In one of the lasts post, I’ve showed you what tools to use to play with IL. I’ve also showed how to change the entrypoint of the application. Now lets learn some basic structure of IL code. Let’s dive in.

Actually it’s not that different from C# code. We do have assemblies, classes and of course code. So it’s the same concepts as we know them from .NET – but it’s a bit different. Let’s see.

The IL structure

Above we can see some Hello World program decompiled to IL. As you can see there’s a lot of strange and unknown text. Let’s just forget about them for a moment – we will discuss them in a separate post and for now just strip them. This is what the basics are:

We start by defining that our assembly will be referencing mscorlib. The next goes the section where we define how our assembly will be named. Here also can be put all those meta attributes that we saw in the non-stripped example of Hello IL application. We don’t need to focus on those here. Let’s skip that and move to a .module directive.

Remember modules? When .NET was introduced MS put a nice vision to our heads about assemblies and modules. Assemblies could have more than one module but I that never hit off. I bet that you probably never had more than one module in assembly. Visual Studio doesn’t make that easier.

After we defined a module some directives about our EXE file are defined. The base address, some stack information and flags. Useful but not for our purpose in this article.

Now we are at what’s the mose interesting part of IL. The .class directive is to define class (duh). Here we also see the default inheritance from System.Object. Even though we did not explicitly put that in our code.

Next goes the methods, Main and and the default constructor. Also we did not specified the latter one. Main method has an .entrypoint directive set, but as we showed in
static void Main is not the .entrypoint you are looking for… it doesn’t have to be in the Main.

Inside the methods we are down to IL code and directives. For this post we will stop here. That’s all.

Of course this is only scratching the surface but it gives some idea how the code is structured. I encourage you to play with ildasm and check the code structure yourself.