Synapseindia Dot Net Development-Implementation

8/10/2019 Synapseindia Dot Net Development-Implementation

1/53

1

Dot NET Implementation


2/53


3/53


4/53

4

Introduction to .NET

.NET CLI specifications (ECMA)

Partition IArchitecture

Partition IIMetadata

Partition IIICIL

Partition IVLibrary

Partition VAnnexes

Class Library (XML specification)


5/53

5

Introduction to .NET

Base Class Library (BCL)

Shared among all languages

Common Language Runtime (CLR) Common Type System (CTS)

Common Language Specification (CLS)

Execution Engine


6/53


7/53

7

Common Language Runtime

Common Type Specification

Specifies certain types required to be hosted by CL

Specifies rules for class, structure, enumeration,interfaces, delegates, etc.

Everything is actually an object


8/53

8


Execution Engine

Handles object layout/references

Handles garbage collection Managed heap

Enforces code access security

Handles verification

Safe methods can only do safe things

Compiles MSIL (bytecode) into native code


9/53

9


BCL

Assembly

Class Loader

JIT

Machine Code

External Assembly

Execution Engine


10/53

10

Assemblies

Single-file or multi-file assemblies

Components:

Manifest

Metadata

MSIL (or native) code

Resources


11/53

11

Manifest

Defines assembly

Strong name

Files in the assembly

Type references

Referenced assemblies


12/53

12

Metadata

Contains all .NET data

Streams

#Strings #Blob

#GUID

#US

#- or #~ Tables (stored in #- or #~)

In a predefined order

I.e., MethodDef, AssemblyRef, Constant


13/53

13

Metadata

Signature, Version, Flags

Stream count Metadata Header

Data offset

Stream size

Name

Stream Header 1

Stream bodies

Stream Header 2


14/53

14

#~ and #- Stream

Version

Heap sizes

Valid tables

Sorted tables

Tables Header

Table row count Valid Table 1

Valid Table 2

Table bodies


15/53

15

MethodDef Table (0x06)

RVA

Implementation flags

Method flags

Method name Offset into #Strings

Signature

Parameters

Offset into #Blob

Index into Param table (0x08)

Offset to method


16/53

16

MethodDef Table (0x06)

Flags

Sequence number

Parameter name Offset into #Strings

Flags

Parameter count

Return type

Parameter types

Signature Blob

Param Table (0x08)


17/53

17

MSIL

Pseudo-assembly

nop, break, ret, call, callvirt, newobj, newarr, add, mulxor, arglist, sizeof, throw, catch, dup

0xFE = first byte of two byte opcodes

Uses tokens instead of offsets/pointers

All calls are stack based

this pointer passed as first argument Arguments passed left-to-right by default

varargs passes an extra signature


18/53


19/53


20/53

20

MSIL Samples

Ldloc

Puts value on stack from a local variable

Ldarg Puts an argument on the stack

Ldlen

Puts the length of an array on the stack

Ldelem Puts the value of an element on the stack

Ld*a

Puts the address of something on the stack


21/53

21

MSIL Samples (cont.)

Brtrue

Branch to target if value on stack is true

Dup Duplicate a value on the stack

Ldnull

Puts a null value on the stack


22/53

22

Microsofts .NET Implementation

%SystemRoot%\Microsoft.NET

%SystemRoot%\Assembly +

\GAC

\NativeImages*


23/53

23

System Libraries

mscoree.dll (execution engine)

mscorjit.dll (contains JIT)

mscorsn.dll (strong name)

mscorlib.dll (BCL)

fushion.dll (assembly binding)


24/53

24

.NET Application

Jumps to _CorExeMain (mscoree)

Calls _CorExeMain in mscorwks.dll

_CorExeMain calls CoInitializeEE

CoInitializeEE calls:

EEStartup

ExecuteEXE


25/53

25

EEStartup

GCHeap.Initialize

Managed heap = Doug Leas malloc?

ECall.Init SetupGenericPInvokeCalliStub

PInvokeCalliWorker

NDirect.Init

UMThunkInit.UMThunkInit COMDelegate.Init

ExecutionManger.Init

COMNlsInfo.InitializeNLS


26/53

26

EEStartup (cont.)

Security::Start

SystemDomain.Init

Loads BCL

SystemDomain.NotifyProfilerStartup

SystemDomain.NotifyNewDomainLoads

SystemDomain.PublishAppDomainAndInfor

mDebugger (ICorPublish/ICorDebug)


27/53

27

SystemDomain.Init

LoadBaseSystemClasses

SystemDomain.CreatePreallocatedExceptions


28/53

28


SystemDomain.LoadSystemAssembly

Loads mscorlib.dll

Binder::StartupMscorlib Binder::FetchClass(OBJECT)

MethodTable::InitForFinalization

InitJITHelpers2 Binder::FetchClass(VALUE)

Binder::FetchClass(ARRAY)


29/53

29


Binder.FetchType(OBJECT_ARRAY)

Binder.FetchClass(STRING)

Binder.FetchClass(ENUM)

Binder.FetchClass(ExceptionClass)

Binder.FetchClass(OutOfMemoryExceptionClass

) Binder.FetchClass(StackOverflowExceptionClass

)


30/53

30


Binder.FetchClass(ExecutionEngineException

Class)

Binder.FetchClass(DelegateClass)

Binder.FetchClass(MultiDelegateClass)


31/53

31

.NET Application (review)

Jumps to _CorExeMain (mscoree)

Calls _CorExeMain in mscorwks.dll

_CorExeMain calls CoInitializeEE

CoInitializeEE calls:

EEStartup

ExecuteEXE


32/53


33/53


34/53

34

BaseDomain.LoadAssembly

BaseDomain.ApplySharePolicy

AssemblySecurityDescriptor.Init

Module.Create

BaseDomain.SetAssemblyManifestModule

AssemblySecurityDescriptor.AddDescriptorTo

DomainList


35/53


36/53


37/53

37

EEClass.FindMethod

ValidateMainMethod

CorCommandLine.GetArgvW

MethodDesc.Call MethodDesc.IsRemotingIntercepted

MethodDesc.CallDescr calls

MethodDesc.CallDescrWorker

CallDescrWorker calls Main()


38/53

38

.NET Application

Main() needs to be compiled

Main() calls PreStubWorker (mscorwks)

PreStubWorker Compiles all IL methods

CallsMethodDesc.DoPrestub


39/53

39

MethodDesc.DoPrestub

MethodDesc.GetSecurityFlags

MethodDesc.GetUnsafeAddrofCode

MethodDesc.GetILHeader

MethodDesc.GetRVA

COR_DECODE_METHOD

Decode tiny/fat format

Security._CanSkipVerification


40/53

40

MethodDesc.DoPrestub

EEConfig.ShouldJitMethod

MakeJitWorker

JITFunction

GetPrejittedCode


41/53

41

JITFunction

ExecutionManager::GetJitForType

EEJitManager::LoadJIT

Loads mscorjit.dll (in LoadJIT)

Calls getJit in mscorjit (in LoadJIT)

CallCompileMethodWithSEHWrapper

Debugger.JitBeginning

CILJit.compileMethod Debugger.JitComplete


42/53


43/53

43

Compiler.compCompile

Compiler.eeGetMethodClass

Compiler.eeGetClassAttribs

emitter.emitBegCG

Compiler.eeGetMethodAttribs

Compiler.comptInitDebuggingInfo

Compiler.genGenerateCode

emitter.emitEndCG


44/53


45/53

45

.NET Application

Show flowchart


46/53

46

.NET Hook

Reads through method table

Reads method

Parses header, code, EH data Hooks interest functions

Inserts hooked code at front of method

Stored at the end of the .text section

Updates PE and section headers

Changes function RVAs in Metadata


47/53

47

Method Definition (review)

RVA

Implementation flags

Method flags

Method name Offset into #Strings

Signature

Parameters

Offset into #Blob

Index into Param table (0x08)

Offset to method


48/53

48

Tiny Method Body

Header size = 1 byte

Used when:

Maximum stack size is less than 8 The method has no local variables

No extra data section

No exceptions


49/53

49

Tiny Method

Header (flags and code size)

Method body (IL)


50/53

50

Fat Method

Header size = 12 bytes

Flags

Header size

Max. stack size

Code size

Local var. signature Describes local variables

Method body (IL)

Extra data sections Currently only used for exceptions


51/53

51

Hooked Tiny Method

Header (flags and code size)

Hooking code (IL)

Method body (IL)

Updated

Inserted


52/53


53/53

53

Hooked Assembly

Metadata

Functions (IL)

Hooked Functions (IL)

Import Address Table End of old.text section

End of new

.text section

.text section

References both

Documents

Synapseindia Dot Net Development-Implementation