Ilspy Decompile

Decompile .NET assemblies with ILSpy for reverse engineering and debugging

Category: development Source: Aaronontheweb/dotnet-skills

ILSpy Decompile is a development skill for reverse engineering and analyzing .NET assemblies, covering decompilation, IL inspection, and source code recovery

What Is This?

Overview

ILSpy Decompile enables developers to decompile .NET assemblies back into readable C# source code. This skill leverages ILSpy, a powerful open-source decompiler that converts compiled intermediate language (IL) into human-readable code. Whether you're analyzing third-party libraries, debugging production issues, or understanding legacy code, this skill provides the tools to inspect and understand .NET binaries at a deep level.

ILSpy supports a wide range of .NET frameworks, including .NET Framework, .NET Core, and the latest .NET versions. It can extract metadata, view IL code, analyze dependencies, and reconstruct the original source structure from compiled assemblies. The tool also supports decompiling assemblies targeting different architectures (x86, x64, AnyCPU) and can handle both managed and mixed-mode assemblies, though native code is not decompiled.

ILSpy’s user interface allows for easy navigation of namespaces, types, and members within assemblies. It also provides search functionality to quickly locate classes, methods, or properties of interest. The decompiler can export entire projects or individual files, making it easier to document or further analyze the recovered code. Additionally, ILSpy can display embedded resources, manifest information, and custom attributes, giving a comprehensive view of the assembly contents.

Who Should Use This

Use this skill if you're a .NET developer who needs to analyze compiled assemblies, reverse engineer third-party libraries, debug production code without source access, or understand how your code compiles to IL. Security auditors, penetration testers, and researchers can also benefit from this skill when assessing the security or behavior of .NET applications. It is also valuable for educators and students who want to learn how high-level C# constructs are translated into IL and how the .NET runtime executes code.

Why Use It?

Problems It Solves

Decompiling assemblies helps when source code is unavailable, you need to understand third-party library behavior, investigate production bugs without debugging symbols, or verify security implementations. This skill eliminates the black box nature of compiled .NET code and provides visibility into actual implementation details.

ILSpy is especially useful for recovering lost source code, performing code audits, and ensuring compliance with security standards. It can help identify vulnerabilities, such as hardcoded credentials or insecure cryptographic implementations, that may not be apparent from documentation alone. By exposing the underlying code, ILSpy empowers developers to make informed decisions about integrating or updating dependencies.

Core Highlights

ILSpy provides syntax-highlighted C# output that closely matches the original source code structure. The decompiler handles complex language features including async patterns, LINQ expressions, tuples, pattern matching, and modern C# syntax. You can analyze multiple assemblies simultaneously and explore dependency chains across projects. Export decompiled code in various formats for documentation or further analysis.

ILSpy also supports plugins and extensions, allowing for custom analysis workflows or integration with other development tools. Its command-line interface enables automation of decompilation tasks, making it suitable for CI/CD pipelines or large-scale code reviews.

How to Use It?

Basic Usage

var decompiler = new ILSpyDecompiler();
var assembly = decompiler.LoadAssembly("MyLibrary.dll");
var types = assembly.GetTypes();
var sourceCode = decompiler.DecompileType(types[0]);
Console.WriteLine(sourceCode);

Real-World Examples

Analyzing a third-party NuGet package to understand its implementation:

var decompiler = new ILSpyDecompiler();
var assembly = decompiler.LoadAssembly("Newtonsoft.Json.dll");
var jsonSerializerType = assembly.GetType("Newtonsoft.Json.JsonConvert");
var decompiled = decompiler.DecompileType(jsonSerializerType);
File.WriteAllText("JsonConvert.cs", decompiled);

Debugging a production issue by examining compiled code:

var decompiler = new ILSpyDecompiler();
var assembly = decompiler.LoadAssembly("ProductionApp.dll");
var problematicMethod = assembly.GetMethod("ProcessPayment");
var ilCode = decompiler.GetILCode(problematicMethod);
Console.WriteLine(ilCode);

Advanced Tips

Use the IL view mode when C# decompilation seems unclear or when you need to understand exact runtime behavior at the intermediate language level. Combine decompilation with debugging tools like dnSpy for dynamic analysis alongside static code inspection. Leverage ILSpy’s search and navigation features to quickly locate relevant code sections. For automation, use the command-line version to batch decompile assemblies or integrate with build scripts.

When to Use It?

Use Cases

Reverse engineering closed-source third-party libraries to understand their behavior and integration points. Investigating production issues when source code or debugging symbols are unavailable in your environment. Auditing security implementations in compiled assemblies to verify encryption, authentication, or data protection mechanisms. Learning how modern C# features compile to IL for performance optimization and language understanding. Recovering lost or accidentally deleted source code from compiled binaries.