Table 12.1 (continued)
INSTRUCTION NAME DESCRIPTION
newarr—Create a zero-based, Memory allocation instruction. newarr
one-dimensional array. allocates a one-dimensional array of the
newobj—Create a new object specified type and pushes the resulting
reference (essentially a pointer) into the
evaluation stack. newobjallocates an
instance of the specified object type and
calls the object’s constructor. This instruction
can receive a variable number of parameters
that get passed to the constructor routine. It
should be noted that neither of these
instructions has a matching “free”
instruction. That’s because of the garbage
collector, which tracks the object references
generated by these instructions and frees the
objects once the relevant references are no
longer in use.IL Code Samples
Let’s take a look at a few trivial IL code sequences, just to get a feel for the lan-
guage. Keep in mind that there is rarely a need to examine raw, nonobfuscated
IL code in this manner—a decompiler would provide a much more pleasing
output. I’m doing this for educational purposes only. The only situation in
which you’ll need to read raw IL code is when a program is obfuscated and
cannot be properly decompiled.
Counting Items
The routine below was produced by ILdasm, which is the IL Disassembler
included in the .NET Framework SDK. The original routine was written in C#,
though it hardly matters. Other .NET programming languages would usually
produce identical or very similar code. Let’s start with Listing 12.1.
.method public hidebysig static void Main() cil managed
{
.entrypoint
.maxstack 2
.locals init (int32 V_0)
IL_0000: ldc.i4.1Listing 12.1 A sample IL program generated from a .NET executable by the ILdasm
disassembler program. (continued)
Reversing .NET 433