How to decompile AOT .net assemblies

Question

How to decompile AOT .net assemblies

Bluscream opened this issue 9 months ago · 5 comments

Description

They always just show up as "PE" but don't give any usable code?

If these can't be decompiled with dnSpy anymore, is this more or less the end of dnSpy because every app will use it in the future?

Ref: Ahead-of-time compilation

Answer 1 · 2023-12-30T01:35:03.000Z

because every app will use it in the future?

i highly doubt that but yeah there's no way to get IL / C# back out of NativeAOT compiled apps, see also https://migeel.sk/blog/2023/09/15/reverse-engineering-natively-compiled-dotnet-apps/ from the primary developer of NativeAOT

Answer 2 · 2023-12-30T02:20:55.000Z

Damn, this is a bummer. IL2Cpp is already a pain in unity apps, but now Unity is probably getting built-in AOT support and later on it's going to be the default. RIP tools like MelonLoader/BepInEx 🪦

Thanks anyway for the heads up.

Answer 3 · 2023-12-30T03:22:51.000Z

IL2Cpp is already a pain in unity apps,

IL2Cpp is literally paradise for people modding games; if that is the intent.

You get all of the symbol information, including structure info completely for free; whereas with native games you have to reverse engineer these things from scratch.

I would not be really complaining about getting knowledge that will save you 1000+ hours of reversing for free. At least while you still have it.

Answer 4 · 2023-12-30T04:14:34.000Z

NativeAOT also has metadata, unless its stripped with reflection free mode

Answer 5 · 2023-12-30T10:40:57.000Z

Decompiling NativeAOT or IL2CPP will never be available in dnSpy. Those files do not have regular .NET metadata and they also do not have any IL code. All the code is in an unmanaged assembly language (depending on the target platform).