From 5b4b9924d5a016af996ffac91a975b9822651451 Mon Sep 17 00:00:00 2001
From: mattifestation <mattgraeber@gmail.com>
Date: Thu, 7 Nov 2013 07:28:53 -0500
Subject: Get-ILDisassembly now displays metadata tokens.

* Having metadata tokens displayed in output helps with reverse
engineering because you can pass metadata tokens to
System.Reflection.Module.ResolveMember and then easily interact with the
member in question.
* I also fixed a bug when displaying integer constants. I wasn't doing
an endian swap.
---
 ReverseEngineering/Get-ILDisassembly.format.ps1xml | 6 ++++++
 ReverseEngineering/Get-ILDisassembly.ps1           | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ReverseEngineering/Get-ILDisassembly.format.ps1xml b/ReverseEngineering/Get-ILDisassembly.format.ps1xml
index f933e1e..3c610cc 100644
--- a/ReverseEngineering/Get-ILDisassembly.format.ps1xml
+++ b/ReverseEngineering/Get-ILDisassembly.format.ps1xml
@@ -18,6 +18,9 @@
                     <TableColumnHeader>
                         <Label>Operand</Label>
                     </TableColumnHeader>
+                    <TableColumnHeader>
+                        <Label>MetadataToken</Label>
+                    </TableColumnHeader>
                 </TableHeaders>
                 <TableRowEntries>
                     <TableRowEntry>
@@ -31,6 +34,9 @@
                             <TableColumnItem>
                                 <PropertyName>Operand</PropertyName>
                             </TableColumnItem>
+                            <TableColumnItem>
+                                <ScriptBlock>if ($_.MetadataToken) {"0x$($_.MetadataToken.ToString('X8'))"}</ScriptBlock>
+                            </TableColumnItem>
                         </TableColumnItems>
                     </TableRowEntry>
                 </TableRowEntries>
diff --git a/ReverseEngineering/Get-ILDisassembly.ps1 b/ReverseEngineering/Get-ILDisassembly.ps1
index 645dc39..b7293e0 100644
--- a/ReverseEngineering/Get-ILDisassembly.ps1
+++ b/ReverseEngineering/Get-ILDisassembly.ps1
@@ -131,6 +131,7 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf
         
         $Type = $Op.OperandType
         $Operand = $null
+        $OpInt = $null
         
         if ($Type -eq 'InlineNone') {
             $OperandLength = 0
@@ -191,13 +192,14 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf
         
         if (($OperandLength -gt 0) -and ($OperandLength -ne 4) -and ($Type -ne 'InlineSwitch') -and ($Type -ne 'ShortInlineBrTarget')) {
             # Simply print the hex for all operands with immediate values
-            $Operand = "0x{0}" -f (($IL[$Position..($Position+$OperandLength-1)] | ForEach-Object { $_.ToString('X2') }) -join '')
+            $Operand = "0x{0}" -f (($IL[($Position+$OperandLength-1)..$Position] | ForEach-Object { $_.ToString('X2') }) -join '')
         }
         
         $Instruction = @{
             Position = $InstructionPostion
             Instruction = $Op.Name
             Operand = $Operand
+            MetadataToken = $OpInt
         }
         
         # Return a custom object containing a position, instruction, and fully-qualified operand
-- 
cgit v1.2.3