DisasMSIL: a free MSIL disasm engine

  • Download DisasMSIL source and demo
  • DisasMSIL is a free/open disasm engine for the Microsoft Intermediate Language (MSIL). You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

    Here's a little sample of how to use the disasm engine:

    #include "stdafx.h"
    #include <Windows.h>
    #include <stdio.h>
    #include "DisasMSIL.h"

    #define dsize 1703
    unsigned char pData[1703] = {
       0x02, 0x7B, 0x0E, 0x00, 0x00, 0x04, 0x6F, 0x40, 0x00, 0x00, 0x0A, 0x72, 0x31, 0x00, 0x00, 0x70,
       0x28, 0x41, 0x00, 0x00, 0x0A, 0x2C, 0x2C, 0x02, 0x7B, 0x12, 0x00, 0x00, 0x04, 0x6F, 0x40, 0x00,
       ........... MSIL CODE SAMPLE .............

    int _tmain(int argc, _TCHAR* argv[])
    #define MAX_INSTR      100


       DISASMSIL_OFFSET CodeBase = 0;

       BYTE *pCur = pData;
       UINT nSize = dsize;

       UINT nDisasmedInstr;

       while (DisasMSIL(pCur, nSize, CodeBase, ilopar, MAX_INSTR,
          // print instructions

          for (UINT x = 0; x < nDisasmedInstr; x++)
             printf("\n%08X %s", ilopar[x].Offset, ilopar[x].Mnemonic);

          // end loop?

          if (nDisasmedInstr < MAX_INSTR) break;

          // next instructions

          DISASMSIL_OFFSET next = ilopar[nDisasmedInstr - 1].Offset - CodeBase;
          next += ilopar[nDisasmedInstr - 1].Size;

          pCur += next;
          nSize -= next;
          CodeBase += next;


       return 0;

    Note: don't rely on the ECMA specification (Partition III: Common Language Infrastructure) you often find around, since most of the times it is incomplete. Some new opcodes were introduced with the .NET Framework 2.0. These new opcodes are signalled in the header file:

    #define ILOPCODE_LDELEM         0xA3         //
    #define ILOPCODE_STELEM         0xA4         // Introduced with the framework 2.0
    #define ILOPCODE_UNBOX_ANY      0xA5         //

    To consult the complete list of MSIL opcodes look in the MSDN after the .NET reflection. There you'll find the complete list. You can also download the right up-to-date specification by clicking here. A thanks goes to Michael Ruck who signalled to me the annotation opcodes present in the beta 1 of the first version of the framework (and have disappeared since then). I haven't introduced these opcodes yet as I have never encountered them and I'm still unsure if they ought be implemented or not.

    Daniel Pistelli