Application Security Testing: An Integral Part of DevOps
An assembly is a file that is automatically generated by the compiler upon successful compilation of every .NET application. It can be either a Dynamic Link Library or an executable file. It is generated only once for an application and upon each subsequent compilation the assembly gets updated. The entire process will run in the background of your application; there is no need for you to learn deeply about assemblies. However, a basic knowledge about this topic will help you to understand the architecture behind a .NET application.
An Assembly contains Intermediate Language (IL) code, which is similar to Java byte code. In the .NET language, it consists of metadata. Metadata enumerates the features of every "type" inside the assembly or the binary. In addition to metadata, assemblies also have a special file called Manifest. It contains information about the current version of the assembly and other related information.
In .NET, there are two kinds of assemblies, such as Single file and Multi file. A single file assembly contains all the required information (IL, Metadata, and Manifest) in a single package. The majority of assemblies in .NET are made up of single file assemblies. Multi file assemblies are composed of numerous .NET binaries or modules and are generated for larger applications. One of the assemblies will contain a manifest and others will have IL and Metadata instructions.
The main benefit of Intermediate Language is its power to integrate with all NET languages. This is because all .NET languages produce the same IL code upon successful compilation; hence, they can interact with each other very easily. However, .NET is not yet declared as a platform-independent language; efforts are on at Microsoft to achieve this objective. As of today, .NET applications are equipped to run only on Windows.
Dissecting the Intermediate Language (IL) Code
You can view the IL code generated by a .NET-aware compiler with the help of a utility called ILDASM.exe, which comes with the .NET Framework. ILDASM stands for Intermediate Language Disassembler. It may be located under the BIN directory of the .NET SDK installation folder. If you have Visual Studio NET 2003, you can locate this tool from the SDK folder of the installation directory. Figure 1.5.1 shows a screenshot of this tool loaded with information about a simple C# program named HelloWorld.exe.
The above utility parses the application's metadata and displays information about the application in a user-friendly and treelike fashion. This process is termed as Reflection. .NET provides a separate namespace named System.Reflection to dissect an application's metadata. You can use the classes and methods included in this namespace to display type information and also for various other tasks. You will learn more about Reflection in a later FAQ.
Moreover, the utility shows special icons before each category to enable you to understand their identity. For example, the red arrow before the term MANIFEST indicates that additional information is available for this particular type. The cyan diamond marked "S" signifies that it is a static field. The blue rectangle with three outputs indicates that the title is a class. If you look into the IL code for advanced assemblies, there will be a down arrow icon in blue. It denotes that the item is a namespace. You will find a detailed explanation about each one of these icons from the online documentation that comes with the .NET Framework.
Double-clicking the relevant titles will open a new window containing the IL code, but you cannot edit them. For instance, if you open the Main() method, you will be presented with a window as shown in Figure 1.5.2.
If you carefully monitor the code given in the above figure, you will be able to learn some information. But, don't worry if you can't understand anything. Knowledge of these codes is not essential for learning C#. If you attempt to open an executable file created with other languages, such as Visual Basic 6.0, the disassembler will display an error message as shown in Figure 1.5.3. This message indicates that the file you tried to open is not managed, or as technically called, is unmanaged code. Unmanaged codes are not produced by the .NET Framework; hence, they cannot be dissected with the disassembler.
You will find more information regarding the above utility from the MSDN Library that ships with Visual Studio .NET.