NET functions disassembled?

This prologue has two parts. Setting up the stackframe This stores the current EBP register on the stack and then assigns the value of the stackpointer(ESP) to EBP. Push ebp mov ebp,esp If there are local variables that are stored on the stack (i.e.

Not enough space in the registers available) then ESP will be moved by their size to build the stackframe of the current function. And at the end of the function you'll see these operations reversed, so the stack-frame of the previous function gets restored. EBP should always point to the beginning of the stackframe of the current function ESP to the end(which has a lower address on x86 because the stack grows downwards).

This is part of the common calling conventions and needed for stack unrolling when an exception is thrown. This is not . Net specific and used by most calling conventions on windows/x86.

After setting up the stackframe its common to store some registers on the stack. That's because you might want to use certain registers as temporary variables, but the calling convention requires your function to conserve them. So you need to back them up on the stack.

Which registers must be preserved and which can be modified depends on the calling convention you use. When referring to local variables on the stack you can use ebp-x where ebp points to the beginning of the stackframe, and x is an offset which indicates where in the stackframe the variable is stored. Alternatively you can use esp+y with an offset from the end of the stackframe.

Call to the static constructor/initializer As danbystrom noticed the second part is most likely the call to a static constructor/initializer. Since the static constructor is not called on program startup but on the first access, every access for which the jitter can't guarantee that the static constructor has already executed needs to check if it has been called, and then calls it if not. 00000004 cmp dword ptr ds:006914A4h,0 0000000b je 00000012 0000000d call 65CC36CF This is something like if (globalVar!

=0) Call Function_65CC36CF. Where most likely the global var indicates if the static constructor has run, and the call is a call to the static constructor. As far as I know your comments on the disassembly are correct.

Check this OldNewThing blog entry on stackframes: How to rescue a broken stack trace: Recovering the EBP chain.

1 If you have too much of them, you get a Stackoverflow ;) – chriszero Feb 10 at 13:49.

Since your methods are all static: the code is used to check if the class' static initializer has yet been executed. 00000007 cmp dword ptr ds:005C14A4h,0 ; test if static initializer has executed 0000000e je 00000015 ; skip call to initializer if already done 00000010 call 65E0367F ; call static initializer 00000015 .... ; continue with the method's code.

If you're talking about the push and the mov, it's just fixing up the callstack. I'm not sure what the remainder of those segments is doing off the top of my head.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.