bruno cabral “reflection, code generation and instrumentation in the.net platform” university...
DESCRIPTION
21 Jan /33 PE File PE = Portable Executable Marked as Code and Execute Read for the OS loader and the CLR _CorExeMain (mscoree.dll)TRANSCRIPT
Bruno Cabralhttp://www.dei.uc.pt/~bcabral
“Reflection, Code Generation and Instrumentation in the .NET platform”
University of Coimbra
21 Jan 20042/33
Summary PE File
Metadata Introspection Assembly and Code generation Using RAIL
21 Jan 20043/33
PE File PE = Portable Executable Marked as Code and
Execute Read for the OS loader and the CLR
_CorExeMain (mscoree.dll)
PE/COFF headers
CLR Header
CLR Data
Metadata IL code
Native Image Sections
.data, .rdata, .rsrc, .text
21 Jan 20044/33
PE File PE = Portable
Executable Marked as Code and
Execute Read for the OS loader and the CLR
_CorExeMain (mscoree.dll)
Managed Module
Metadata
IL code
Source Code
Managed Compiler
Common Language Runtime
Loader JIT Compiler
Internal DataStructures Native Code
Execution engine
21 Jan 20045/33
PE File Multiple Modules Module = file
Prime Module
Metadata
IL code
Assembly Identity
Module 1
Metadata
IL code
Module 2
Metadata
IL code
21 Jan 20046/33
PE File - Metadata "data about data" Describes types
Member fields, methods, properties, events Describes signatures
Fields, properties, methods, delegates, local vars Describes types and references Describes miscellaneous entities
Files, modules, assemblies
21 Jan 20047/33
PE File - Metadata CIL instructions reference metadata
via TOKENS First byte of token indicates type Last three bytes of token are either row
# (tables) or offsets (heaps) Tokens are stored compressed in
signatures (binary file viewers not very useful)
21 Jan 20048/33
PE File - Metadata Tokens (and types) in listing
MethodDef : (0x06000001) User string: (0x70000001) AssemblyRef : (0x23000001) TypeRef : (0x01000003) MemberRef : (0x0A000002)
Only two are directly referenced by CIL in this example: example: String (by ldstr instruction) MemberRef (by call instruction)
21 Jan 20049/33
PE File - Metadata
21 Jan 200410/33
PE File - MetadataMemberRef Parent ResolutionSco
pe Version
Name
Signature
Name
NameSpace
Flags
Public Key
Name
Culture
Hash
Token MemberRef entity TypeRef entity AssemblyRef entity
21 Jan 200411/33
Introspection Two major metadata APIs available
Managed: System.Reflection Unmanaged: IMetaDataImport
Both are limited in different ways System.Reflection does not permit access to CIL System.Reflection does not reveal token values IMetaDataImport cannot resolve *Ref tokens
21 Jan 200412/33
Introspection What can we do with
System.Reflection? See loaded assemblies See referenced assemblies See the types defined in the assembly See the methods defined in a type See attributes …
21 Jan 200413/33
Introspection See loaded assembliesAssembly [] assemblies =
AppDomain.CurrentDomain.GetAssemblies();foreach( Assembly assembly in assemblies )
Console.WriteLine( assembly.FullName );
21 Jan 200414/33
Introspection See referenced assembliesAssemblyName[] referencedAssemblies =
assembly.GetReferencedAssemblies();foreach( AssemblyName assemblyName in referencedAssemblies )
Console.WriteLine( "--> {0}", assemblyName.FullName );
21 Jan 200415/33
Introspection See the types defined in the
assemblyAssembly a = Assembly.LoadFrom("Teste.exe");Module[] m = a.GetModules( );Console.WriteLine("\n" + a.FullName );Type[] types = m[0].GetTypes( );foreach( Type type in types )
Console.WriteLine( "==> {0}", type.FullName );
21 Jan 200416/33
Introspection See the methods defined in a typeAssembly a = Assembly.LoadFrom("HelloWorld.exe");Module[] m = a.GetModules( );Type[] types = m[0].GetTypes( );Type type = types[0];MethodInfo[] mInfo = type.GetMethods( );foreach ( MethodInfo mi in mInfo )
Console.WriteLine(" {0}", mi);
21 Jan 200417/33
Assembly and Code Generation How to use System.Reflection.Emit
to generate assemblies in run-time? AssemblyBuilder, ModuleBuilder,
TypeBuilder, MethodBuilder, … ILGenerator
21 Jan 200418/33
Assembly and Code GenerationAssemblyName myAssemblyName = new AssemblyName(); myAssemblyName.Name = "MyAssembly";myAssemblyName.Version = new Version("1.0.0.2004");
21 Jan 200419/33
Assembly and Code GenerationAssemblyBuilder myAssemblyBuilder =
Thread.GetDomain().DefineDynamicAssembly(myAssemblyName, AssemblyBuilderAccess.RunAndSave);
ModuleBuilder myModuleBuilder = myAssemblyBuilder.DefineDynamicModule("MyModule", fileName);
TypeBuilder myTypeBuilder = myModuleBuilder.DefineType("MyType");
21 Jan 200420/33
Assembly and Code GenerationMethodBuilder myMethodBuilder =
myTypeBuilder.DefineMethod("Main", MethodAttributes.Public | MethodAttributes.HideBySig |MethodAttributes.Static, typeof(void), null);
ILGenerator myILGenerator = myMethodBuilder.GetILGenerator();
myILGenerator.EmitWriteLine("Hello World!");myILGenerator.Emit(OpCodes.Ret);
21 Jan 200421/33
Assembly and Code GenerationmyTypeBuilder.CreateType();
myAssemblyBuilder.SetEntryPoint(myMethodBuilder);
myAssemblyBuilder.Save(fileName);
21 Jan 200422/33
What is missing? Reflection Generation …
21 Jan 200423/33
What is missing? Reflection Generation INTRUMENTATION…
Structural Reflection Behavioural Reflection HOW TO DO IT?
21 Jan 200424/33
…use RAIL http://rail.dei.uc.pt
21 Jan 200425/33
Vision Statement “Create an API that allows CLR assemblies to
be manipulated and instrumented before they are loaded and executed“ The reflection capabilities of the CLR are extremely powerful.
Query the existing types at runtime Define new assemblies in memory and use Reflection.Emit to
generate MSIL on-the-fly. Our plan is to fill the gap between these two concepts.
21 Jan 200426/33
Process and Methodology
Operating SystemOperating System
programprogram
program.exe/dllprogram.exe/dll
PE HeaderPE Header
MetadataMetadata
ILIL
IL x86
Source CodeSource Code
CompileCompile
AssemblyAssembly
JIT-compileJIT-compile
RAILRAIL
21 Jan 200427/33
Process and Methodology
Collect metadata andMSIL code into a set
of objects
Assembly Load assembly
Manipulate the assemblyby modifying the objects structure
Create AssemblyBuilder
Run new assembly
Save new assembly
RAIL
Programmer
21 Jan 200428/33
Key features ‘Rapid’ assembly instrumentation
library High level of abstraction, no need for
handling all the internal details Convenient object model for
representation of all assembly modules Flexible MSIL instruction handling Use of design patterns
21 Jan 200429/33
Application scenarios Runtime analysis tools Security verification MSIL optimization Application invisible proxy substitution Software fault injection Aspect Oriented Programming Others!
21 Jan 200430/33
What can we really do with RAIL?
Replace ReferencesAdd epilogues and prologues to methodsRedirect methods access/callRedirect field accessRedirect field access to propertyRedirect field read and write access to methodsRedirect property accessReplace create new instructions with a static methodCreate, Run and Save assemblies
21 Jan 200431/33
What can we really do with RAIL?
private void Replace(MSIL.Code code, int pos){
MSIL.ILMethod ilm = new MSIL.ILMethod(OpCodes.Call, this.newMethod);code.Remove(pos);code.Insert(pos,ilm);
}
Play with MSIL code!!
21 Jan 200432/33
Assembly Loading Interception ResolveEventHandler
currentDomain.AssemblyResolve += new ResolveEventHandler(MyResolveEventHandler);
Load the assembly ourselves Modify the CLR (SSCLI)??? Others??
21 Jan 200433/33
Conclusion Code instrumentation is not a
simple task With RAIL it’s easy to develop high
level functionalities Assembly creation mechanisms can
be very slow The design patterns are very useful