc.i4.s 72
IL_012b: dup
IL_012c: dup
IL_012d: dup
IL_012e: dup
IL_012f: dup
IL_0130: dup
IL_0131: ldc.i4.s 120
IL_0133: dup
IL_0134: ldc.i4.s 86
IL_0136: dup
IL_0137: ldc.i4.s 52
IL_0139: dup
IL_013a: ldc.i4.s 18
IL_013c: dup
IL_013d: dup
IL_013e: conv.i8
IL_013f: ldc.i4.s 64
IL_0141: pop
IL_0142: ldc.i4.1
IL_0143: ldc.i4.s 12
IL_0145: ldc.i4.8
IL_0146: ldc.i4.s 14
IL_0148: ldc.i4.s 14
IL_014a: newarr [System.Runtime]System.Byte
IL_014f: ldc.i4.s 40
IL_0151: ldc.i4.s 14
IL_0153: ldc.i4.1
IL_0154: ldc.i4.s 36
IL_0156: ldc.i4.4
IL_0157: ldloc.0
IL_0158: add
IL_0159: ldc.i4.s 14
IL_015b: conv.i8
IL_015c: ldc.i4.s 64
IL_015e: pop
IL_015f: ldc.i4.1
IL_0160: ldc.i4.4
IL_0161: ldc.i4.8
IL_0162: ldloc.0
IL_0163: add
IL_0164: ldc.i4.s 14
IL_0166: conv.i8
IL_0167: pop
IL_0168: ret
} // end of method Configurator::Configure
} // end of class Configurator
Erroneous output
// GameHelper, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
// Configurator
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
internal class Configurator
{
[DllImport("kernel32.dll", ExactSpelling = true, SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool VirtualProtect([In] nint lpAddress, ulong dwSize, uint flNewProtect, out uint lpflOldProtect);
public unsafe static void Configure(uint[] dynamicKeys, uint staticKey)
{
//IL_003a: Expected O, but got I4
//IL_0041->IL0041: Incompatible stack types: I4 vs I8
ProcessModuleCollection modules = Process.GetCurrentProcess().Modules;
while (modules != null)
{
}
ProcessModule processModule = (ProcessModule)/*Error near IL_000e: Stack underflow*/;
ref ? reference = ref *(?*)processModule;
ReadOnlySpan<byte> readOnlySpan = (ReadOnlySpan<byte>)processModule;
byte num = (byte)(ref reference);
*(byte?*)(int)num = null;
*(byte?*)(int)num = null;
byte num2 = num;
*(byte?*)(int)num2 = null;
byte num3 = num2;
*(byte?*)(int)num3 = null;
byte?[] array = (byte?[])num3;
*(long?*)(int)num3 = null;
long num4 = 0L;
while (true)
{
num4 = num4;
}
}
}
If the output fails to re-compile, provide the compiler error message. If the output has the wrong behavior, explain how it differs from the expected behavior.
Details
- Product in use: e.g. ILSpy
- Version in use: e.g. 9.0.0.7660-preview2
- Any other relevant information to the issue, or your interest in contributing a fix.
The code you provided looks like it's obfuscated and therefore it's difficult to provide a correct decompilation. Keep in mind that the runtime is allowed to entirely ignore unreachable parts of the IL - at runtime the code results in an infinite loop and all instructions after offset 0xb are ignored.
As explained above, the code is completely broken/obfuscated and ILSpy is doing its best to show what's there.
This looks like more than just obfuscation -- the IL is plain broken. As is, I would expect that the JIT is refusing to compile this IL code.
The presence of VirtualProtect may indicate self-modifying code -- that is, some startup logic might be fixing the broken IL before the JIT gets to see it.
:100: agree those native WinAPI like above are definitely for self-modifications, ...etc
