Skip to content

Instantly share code, notes, and snippets.

@joeduffy

joeduffy/ndisasm.bat

Created December 11, 2015 17:59
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save joeduffy/ade5df4ab8b47277785f to your computer and use it in GitHub Desktop.
Save joeduffy/ade5df4ab8b47277785f to your computer and use it in GitHub Desktop.
Download ZIP
A handy .NET disassembler script
Raw
ndisasm.bat
@ECHO OFF
REM A handy, dandy script for disassembling .NET programs.
SETLOCAL EnableDelayedExpansion
ECHO .NET Program Disassembler
ECHO =========================
REM Pluck out arguments and validate paths.
SET BINARY=%1
IF [%BINARY%]==[] (
ECHO error: missing program binary to disassemble
ECHO usage: disasm ^<program-binary^>
ENDLOCAL
EXIT /B 1
)
IF NOT EXIST %BINARY% (
ECHO error: program binary %BINARY% not found
ENDLOCAL
EXIT /B 2
)
FOR %%I IN ("%BINARY%") DO (
SET IMGNAME=%%~nI
SET IMGEXT=%%~xI
)
where /q dumpbin.exe
IF ERRORLEVEL 1 (
ECHO error: dumpbin.exe not found on PATH 1>&2
ENDLOCAL
EXIT /B 3
)
REM First, compile the 32- and 64-bit versions, remembering the image paths.
ECHO Compiling...
SET NGEN32=%WINDIR%\Microsoft.NET\Framework\%FRAMEWORKVERSION%\ngen.exe
IF NOT EXIST %NGEN32% (
ECHO error: 32-bit ngen.exe missing from expected location
ECHO %NGEN32%
ENDLOCAL
EXIT /B 4
)
echo * 32-bit native image...
%NGEN32% install %BINARY% /silent
set IMGBASE32=%WINDIR%\assembly\NativeImages_%FRAMEWORKVERSION%_32
FOR /F "delims=" %%I IN ('dir /b /ad-h /t:c /od !IMGBASE32!\!IMGNAME!') DO (
SET "IMG32=%%I"
SET IMGPATH32=!IMGBASE32!\!IMGNAME!\!IMG32!
SET IMGFULL32=!IMGPATH32!\!IMGNAME!.ni!IMGEXT!
)
ECHO !IMGFULL32!
SET NGEN64=%WINDIR%\Microsoft.NET\Framework64\%FRAMEWORKVERSION%\ngen.exe
IF EXIST %NGEN64% (
SET DO64=1
) ELSE (
ECHO * 64-bit ngen.exe missing; skipping 64-bit disassembly
)
IF %DO64% EQU 1 (
echo * 64-bit native image...
%NGEN64% install %BINARY% /silent
set IMGBASE64=%WINDIR%\assembly\NativeImages_%FRAMEWORKVERSION%_64
FOR /F "delims=" %%I IN ('dir /b /ad-h /t:c /od !IMGBASE64!\!IMGNAME!') DO (
SET "IMG64=%%I"
SET IMGPATH64=!IMGBASE64!\!IMGNAME!\!IMG64!
SET IMGFULL64=!IMGPATH64!\!IMGNAME!.ni!IMGEXT!
)
ECHO !IMGFULL64!
)
REM Now generate PDBs for them so that the disassembly contains symbol and line information.
ECHO Generating PDBs...
SET PDBTMP=%RANDOM%
mkdir %TEMP%\!PDBTMP!
SET PDBOPTS=/silent
IF EXIST !IMGNAME!.pdb (
SET PDBOPTS=%PDBOPTS% /lines
) ELSE (
ECHO warning: No managed PDB found; line numbers will be missing.
ECHO Recompile your C# with /debug:pdbonly to get line numbers.
)
ECHO * 32-bit symbols and lines...
%NGEN32% createpdb !IMGFULL32! %TEMP%\!PDBTMP! %PDBOPTS%
FOR /F "delims=" %%I IN ('dir /b /ad-h /t:c /od %TEMP%\!PDBTMP!\!IMGNAME!.ni.pdb') DO (SET PDB32=%%I)
move %TEMP%\!PDBTMP!\!IMGNAME!.ni.pdb\!PDB32!\!IMGNAME!.ni.pdb !IMGPATH32!\!IMGNAME!.ni.pdb >NUL
ECHO !IMGPATH32!\!IMGNAME!.ni.pdb
rmdir /s /q %TEMP%\!PDBTMP!
IF %DO64%==1 (
mkdir %TEMP%\!PDBTMP!
ECHO * 64-bit symbols and lines...
%NGEN64% createpdb !IMGFULL64! %TEMP%\!PDBTMP! %PDBOPTS%
FOR /F "delims=" %%I IN ('dir /b /ad-h /t:c /od %TEMP%\!PDBTMP!\!IMGNAME!.ni.pdb') DO (SET PDB64=%%I)
move %TEMP%\!PDBTMP!\!IMGNAME!.ni.pdb\!PDB64!\!IMGNAME!.ni.pdb !IMGPATH64!\!IMGNAME!.ni.pdb >NUL
ECHO !IMGPATH64!\!IMGNAME!.ni.pdb
rmdir /s /q %TEMP%\!PDBTMP!
)
REM And finally disassemble the outputs.
ECHO Disassembling...
SET DUMPBINOPTS=/ALL /DISASM
ECHO * Disassembling 32-bit image...
dumpbin.exe !IMGFULL32! %DUMPBINOPTS% > !IMGNAME!-32.asm
ECHO !IMGNAME!-32.asm
IF %DO64%==1 (
ECHO * Disassembling 64-bit image...
dumpbin.exe !IMGFULL64! %DUMPBINOPTS% > !IMGNAME!-64.asm
ECHO !IMGNAME!-64.asm
)
ECHO Done.
ECHO.
ENDLOCAL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment