How do I find out if a .NET assembly contains unmanaged code?

Question

.NET assemblies that contain a mixture of managed and unmanaged code cannot be ILMerged with other assemblies.

How can I verify if a given .NET assembly contains purely managed code, or a mix of managed and unmanaged code?

Answer 1

As suggested by nobugz, an easier way to see the CLR Flags is using the corflags utility, which is part of the .NET 2.0 SDK.

If no options are specified, the flags for the given image are displayed:

C:\>corflags Foo.dll
Version   : v2.0.50727
CLR Header: 2.5
PE        : PE32
CorFlags  : 9
ILONLY    : 1
32BIT     : 0
Signed    : 1

The "ILONLY" bit indicates whether this is a pure managed assemby, or a mixed assembly.

Note that the comment from user 'nobugz' suggests these flags are not guaranteed to be correct, so this method may not be foolproof.

Answer 2

Run the PEVerify tool against your assembly.

PEVerify.exe is installed along with Visual Studio, eg this one comes with Visual Studio 2012:

C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v8.0A\\bin\\NETFX 4.0 Tools\\PEVerify.exe

Answer 3

Run ildasm from a Visual Studio Command Prompt as follows:

ildasm file.exe /headers /noil /text

Towards the end of the output you will see the following:

// ----- CLR Header:
// Header size: ...
// Major runtime version: ...
// Minor runtime version: ...
// ...
// Flags: 0x00000000

If Flags has the lowest bit set (eg 0x00000001) then the assembly is pure CLR; if not (eg 0x00000000) then the assembly is mixed mode. Note that other flags may be present, so it's only the lowest bit you're interested in (so if the last digit is 1, 3, 5, 7, 9, b, d or f then it's pure CLR).

(Edit: You can also run ildasm graphically, open the executable file in question, and choose Headers from the View menu to see the same information.)

Answer 4

Improving on the answer provided above Wim...

1. Locate your "PEVerify.exe" - you have it if you have VS installed.- COPY THE FULL PATH TO THE PEVerify.exe file, your path will be different - - Here's an example: C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v8.0A\\bin\\NETFX 4.0 Tools\\PEVerify.exe

2. Open Visual Studio Command prompt (don't "Run as Administrator")

3. Type in: cd C:\\Program Files (x86)\\Microsoft SDKs\\Windows\\v8.0A\\bin\\NETFX 4.0 Tools

4. your command prompt should now be this long text instead of just C:\\ or something....it will point to the path of where PEVerify.exe is located.

5. Now type in: peverify "your full path to your dll you want to check - THen Press Enter - Here is my example : peverify "G:\\TestFolder\\My_Managed_OR_Unmanaged.dll"

6. After you press Enter and you get a message as below, its 100% managed dll - All Classes and Methods in My_Managed_OR_Unmanaged.dll Verified."

Answer 5

To get the PE flags from C#, use the System.Reflection API: http://www.example8.com/category/view/id/6027

...

Assembly a = Assembly.GetExecutingAssembly();
Module m = a.ManifestModule;

PortableExecutableKinds peKinds;
ImageFileMachine imageFileMachine;
m.GetPEKind(out peKinds, out imageFileMachine);

if ((peKinds & PortableExecutableKinds.ILOnly) != 0)

...

Answer 6

我将不得不仔细检查这一点，但我很确定你可以通过redgate找到Reflector。

Answer 7

ILMerge only merges managed assemblies, here , to quote from their download page, ' ILMerge is a utility for merging multiple .NET assemblies into a single .NET assembly '.

I have not seen an managed assembly merged with a native binary. Technically, you could have them merged per se, by including the unmanaged binary as a embedded resource, but the loading of the embedded resource into memory as a binary code - I have not seen this before. I have tried that technique using memory maps but failed.

The other way of checking is to look in the binary itself, if it has the 15th entry in the data directory, and is non-zero then it is a .NET binary, native binaries do not have this. See here where I posted this answer to a similar question.

Hope this helps, Best regards, Tom.

Answer 8

我认为你应该使用.NET反射来遍历程序集中的所有类型和方法。