dotpeek

Resharper F12下载dll源码

こ雲淡風輕ζ 提交于 2021-02-14 04:28:00
原作者: 赵青青 原文链接: Visual Studio(VS) F12 查看DLL源代码 Dot Peek 今天在调试时,又有这个需求,想查看dll的源代码,我决定从dot peek这个程序入手去查找相关的资料 dot peek官网: https://www.jetbrains.com/decompiler/ 从官网的简介来看它可以反编译.net 的dll,pdb为源代码,并能生成解决方案,但没有很明显介绍这货如何和vs紧密的结合起来,达到我需要的F12查看dll的源码 经过搜索,查找到这篇文章,豁然开朗: https://knowledge.zomers.eu/visualstudio/Pages/How-to-enable-the-decompiler-in-ReSharper-for-Visual-Studio.aspx 使用方法 resharper官网: https://www.jetbrains.com/resharper/ 1、安装好 Visual Studio ,和 Resharper (默认会勾选安装 Dot peek ) 2、打开VS,在菜单栏 选择 Resharper – Options ,打开Options窗口 3、在左侧列表中,选择 External Sources ,勾选 Navigation to Sources – Decompile methods

【转载】Visual Studio(VS) F12 查看DLL源代码

时光总嘲笑我的痴心妄想 提交于 2021-02-13 17:21:02
https://www.cnblogs.com/zhaoqingqing/p/6751757.html esharper官网: https://www.jetbrains.com/resharper/ 1、安装好 Visual Studio ,和 Resharper (默认会勾选安装 Dot peek ) 2、打开VS,在菜单栏 选择 Resharper – Options ,打开Options窗口 3、在左侧列表中,选择 External Sources ,勾选 Navigation to Sources – Decompile methods ,点击 Save 4、在第一次按下F12时,会弹出用户使用协议,选择接受就可。 附 如果这个dll在本地不存在,第一次按F12时,会联网从远程下载。 每当你按下F12时,就可以跳到dll中查看具体的代码实现啦。在每个类的头部,可以发现这么一段注释: // Decompiled with JetBrains decompiler // Type: TableML.TableFile // Assembly: TableML, Version=0.7.6285.31046, Culture=neutral, PublicKeyToken=null // MVID: E539F3DE-C53C-4567-99E9-7697E4765856 //

Visual Studio(VS) F12 查看DLL源代码

南楼画角 提交于 2021-01-30 14:02:46
前言 我在VS中调试某个函数时,突发奇想“能不能使用VS的F12(转到定义)查看这个dll中当前函数的实现(源码),而不是像VS自带功能那样只能看到函数名和参数?” 回想起来在安装Resharp时,我注意到Resharp默认会勾选 Dot Peek 这个组件,并且家里的电脑在某次安装完Resharp之后,按12会发现有个选项自定义F12的行为,我选了Resharxxxx,之后惊喜地发现F12可以导航进DLL的源代码,但由于系统重装,我想不起来是做了什么特殊设置。 Dot Peek 今天在调试时,又有这个需求,想查看dll的源代码,我决定从dot peek这个程序入手去查找相关的资料 dot peek官网: https://www.jetbrains.com/decompiler/ 从官网的简介来看它可以反编译.net 的dll,pdb为源代码,并能生成解决方案,但没有很明显介绍这货如何和vs紧密的结合起来,达到我需要的F12查看dll的源码 经过搜索,查找到这篇文章,豁然开朗: https://knowledge.zomers.eu/visualstudio/Pages/How-to-enable-the-decompiler-in-ReSharper-for-Visual-Studio.aspx 使用方法 resharper官网: https://www.jetbrains

红队视角看 Sunburst 后门中的 TTPs

元气小坏坏 提交于 2021-01-06 09:22:23
作者:蓝军高级威胁团队@深信服千里目安全实验室 原文链接: https://mp.weixin.qq.com/s/wtEbawfOd1g_T2ovp1SaGg 1.针对SolarWinds供应链攻击简介 最近FireEye披露的UNC2452黑客组织入侵SolarWinds的供应链攻击让安全从业人员印象深刻。一是影响规模大,SolarWinds官方称受影响的客户数量可能有18000家。二是攻击者留下的后门程序-Sunburst,十分隐蔽和具有迷惑性,分析认为攻击者对SolarWinds Orion产品理解程度很深。 有证据表明,早在2019年10月,UNC2452黑客组织就一直在研究通过添加空类来插入代码的能力。因此将恶意代码插入原始SolarWinds.Orion.Core.BusinessLayer.dll的时间可能很早,甚至可能是在软件构建编译之前。这就导致SolarWinds官方无意间对包含4000行恶意代码的DLL进行了数字签名,这样容易让恶意代码提升权限,并且很难被人发现。感染的Origin软件第一个版本是2019.4.5200.9083,在此几个月的时间内,用户通过下载受到感染的产品版本被感染。目前原始dll文件中没有发现存在动态拓展、也不存在横向移动等后渗透阶段的相关能力支持。 2.Sunburst后门总体流程 总体流程图 (Sunburst的供应链攻击各阶段-图源

How I can see the Async state machine (async/await under the hood) with the help of DotPeek?

巧了我就是萌 提交于 2020-12-13 03:30:17
问题 I'm watching a video lesson, where the author talking about async/await under the hood. He shows prepared and decompiled code. I want to do the same from scratch. I mean, decompile some C# compiled file with the help of, from example, DotPeek. So I have the following simple example: class Program { public static async Task KekAsync() { Console.WriteLine("Current thread id before await {0}", Thread.CurrentThread.ManagedThreadId); await Task.Delay(200); Console.WriteLine("Current thread id

DotPeek PDB generation for assemblies without debug directory

谁说我不能喝 提交于 2020-01-12 03:16:11
问题 I'm attempting to use JetBrains dotPeek 1.4 symbol server however I've encountered some 3rd party assemblies that fail, with dotPeek status of: Pdb has not been generated because assembly does not contain debug directory Using CFF Explorer I've discovered that these assemblies have empty "Debug Directory" Portable Executable (PE) header values. Is there an (easy) way to edit the PE to add Debug Directory header values? 回答1: de4dot creates invalid .net executable module in the eyes of dotPeek.

What do angled brackets mean when used in member name in C#?

南笙酒味 提交于 2020-01-05 15:15:32
问题 I was browsing through sources of PresentationCore.dll using DotPeek when I found this: // Type: MS.Internal.TtfDelta.CMAP_HEADER // Assembly: PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 // Assembly location: D:\Windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll using System.Runtime.CompilerServices; using System.Runtime.InteropServices; namespace MS.Internal.TtfDelta { [NativeCppClass]

Dotpeek recompile decompiled files

此生再无相见时 提交于 2019-12-19 08:54:30
问题 How i can recompile my edited codes Or replace it with original files and save it as exe in dotpeek ? I try to recompile edited files and save it but i cant If you found any way please share Thanks 回答1: Right click the opened file in Assembly Explorer pane and choose, Export to Project, this will save it as a Visual Studio Project that you can open and work towards compiling. 来源: https://stackoverflow.com/questions/27365003/dotpeek-recompile-decompiled-files

How can I find the platform a .NET assembly has been compiled against programmatically?

吃可爱长大的小学妹 提交于 2019-12-12 19:10:45
问题 Looking at the following JetBrains dotPeek view of some given assemblies, how can I programmatically determine the platform such assemblies have been compiled against? I have tried the following method which does not work for assemblies compiled in .NET Core. public static string GetFrameworkVersion(Assembly assembly) { var targetFrameAttribute = assembly.GetCustomAttributes(true) .OfType<TargetFrameworkAttribute>().FirstOrDefault(); if (targetFrameAttribute == null) { return ".NET 2, 3 or 3

Decompiling .net assembly with dotPeek gives invalid syntax

我与影子孤独终老i 提交于 2019-12-12 15:13:15
问题 I have a problem with decompiling .net assembly. When I open the assembly in dotPeek there is class called frmMain with few hundred variables declared like this: [SpecialName] private static int \u0024STATIC\u0024SortByLengthAsc\u002402811241124\u0024xlen; When i try to export it to project all those lines give errors (STATIC is not defined) even if I change all the \u0024 to $. Am I doing something wrong? 回答1: No, the assembly has been obfuscated to prevent people (like you) to take a peek