Some possible improvements to make:

• Have everything inside a try block as its own BasicBlock, so it can jump out to the exception handler.
• Use clusters to group everything inside an exception handler try block

Allow the user to enter code, which will get compiled into a temporary DLL and injected into the debugged process.

The user will be shown a C# editor (similar to the "Edit Method (C#)" command) with the following code:

using System;

namespace Injectable
{
	public static class Program
	{
		// Do not remove this method!
		public static int Main(string argument)
		{
			Main();
			return 0;
		}

		public static void Main()
		{
			// Enter your code here or in the method above.
		}
	}
}

This will only be useful if the user has access to static members inside the process.

Requires #2

Currently, the CFG often gets put at the top left corner of the tab instead of at the center. This may require some WPF (debugging) knowledge to fix.

Corrently the sourcemapping decompilers will use default settings, meaning that eg. compiler-generated classes will not be shown.

A solution would be to simply import IDecompilerService and get the real decompiler instances from there, but it doesn't seem to be created yet when decompilers are instantiated.

Can be worked around by manually modifying the version of Iced echo uses.

Obvious fix is to submit a PR to echo to update the version of the dependency, but it may also be possible to remove the strong name signing requirement as a post-build step to prevent this from causing issues in the future.

The control flow graph currently look very boring and unclear without syntax highlighting:
.

Optimally, we'd use a custom Label in MSAGL where we add our own syntax highlighting, but that may not be possible.

With Echo, we can create control flow graphs similar to what IDA Pro does.

Current progress (will be expanded later):

• Create Control Flow Graph display for managed methods
• Create Control Flow Graph display for native methods
• Improve layout to appear more control-flow like
• Allow editing method by rightclicking a node
  • Should open instruction editor with the right instructions selected
  • Should automatically update the graph

Hello,

This issue happens when the method.Name property is empty. This makes dnSpy show the method name as <<EMPTY_NAME>>. However, on the disassembly tab, the name is just empty.

Shouldn't be too hard, just call a bunch of function calls. See a project such as this one for general idea.

For some reason, references to fields in the same class may be of type MemberRefMD instead of FieldDef, causing the sourcemapper to not recognize it (IMemberRef is not mapped). This field was of type I[], which may be related.

Expected behavior:

ldstr "\nSomething"

Actual behavior:

ldstr "
Something"

Example of actual behavior:

https://devblogs.microsoft.com/dotnet/infer-interprocedural-memory-safety-analysis-for-c/

https://github.com/marketplace/actions/infersharp

Works fine in Rider, but VS2019 will complain about not being able to load the referenced projects.

The idea would be to allow the user to select a metadata.dat file for native binaries that would allow the file to be disassembled as if it was a IL binary, except all methods would be shown as native and would have to be disassembled with the native disassembler.

Main difficulties:

• Implement my own IL2CPP metadata parser (Il2CppDumper's code is absolutely awful)
• Figure out how to replicate dnSpy's assemblynodes for a native binary, after it was initially loaded
  • maybe make our own root node and load binary ourselves?
• Improve navigation for the disassembler, possibly using a custom content provider

Not entirely sure if this is a bug on my part, a bug in echo, or no bug at all.

Example of incorrect disassembly:

000FB550 E9AB5A0400           jmp     near ptr 141000h

000FB555 48                   dec     eax
000FB556 FF2549522301         jmp     dword ptr ds:[1235249h]

For this sample, it seems only 1 instruction should be disassembled instead of multiple.

This is mainly needed because private fields don't have consistent naming.

Hopefully, this isn't a pain to implement but an option to disable or change the underlining to bold or italic would be nice ;)

Hello, when the control flow graph for the method at token 0x06000025 is shown and the scroll wheel is moved the graph completely disappears.

This stops the DLL from being kept in use by the target process. Will require settings for toggle.

Iced now seems to have a high-level assembler which should make writing assembly a lot simpler.

See: https://github.com/0xd4d/iced/blob/master/src/csharp/Intel/README.md#assemble-instructions

Right now, decorators are used on the decompilers to change symbol names before they are written to the decompiler output. During this we get the actual dnlib types, allowing us to store full information about the member in the sourcemap (eg. namespace+type+method name+parameters).

With output to tooltips and tree node items, only a string and color is given. The string will only be the member name, without additional type or namespace. For matching in the sourcemap, we have the following options:

1. Try to match on the limited info anyway, but risking getting a false positive. Color can be used to find the type of the map (MethodDef, TypeDef, etc).
2. Make a decorator for each type that inherits from IMemberRef. This is a lot harder because a lot of functionality needs to be reimplemented, and we're writing decorators for classes, not interfaces. The Decompiler will use more than just the Name property of the IMemberRef, and match on its type.

dnSpy does not warn you before debugging with the wrong architecture, and instead just launches the binary and fails to attach. This could be improved by adding a label next to the debug button to show if there is an architecture mismatch.

Parameters are of reference type dnlib.DotNet.Parameter which includes a reference to its owner, meaning they can be mapped.

Allow injecting into process other than the currently debugged one. I have a debug feature to do this, which required entering the PID and bitness of the other process, so it just needs a UI.

Hello!

Whenever I rename anything in a DLL, the code decompiles again, but the item doesn't change names.

I'm using dnSpy v6.0.5 (.NET framework)

Also something interesting, if I "rename" some variables, the changes are reflected in the mappings xml, but as soon as I close and re-open dnSpy, and rename another item, the changes are reset

Only happens when re-injecting a DLL that was previously injected in this session?

Prevents user from having to select a file and entry point when repeatedly injecting the same DLL. A new menu item will exist under the "Inject .NET DLL" which will open to show up to 5 recent injected DLLs, along with entrypoint and parameter. If there are no recent items, the menu is disabled but not hidden.

Items will be displayed as DllName.dll TypeName.Method("argument"). Optionally, when multiple items have the same name but different meaning (eg. 2 different DLLs named InjectMe.dll), the display may be more specific.

Will require settings implementation.

As requested by @ElektroKill on Discord

Inject some code to modify the IL of a method using Harmony.

Not exactly sure how to do UI. Could reuse UI elements of #3 when it's done.

See also 0xd4d/dnSpy#688

Tooltips for the CFG will just contain the full text inside the hovered node.

Right-clicking some code in the decompiler view and clicking "Edit IL instructions" automatically selects them in the IL editor. Having a context menu option to immediately nop them would save a lot of time.

Other options:

• Change conditional branch to always be true
• Remove write to variable

Preferably, the text field in the settings would have a green/red border depending on whether the entered path exists (or is a valid diec.exe file).

Hello, I have some issues and suggestions regarding it.

• Parts of the graph render outside of the tab control:
• Respect dark mode.
• Make the title state the method name that the CFG belongs too.
• Add an option to use the user's selected font for the CFG node text.
• Add the CFG option to the context menu of a method body and not just the method.

Thanks in advance.

Native assemblies currently don't show much information.

• Show imports and exports in the treeview
• [ ] Demangle C++ names not used for exports
• Disassemble native methods shown in the treeview
• Improve disassembly so that user can follow references

See also #38

For some reason this crashes at mono_assembly_load_from_full for normal Mono and at mono_image_open for BleedingEdge Mono. Not sure why, since x64 Framework and x86 Unity work just fine.

Opening this so I can close #7.

Example exception:

Import or export sourcemaps, which can then be shared with other people.

2 new menu items in app menu, not quite sure where yet.

An third menu item is for opening the folder containing sourcemaps.

Renaming a constructor should rename the type it belongs to.

Most code runs on the UI thread and is thus blocking. That includes DLL Injection, which is bad because it can take a while.

This also prevents embarrassing issues such as 0xd4d/dnSpy#1212.

Detect It Easy includes a commandline binary that can return plain text or json information about the passed binary. Could be useful to show inside dnSpy.

I would show this in some information tab under the AssemblyDef node in the treeview.