使用 Reflexil 将字符串分配给 IL 中的 CommandText
Assign a string to CommandText in IL using Reflexil
我需要为一段时间前开发的应用程序编辑查询。但是我没有源代码,只有编译好的dll。以下是Telerik JustDecompile反编译后的源码
conCl.Conn();
conCl.Con.Open();
SqlCommand com = conCl.Com;
string[] strArrays = new string[] { "SELECT * FROM TBL_USER WHERE u_name = '", user.Replace("'", "''"), "' AND u_pass = '", password.Replace("'", "''"), "' and u_IsActive = 1 " };
com.CommandText = string.Concat(strArrays);
SqlDataReader sqlDataReader = conCl.Com.ExecuteReader();
Reflexil 中产生的 IL 是:
off op operand
set code
18 ldfld System.Data.SqlClient.SqlConnection ANZFrameWorkDAL.ConCls::Con
23 callvirt System.Void System.Data.SqlClient.SqlConnection::Open()
28 nop
29 ldloc.0
30 ldfld System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
35 ldc.i4.5
36 newarr System.String
41 stloc.s -> (4) (System.String[])
43 ldloc.s -> (4) (System.String[])
45 ldc.i4.0
46 ldstr SELECT * FROM TBL_USER WHERE u_name = '
51 stelem.ref
52 nop
53 ldloc.s -> (4) (System.String[])
55 ldc.i4.1
56 ldarg.1
57 ldstr '
62 ldstr ''
67 callvirt System.String System.String::Replace(System.String,System.String)
72 stelem.ref
73 nop
74 ldloc.s -> (4) (System.String[])
76 ldc.i4.2
77 ldstr ' AND u_pass = '
82 stelem.ref
83 nop
84 ldloc.s -> (4) (System.String[])
86 ldc.i4.3
87 ldarg.2
88 ldstr '
93 ldstr ''
98 callvirt System.String System.String::Replace(System.String,System.String)
103 stelem.ref
104 nop
105 ldloc.s -> (4) (System.String[])
107 ldc.i4.4
108 ldstr ' and u_IsActive = 1
113 stelem.ref
114 nop
115 ldloc.s -> (4) (System.String[])
117 call System.String System.String::Concat(System.String[])
122 callvirt System.Void System.Data.SqlClient.SqlCommand::set_CommandText(System.String)
127 nop
128 ldloc.0
129 ldfld System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
134 callvirt System.Data.SqlClient.SqlDataReader System.Data.SqlClient.SqlCommand::ExecuteReader()
现在我想要的是:
com.CommandText = "Select * form tbl_user where u_name = 'admin'"
我试图在偏移量 115 之后加载一个字符串作为
opcode = ldstr operand = select * form tbl_user where u_name = 'admin'
但是输出变成了
strArrays.CommandText = string.Concat((string[])"select * form tbl_user where u_name = 'admin'");
所以我删除了我的更改并在偏移量 117 之后添加了相同的字符串:
opcode = ldstr operand = select * form tbl_user where u_name = 'admin'
输出改变了,感觉有点接近我想要的但仍然不正确。输出变为:
string.Concat(strArrays).CommandText = "select * form tbl_user where u_name = 'admin'";
我想要的是:
com.CommandText = "select * from tbl_user where u_name = 'admin'"
我还尝试在偏移量 122 之后添加 callvirt 操作码,但是当加载的 .NET 框架是 4.6.1
时,我无法在 System.Data.SqlClient.SqlCommand 中找到 set_CommandText 方法
我该怎么做?请,任何帮助将不胜感激。谢谢
大多数方法只是字符串连接,因此您可以将其删除。您可以用包含您的字符串的单个 ldstr 替换从偏移量 35 到 117 的所有指令。
我需要为一段时间前开发的应用程序编辑查询。但是我没有源代码,只有编译好的dll。以下是Telerik JustDecompile反编译后的源码
conCl.Conn();
conCl.Con.Open();
SqlCommand com = conCl.Com;
string[] strArrays = new string[] { "SELECT * FROM TBL_USER WHERE u_name = '", user.Replace("'", "''"), "' AND u_pass = '", password.Replace("'", "''"), "' and u_IsActive = 1 " };
com.CommandText = string.Concat(strArrays);
SqlDataReader sqlDataReader = conCl.Com.ExecuteReader();
Reflexil 中产生的 IL 是:
off op operand
set code
18 ldfld System.Data.SqlClient.SqlConnection ANZFrameWorkDAL.ConCls::Con
23 callvirt System.Void System.Data.SqlClient.SqlConnection::Open()
28 nop
29 ldloc.0
30 ldfld System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
35 ldc.i4.5
36 newarr System.String
41 stloc.s -> (4) (System.String[])
43 ldloc.s -> (4) (System.String[])
45 ldc.i4.0
46 ldstr SELECT * FROM TBL_USER WHERE u_name = '
51 stelem.ref
52 nop
53 ldloc.s -> (4) (System.String[])
55 ldc.i4.1
56 ldarg.1
57 ldstr '
62 ldstr ''
67 callvirt System.String System.String::Replace(System.String,System.String)
72 stelem.ref
73 nop
74 ldloc.s -> (4) (System.String[])
76 ldc.i4.2
77 ldstr ' AND u_pass = '
82 stelem.ref
83 nop
84 ldloc.s -> (4) (System.String[])
86 ldc.i4.3
87 ldarg.2
88 ldstr '
93 ldstr ''
98 callvirt System.String System.String::Replace(System.String,System.String)
103 stelem.ref
104 nop
105 ldloc.s -> (4) (System.String[])
107 ldc.i4.4
108 ldstr ' and u_IsActive = 1
113 stelem.ref
114 nop
115 ldloc.s -> (4) (System.String[])
117 call System.String System.String::Concat(System.String[])
122 callvirt System.Void System.Data.SqlClient.SqlCommand::set_CommandText(System.String)
127 nop
128 ldloc.0
129 ldfld System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
134 callvirt System.Data.SqlClient.SqlDataReader System.Data.SqlClient.SqlCommand::ExecuteReader()
现在我想要的是:
com.CommandText = "Select * form tbl_user where u_name = 'admin'"
我试图在偏移量 115 之后加载一个字符串作为
opcode = ldstr operand = select * form tbl_user where u_name = 'admin'
但是输出变成了
strArrays.CommandText = string.Concat((string[])"select * form tbl_user where u_name = 'admin'");
所以我删除了我的更改并在偏移量 117 之后添加了相同的字符串:
opcode = ldstr operand = select * form tbl_user where u_name = 'admin'
输出改变了,感觉有点接近我想要的但仍然不正确。输出变为:
string.Concat(strArrays).CommandText = "select * form tbl_user where u_name = 'admin'";
我想要的是:
com.CommandText = "select * from tbl_user where u_name = 'admin'"
我还尝试在偏移量 122 之后添加 callvirt 操作码,但是当加载的 .NET 框架是 4.6.1
时,我无法在 System.Data.SqlClient.SqlCommand 中找到 set_CommandText 方法我该怎么做?请,任何帮助将不胜感激。谢谢
大多数方法只是字符串连接,因此您可以将其删除。您可以用包含您的字符串的单个 ldstr 替换从偏移量 35 到 117 的所有指令。