Figure 4.4 An IDA-generated intrafunction flowchart that shows how a program’s internal
subroutines are connected to one another and which APIs are called by which subroutine.
ILDasm
ILDasm is a disassembler for the Microsoft Intermediate Language (MSIL),
which is the low-level assembly language—like language used in .NET pro-
grams. It is listed here because this book also discusses .NET reversing, and
ILDasm is a fundamental tool for .NET reversing.
Figure 4.5 shows a common ILDasm view. On the left is ILDasm’s view of
the current program’s classes and their internal members. On the right is a dis-
assembled listing for one of the functions. Of course the assembly language is
different from the IA-32 assembly language that’s been described so far—it is
MSIL. This language will be described in detail in Chapter 12. One thing to
notice is the rather cryptic function and class names shown by ILDasm. That’s
because the program being disassembled has been obfuscated by PreEmptive
Solutions’ DotFuscator.
Reversing Tools 115