Methods and Practices for Decompiling .NET EXE to Readable C# Source Code

Nov 08, 2025 · Programming · 20 views · 7.8

Keywords: .NET Decompilation | C# Source Code Recovery | Reflector Tool | ILSpy | Intermediate Language Analysis

Abstract: This article provides an in-depth exploration of decompiling .NET EXE files into readable C# source code, focusing on Reflector and its FileDisassembler plugin while comparing alternatives like ILSpy and JustDecompile. Through practical code examples, it demonstrates the decompilation process and analyzes Intermediate Language (IL) structure and modification techniques, offering complete recovery solutions for developers facing source code loss.

Introduction

During software development, developers may encounter situations where source code is lost but executable files remain. For applications based on the .NET framework, the Intermediate Language (IL) characteristics of compiled output make it possible to recover C# source code from EXE files. This article systematically introduces the core principles of .NET decompilation, usage of mainstream tools, and practical application scenarios.

Fundamental Principles of .NET Decompilation

.NET applications compile to Intermediate Language (IL) code rather than native machine code, making decompilation feasible. IL code contains rich metadata information including type definitions, method signatures, and property declarations, providing the foundation for accurately restoring high-level language code.

Taking registry operation code as an example, the original C# code:

using Microsoft.Win32; class Program { private static void Main(string[] args) { RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System", true); key.SetValue("legalnoticetext", "FindMe"); key.Close(); } }

The compiled IL code contains complete operational logic, allowing accurate restoration of the original code structure through decompilation tools.

Detailed Analysis of Mainstream Decompilation Tools

Reflector and FileDisassembler

Reflector is widely recognized as an excellent .NET decompilation tool, capable of converting IL code into readable high-level languages like C# and VB.NET. Its core advantages include:

FileDisassembler, as a crucial Reflector plugin, provides the ability to save decompilation results as Visual Studio solutions. The workflow includes: loading target assemblies, browsing code structure, selecting export scope, and generating project files. This feature is particularly important for scenarios requiring complete project structure recovery.

ILSpy Tool Features

As an open-source alternative, ILSpy offers functionality similar to Reflector with enhancements in certain areas:

ILSpy version 2.1 further improves decompilation accuracy, particularly excelling in handling modern C# features.

Comparison with Other Tools

Tools like JustDecompile, CodeReflect, and DotPeek each have unique characteristics. JustDecompile, though still in beta, performs well in user interface friendliness; DotPeek, developed by JetBrains, offers high integration with IDEs like Rider.

Practical Decompilation Operation Guide

Analyzing IL Code with ILDASM

For scenarios requiring deep understanding of the decompilation process or manual modifications, the .NET Framework's built-in ILDASM tool can be used:

"C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe" Target.exe /output:Target.il

The generated IL file contains complete assembly information. By analyzing IL instructions, code execution logic can be understood. For example, the IL code for registry operations:

.method private hidebysig static void Main(string[] args) cil managed { .entrypoint .maxstack 3 .locals init ([0] class [mscorlib]Microsoft.Win32.RegistryKey key) IL_0000: nop IL_0001: ldsfld class [mscorlib]Microsoft.Win32.RegistryKey [mscorlib]Microsoft.Win32.Registry::LocalMachine IL_0006: ldstr "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System" IL_000b: ldc.i4.1 IL_000c: callvirt instance class [mscorlib]Microsoft.Win32.RegistryKey [mscorlib]Microsoft.Win32.RegistryKey::OpenSubKey(string, bool) IL_0011: stloc.0 IL_0012: ldloc.0 IL_0013: ldstr "legalnoticetext" IL_0018: ldstr "FindMe" IL_001d: callvirt instance void [mscorlib]Microsoft.Win32.RegistryKey::SetValue(string, object) IL_0022: nop IL_0023: ldloc.0 IL_0024: callvirt instance void [mscorlib]Microsoft.Win32.RegistryKey::Close() IL_0029: nop IL_002a: ret }

Modification and Recompilation

After understanding the IL code structure, targeted modifications can be made. After modification, use ILASM for recompilation:

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\ilasm.exe .\Target.il /PE64 /output:Target.exe

This method is suitable for simple code modifications such as changing configuration parameters or adjusting business logic.

Limitations and Considerations of Decompilation

Although modern decompilation tools are quite mature, certain limitations remain:

In practical applications, cross-validation using multiple tools is recommended to ensure decompilation result accuracy.

Application Scenarios and Best Practices

Decompilation technology plays important roles in multiple scenarios:

Best practices include: regular source code backups, using version control systems, using decompilation technology within legal boundaries, and respecting intellectual property rights.

Conclusion

.NET decompilation technology provides developers with powerful code recovery and analysis capabilities. Through proper use of tools like Reflector and ILSpy, combined with deep understanding of IL code, readable C# source code can be effectively recovered from EXE files. As tool technology continues to develop, decompilation accuracy and convenience will continue to improve, offering more possibilities for software development and maintenance.

Copyright Notice: All rights in this article are reserved by the operators of DevGex. Reasonable sharing and citation are welcome; any reproduction, excerpting, or re-publication without prior permission is prohibited.