Microsoft .NET Native Developer Preview 内部初探

准备研究：

安装完毕并启动VS2013,根据MSDN 的.NET Native 文档(http://msdn.microsoft.com/en-us/library/dn600165(v=vs.110).aspx)
我新建项目：
Visual C# -> 应用商店应用 -> Windows 应用程序 -> 网格应用程序(Windows)

新建项目后开启Native 编译；

然后在菜单 [生成] 里面 [活动解决方案平台] 选择 x64,（因为目前的版本仅支持X64和ARM平台）；

在 [项目] 菜单的 [生成] 选项卡里 [Compile with .NET Native tool chain] 上打对号；

在 [项目] 菜单的 [调试] 选项卡里选中如下：

 

ok，编译。。。你会发现编译速度很是慢长....。
然后看看我们的输出目录：

发现比正常的程序多了个[ilc.out]的目录，这个目录里面的程序就是本文的主角。

我们可以直接看到的差别就是 App1.exe 变的很小，5KB,而多了个App1.dll 7MB多；用CFF Explorer打开App1.exe:

查看其引入表：

发现
App1.exe只对App1.dll有引用，且只引用了App1.dll的导出函数RHBinder__ShimExeMain。
用IDA打开 App1.exe 找到入口函数可看到：

这句可以说明App1.exe是个stub，里面什么代码也没有，直接调用App1.dll的导出函数RHBinder__ShimExeMain。

ok，我们直接用IDA打开App1.dll等待分析完毕（dll较大，分析并加载符号较慢）：

 我们可以看到App1.dll导出了下列函数：（其中就有）RHBinder__ShimExeMain

view sourceprint?

01.Name                         Address          Ordinal

02.----                         -------          -------

03.$thread_static_index         0000000000AD2DB0 1     

04.AppendExceptionStackFrame    000000000076E004 2     

05.CheckStaticClassConstruction 0000000000765598 3     

06.CreateCommandLine            000000000076ABB8 4     

07.CtorCharArray                00000000007734A8 5     

08.CtorCharArrayStartLength     0000000000773190 6     

09.CtorCharCount                0000000000772A28 7     

10.CtorCharPtr                  0000000000772EC0 8     

11.CtorCharPtrStartLength       0000000000772C1C 9     

12.FailFast                     0000000000768E1C 10    

13.GetRuntimeException          0000000000769084 11    

14.RHBinder__ShimExeMain        0000000000426CF0 12    

15.RHBinder__DllMain            0000000000426D24

自然，RHBinder__ShimExeMain是此程序的入口点。

下面我们用 CFF Explorer 打开App1.dll：

看其引入表：

把对系统dll(api-ms*)的引用排除,剩下：

mrt100_app.dll

App1.dll

也就是其引用了自身导出的：

view sourceprint?

1.CtorCharArrayStartLength

2.CreateCommandLine

3.CtorCharPtrStartLength

4.CtorCharPtr

5.CtorCharCount

6.CtorCharArray

引用别的dll的函数并不奇怪，但为什么引用自身导出的函数而不是直接调用这个就比较奇怪了，他是怎么实现的呢？因为连接时这个dll并不存在，也就没有这个dll的导出，不知道怎么链接的，以后分析吧。

明显这个是一些支持函数，并不是主要的，主角看来在另一个dll（mrt100_app.dll）身上：

CFF Explorer 打开 mrt100_app.dll：

看见没 Microsoft .NET Native Runtime......

用vc工具 dumpbin /exports mrt100_app.dll 看其导出：

view sourceprint?

001.1 Microsoft (R) COFF/PE Dumper Version 11.00.61030.0

002.2 Copyright (C) Microsoft Corporation.  All rights reserved.

003.3

004.4

005.5 Dump of file mrt100_app.dll

006.6

007.7 File Type: DLL

008.8

009.9   Section contains the following exports for mrt100.dll

010.10

011.11     00000000 characteristics

012.12     533689BD time date stamp Sat Mar 29 16:52:13 2014

013.13         0.00 version

014.14            1 ordinal base

015.15          277 number of functions

016.16          277 number of names

017.17

018.18     ordinal hint RVA      name

019.19

020.20           1    0 00035DD8 GetRuntimeException

021.21           2    1 00036314 ProcessFinalizers

022.22           3    2 00001EF8 RegisterCodeManager

023.23           4    3 00034DC0 RhBox

024.24           5    4 00036760 RhCanUnloadModule

025.25           6    5 000367C0 RhCollect

026.26           7    6 00002E00 RhEnableShutdownFinalization

027.27           8    7 00035E5C RhExceptionHandling_FailedAllocation

028.28           9    8 000361B8 RhExceptionHandling_ThrowClasslibArithmeticException

029.29          10    9 0003622C RhExceptionHandling_ThrowClasslibDivideByZeroException

030.30          11    A 00036144 RhExceptionHandling_ThrowClasslibIndexOutOfRangeException

031.31          12    B 000362A0 RhExceptionHandling_ThrowClasslibOverflowException

032.32          13    C 00035EDC RhExceptionHandling_ThrowInter

033.33          14    D 000360D8 RhExceptionHandling_ThrowIntra

034.34          15    E 00003244 RhFindBlob

035.35          16    F 00036498 RhGcStress_Initialize

036.36          17   10 00034C74 RhGetArrayElementType

037.37          18   11 00034C3C RhGetComponentSize

038.38          19   12 00034BA8 RhGetCorElementType

039.39          20   13 00003808 RhGetCurrentObjSize

040.40          21   14 00034B5C RhGetEETypeClassification

041.41          22   15 00034B0C RhGetEETypeHash

042.42          23   16 00003BAC RhGetExceptionsForCurrentThread

043.43          24   17 00003830 RhGetGCNow

044.44          25   18 00003618 RhGetGcCollectionCount

045.45          26   19 00003668 RhGetGcLatencyMode

046.46          27   1A 000368D0 RhGetGcTotalMemory

047.47          28   1B 00002CBC RhGetGenericInstantiation

048.48          29   1C 00034C10 RhGetInterface

049.49          30   1D 00003854 RhGetLastGCDuration

050.50          31   1E 0000383C RhGetLastGCStartTime

051.51          32   1F 00003114 RhGetLoadedModules

052.52          33   20 000037F8 RhGetLohCompactionMode

053.53          34   21 00003610 RhGetMaxGcGeneration

054.54          35   22 00003EF0 RhGetModuleFileNameAndBaseFromIP

055.55          36   23 000031A8 RhGetModuleFromEEType

056.56          37   24 00034C40 RhGetNonArrayBaseType

057.57          38   25 00034BBC RhGetNullableType

058.58          39   26 00034C34 RhGetNumInterfaces

059.59          40   27 000033E4 RhGetStaticFieldAddress

060.60          41   28 000034C0 RhGetThreadStaticFieldAddress

061.61          42   29 000030B0 RhGetValueTypeSize

062.62          43   2A 00035144 RhHandleAlloc

063.63          44   2B 000350C8 RhHandleAllocDependent

064.64          45   2C 0003504C RhHandleAllocVariable

065.65          46   2D 000045E8 RhHandleCompareExchangeVariableType

066.66          47   2E 00004388 RhHandleFree

067.67          48   2F 000043BC RhHandleGet

068.68          49   30 000043C0 RhHandleGetDependent

069.69          50   31 0000458C RhHandleGetVariableType

070.70          51   32 000043FC RhHandleSet

071.71          52   33 000043F4 RhHandleSetDependentSecondary

072.72          53   34 000045A8 RhHandleSetVariableType

073.73          54   35 00034BB0 RhHasReferenceFields

074.74          55   36 00002E10 RhHasShutdownStarted

075.75          56   37 00034BF4 RhIsArray

076.76          57   38 00034BCC RhIsNullable

077.77          58   39 000037E8 RhIsPromoted

078.78          59   3A 00003680 RhIsServerGc

079.79          60   3B 00034BDC RhIsString

080.80          61   3C 00034C04 RhIsValueType

081.81          62   3D 00034C88 RhMemberwiseClone

082.82          63   3E 00034EB4 RhNewArray

083.83          64   3F 00034FA8 RhNewObject

084.84          65   40 00036870 RhReRegisterForFinalize

085.85          66   41 00003694 RhRegisterGcCallout

086.86          67   42 00004404 RhRegisterRefCountedHandleCallback

087.87          68   43 00035210 RhRethrow

088.88          69   44 000017E0 RhSetErrorInfoBuffer

089.89          70   45 00003670 RhSetGcLatencyMode

090.90          71   46 00003800 RhSetLohCompactionMode

091.91          72   47 00002EFC RhSpinWait

092.92          73   48 000035E8 RhSuppressFinalize

093.93          74   49 00035CC4 RhThrowEx

094.94          75   4A 00035D1C RhThrowHwEx

095.95          76   4B 00034908 RhTypeCast_AreTypesAssignable

096.96          77   4C 00034728 RhTypeCast_AreTypesEquivalent

097.97          78   4D 000347D4 RhTypeCast_CheckArrayStore

098.98          79   4E 00033914 RhTypeCast_CheckCast

099.99          80   4F 000349F4 RhTypeCast_CheckCastArray

100.100          81   50 00033ADC RhTypeCast_CheckCastClass

101.101          82   51 000344E0 RhTypeCast_CheckCastInterface

102.102          83   52 00034A84 RhTypeCast_CheckUnbox

103.103          84   53 00034738 RhTypeCast_CheckVectorElemAddr

104.104          85   54 00034688 RhTypeCast_IsInstanceOf

105.105          86   55 00034610 RhTypeCast_IsInstanceOfArray

106.106          87   56 00033B6C RhTypeCast_IsInstanceOfClass

107.107          88   57 000346C4 RhTypeCast_IsInstanceOfInterface

108.108          89   58 00004D94 RhUnbox

109.109          90   59 00003750 RhUnregisterGcCallout

110.110          91   5A 000044B8 RhUnregisterRefCountedHandleCallback

111.111          92   5B 00003600 RhWaitForPendingFinalizers

112.112          93   5C 00002F0C RhYield

113.113          94   5D 00036930 RhpAssignRefEDX

114.114          95   5E 00036A30 RhpBulkWriteBarrier

115.115          96   5F 00036AD0 RhpCheckCctor

116.116          97   60 00036960 RhpCheckedAssignRefEDX

117.117          98   61 000369A0 RhpCheckedLockCmpXchg

118.118          99   62 000369F0 RhpCheckedXchg

119.119         100   63 00003E28 RhpClearThreadDoNotTriggerGC

120.120         101   64 00004FBC RhpDbl2IntOvf

121.121         102   65 00004FE4 RhpDbl2LngOvf

122.122         103   66 00005088 RhpDbl2ULng

123.123         104   67 0000500C RhpDbl2ULngOvf

124.124         105   68 00036B70 RhpDblRemRev

125.125         106   69 00036D10 RhpEHJumpByref

126.126         107   6A 00036CF0 RhpEHJumpObject

127.127         108   6B 00036CD0 RhpEHJumpScalar

128.128         109   6C 00005660 RhpETWLogLiveCom

129.129         110   6D 00005828 RhpETWShouldWalkCom

130.130         111   6E 000351C0 RhpFailFastForPInvokeException

131.131         112   6F 0000502C RhpFlt2IntOvf

132.132         113   70 00005058 RhpFlt2LngOvf

133.133         114   71 00036B30 RhpFltRemRev

134.134         115   72 00036CB0 RhpGcPoll

135.135         116   73 00036CC0 RhpGcPollStress

136.136         117   74 00036F70 RhpGetThread

137.137         118   75 00037740 RhpInitialInterfaceDispatch

138.138         119   76 00036F90 RhpInterfaceDispatch3

139.139         120   77 00037080 RhpInterfaceDispatch36

140.140         121   78 00036FB0 RhpInterfaceDispatch4

141.141         122   79 00037170 RhpInterfaceDispatch32

142.142         123   7A 00036FD0 RhpInterfaceDispatch4

143.143         124   7B 00037360 RhpInterfaceDispatch64

144.144         125   7C 00037010 RhpInterfaceDispatch8

145.145         126   7D 00036DD0 RhpLoopHijack

146.146         127   7E 000379F0 RhpNewArray

147.147         128   7F 00037900 RhpNewFast

148.148         129   80 00037940 RhpNewFinalizable

149.149         130   81 00003FCC RhpPInvokeExceptionGuard

150.150         131   82 00005C2C RhpRegisterModule

151.151         132   83 00037870 RhpResolveInterfaceMethod

152.152         133   84 00037CE0 RhpRethrow

153.153         134   85 000382B0 RhpReversePInvoke

154.154         135   86 00034D30 RhpReversePInvokeBadTransition

155.155         136   87 00038420 RhpReversePInvokeReturn

156.156         137   88 00003E6C RhpSetThreadDoNotTriggerGC

157.157         138   89 00036A70 RhpShutdown

158.158         139   8A 000063C4 RhpSuppressGcStress

159.159         140   8B 00037BD0 RhpThrowEx

160.160         141   8C 00043968 RhpTrapThreads

161.161         142   8D 000063C4 RhpUnsuppressGcStress

162.162         143   8E 00038260 RhpWaitForGC

163.163         144   8F 000381D0 RhpWaitForSuspend

164.164         145   90 00001FBC UnregisterCodeManager

165.165         146   91 00038454 _copysign

166.166         147   92 0003845A _ecvt_s

167.167         148   93 00038460 acos

168.168         149   94 00038466 acosf

169.169         150   95 0003846C asin

170.170         151   96 00038472 asinf

171.171         152   97 00038478 atan

172.172         153   98 0003847E atan2

173.173         154   99 00038484 atan2f

174.174         155   9A 0003848A atanf

175.175         156   9B 00038490 ceil

176.176         157   9C 00038496 ceilf

177.177         158   9D 0003849C copysign

178.178         159   9E 000384A2 copysignf

179.179         160   9F 000384A8 cos

180.180         161   A0 000384AE cosf

181.181         162   A1 000384B4 cosh

182.182         163   A2 000384BA coshf

183.183         164   A3 000384C0 exp

184.184         165   A4 000384C6 expf

185.185         166   A5 000384CC floor

186.186         167   A6 000384D2 floorf

187.187         168   A7 000384D8 fmod

188.188         169   A8 000384DE fmodf

189.189         170   A9 000384E4 log

190.190         171   AA 000384EA log10

191.191         172   AB 000384F0 log10f

192.192         173   AC 000384F6 logf

193.193         174   AD 000384FC memcmp

194.194         175   AE 00038502 memcpy

195.195         176   AF 00038508 memmove

196.196         177   B0 0003850E memset

197.197         178   B1 00038514 modf

198.198         179   B2 0003851A pow

199.199         180   B3 00038520 powf

200.200         181   B4 00038526 sin

201.201         182   B5 0003852C sinf

202.202         183   B6 00038532 sinh

203.203         184   B7 00038538 sinhf

204.204         185   B8 0003853E sqrt

205.205         186   B9 00038544 sqrtf

206.206         187   BA 0003BA70 t119

207.207         188   BB 0003ACD0 t13

208.208         189   BC 0003ACE8 t2

209.209         190   BD 0003649C t2.m0

210.210         191   BE 00036494 t2.m1

211.211         192   BF 0003B2A0 t27

212.212         193   C0 0003B2C0 t28

213.213         194   C1 0003AF78 t3

214.214         195   C2 00036498 t3.m0

215.215         196   C3 000364A4 t3.m1

216.216         197   C4 0003AD00 t32

217.217         198   C5 0003AD78 t35

218.218         199   C6 0003ADB8 t37

219.219         200   C7 0003ADD8 t38

220.220         201   C8 0003ADF8 t39

221.221         202   C9 0003AE18 t40

222.222         203   CA 0003AE30 t41

223.223         204   CB 0003AE80 t44

224.224         205   CC 00043010 t44static_data

225.225         206   CD 00043018 t45static_data

226.226         207   CE 000364A8 t5.m1

227.227         208   CF 0003B3A0 t50

228.228         209   D0 0003B450 t56

229.229         210   D1 00036314 t56.m0

230.230         211   D2 0003ACA0 t6

231.231         212   D3 0003B530 t67

232.232         213   D4 0003B548 t68

233.233         214   D5 00043020 t70static_data

234.234         215   D6 0003B5A0 t71

235.235         216   D7 00036144 t71.m10

236.236         217   D8 000360D8 t71.m11

237.237         218   D9 00035EDC t71.m12

238.238         219   DA 00035E5C t71.m13

239.239         220   DB 00035DD8 t71.m14

240.240         221   DC 00035D1C t71.m15

241.241         222   DD 00035CC4 t71.m16

242.242         223   DE 00035210 t71.m17

243.243         224   DF 000351C0 t71.m25

244.244         225   E0 000362A0 t71.m7

245.245         226   E1 0003622C t71.m8

246.246         227   E2 000361B8 t71.m9

247.247         228   E3 00043028 t71static_data

248.248         229   E4 00043000 t71static_gcdata

249.249         230   E5 0003AF10 t78

250.250         231   E6 0003B6A0 t81

251.251         232   E7 0003ACA8 t82

252.252         233   E8 0003ACB0 t83

253.253         234   E9 0003B6B8 t84

254.254         235   EA 0003AF28 t87

255.255         236   EB 0003B750 t90

256.256         237   EC 00035144 t90.m0

257.257         238   ED 000350C8 t90.m1

258.258         239   EE 00034C3C t90.m10

259.259         240   EF 00034C34 t90.m11

260.260         241   F0 00034C10 t90.m12

261.261         242   F1 00034C04 t90.m13

262.262         243   F2 00034BF4 t90.m14

263.263         244   F3 00034BDC t90.m15

264.264         245   F4 00034BCC t90.m16

265.265         246   F5 00034BBC t90.m17

266.266         247   F6 00034BB0 t90.m18

267.267         248   F7 00034BA8 t90.m19

268.268         249   F8 0003504C t90.m2

269.269         250   F9 00034B5C t90.m20

270.270         251   FA 00034B0C t90.m21

271.271         252   FB 00034FA8 t90.m3

272.272         253   FC 00034EB4 t90.m4

273.273         254   FD 00034DC0 t90.m5

274.274         255   FE 00034D30 t90.m6

275.275         256   FF 00034C88 t90.m7

276.276         257  100 00034C74 t90.m8

277.277         258  101 00034C40 t90.m9

278.278         259  102 0003B768 t91

279.279         260  103 0003B7E8 t95

280.280         261  104 00033B6C t95.m0

281.281         262  105 00033ADC t95.m1

282.282         263  106 000344E0 t95.m11

283.283         264  107 000347D4 t95.m12

284.284         265  108 00034738 t95.m13

285.285         266  109 00034728 t95.m15

286.286         267  10A 00034688 t95.m17

287.287         268  10B 00033914 t95.m18

288.288         269  10C 00034A84 t95.m2

289.289         270  10D 00034610 t95.m3

290.290         271  10E 000349F4 t95.m4

291.291         272  10F 000346C4 t95.m5

292.292         273  110 00034908 t95.m9

293.293         274  111 0003854A tan

294.294         275  112 00038550 tanf

295.295         276  113 00038556 tanh

296.296         277  114 0003855C tanhf

297.297

298.298   Summary

299.299

300.300         6000 .data

301.301         3000 .pdata

302.302         9000 .rdata

303.303         1000 .reloc

304.304         1000 .rsrc

305.305        39000 .text

306.306         1000 .tls

 

发现有些函数名称如 t71.m10 貌似是被混淆过呦~~

看其引入：

按照惯例排除(api-ms*)后仅剩下了个msvcr120_app.dll，这个是VC2012 Runtime里面的一个dll，相当于系统dll，就不多分析了。

回头看 App1.dll ，因为是个dll，所以他被加载后首先执行的是其入口点函数 RHBinder__DllMain，而 RHBinder__DllMain 里面没别的代码，仅仅直接调用了 RHBinder__DllProcessAttach：

我们看到其调用了几个类的静态构造函数 cctor.

当dll入口执行完毕后执行的是RHBinder__ShimExeMain

终于看见我们想要看的C#的入口函数$0_App1__Program_Main，很明显在AOT后AOT编译器给入口函数Main重命名了。

相应的托管代码在：C:UsersBinSysDesktopApp1App1objdDebugApp.g.i.cs

view sourceprint?

01.#if !DISABLE_XAML_GENERATED_MAIN

02.public static class Program

03.{

04.[global::System.CodeDom.Compiler.GeneratedCodeAttribute('Microsoft.Windows.UI.Xaml.Build.Tasks',' 4.0.0.0')]

05.[global::System.Diagnostics.DebuggerNonUserCodeAttribute()]

06.static void Main(string[] args)

07.{

08.global::Windows.UI.Xaml.Application.Start((p) => new App());

09.}

10.}

11.#endif

是新new 了个App1的对象：

每个托管代码看来都有对象的Native实现哦。