我想开一个PE文件（这是我所知道的是.NET程序集）和寻找到的.Net字节code是（理想情况下开始的入口点）。我知道，PE头数据（入口点RVA）把我的只是一个存根从调用CorExeMain MSCorEE.dll中的。

I would like to open a PE file (which i know is a .Net assembly) and find where the .Net bytecode is (ideally starting at the entrypoint). I know that the PE header data (entrypoint RVA) take me just to a stub which calls CorExeMain from mscoree.dll.

这是不是我要找的不过。我想找到的字节code，通过mscorlib程序运行得到。我怎样才能做到这一点使用C ++和像反汇编没有外部工具，DUMPBIN等？我已经可以解析PE头，知道什么样的形象基础/ RVA的意思。我只是不知道在什么地方找到的IL字节code中的位置，充分的信息。

This is not what i'm looking for though. I would like to find the bytecode that gets run by mscorlib. How can i do that using C++ and no external tools like ildasm, dumpbin etc. ? I can already parse the PE header and know what image base/RVA means. I just cannot figure out where to find sufficient info about the location of the IL bytecode.

推荐答案

看一看的 ECMA-335 - 文件格式的细节都在里面，在分区第二节22-25。我似乎记得发现一些错误在里面，当我试图在不久前写一个解析器，但有一点毅力的这一切都可以做到的。

Have a look at ECMA-335 - the details of the file format are in there, in partition II section 22-25. I seem to remember finding a few bugs in it when I tried to write a parser a while ago, but with a bit of perseverance it's all doable.