Geeks for your information

ILSpy homepage: https://github.com/icsharpcode/ILSpy

ILSpy is a freeware and simple .NET decompiler which can be used also for example for static malware analysis of .NET malware samples, because we can see the source code of loaded .NET assemblies.

When we open ILSpy we can see the main window:

[Image: leNoajk.png]

To load a .NET assembly simply click to "File" menu and we can also save code and reload the decompiler:

[Image: EArvhz8.png]

If we click on "View" we can sort assembly list by name and we can search in the source code.

[Image: d0iHXuZ.png]

If we click on "Help" menu we can check for new updates or look at "About" window.

[Image: bT3bfzc.png]

We can decompile C#, VB and IL assemblies:

[Image: 5MbLGsA.png]

In the options we can set decompile settings, like "Decompile anonymous methods", "Decompile async methods", etc.

An interesting option we can see is that we can also show/hide XML documentation of the source code.

[Image: PuC8Ivw.png]

We can also set text style of the source code:

[Image: xsLwwWb.png]

You can set text size, show line numbers in the source code, show metadata tokens, enable word wrap and choose the font.

ILSpy latest release: https://github.com/icsharpcode/ILSpy/releases

Very nice there! Thanks for the review and info. There are tons of tools in GitHub and some really need more exposure!

(11 January 19, 20:52)jasonX Wrote: [ -> ]Very nice there! Thanks for the review and info. There are tons of tools in GitHub and some really need more exposure!

Yes, that's a very good tool to view source code of .NET malware samples!

Deep900

jasonX

Deep900