cildecompilerreflectorreflexil

Assign a string to CommandText in IL using Reflexil


I need to edit a query for an application developed some time ago. But I don't have the source code, only the compiled dll's. Following is the source decompiled by Telerik JustDecompile.

conCl.Conn();
conCl.Con.Open();
SqlCommand com = conCl.Com;
string[] strArrays = new string[] { "SELECT * FROM TBL_USER WHERE u_name = '", user.Replace("'", "''"), "' AND u_pass = '", password.Replace("'", "''"), "' and u_IsActive = 1 " };
com.CommandText = string.Concat(strArrays);
SqlDataReader sqlDataReader = conCl.Com.ExecuteReader();

The resulting IL in Reflexil is:

off  op      operand
set code    

18  ldfld   System.Data.SqlClient.SqlConnection ANZFrameWorkDAL.ConCls::Con
23  callvirt    System.Void System.Data.SqlClient.SqlConnection::Open()
28  nop 
29  ldloc.0 
30  ldfld   System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
35  ldc.i4.5    
36  newarr  System.String
41  stloc.s -> (4)  (System.String[])
43  ldloc.s -> (4)  (System.String[])
45  ldc.i4.0    
46  ldstr   SELECT * FROM TBL_USER WHERE u_name = '
51  stelem.ref  
52  nop 
53  ldloc.s -> (4)  (System.String[])
55  ldc.i4.1    
56  ldarg.1 
57  ldstr   '
62  ldstr   ''
67  callvirt    System.String System.String::Replace(System.String,System.String)
72  stelem.ref  
73  nop 
74  ldloc.s -> (4)  (System.String[])
76  ldc.i4.2    
77  ldstr   ' AND u_pass = '
82  stelem.ref  
83  nop 
84  ldloc.s -> (4)  (System.String[])
86  ldc.i4.3    
87  ldarg.2 
88  ldstr   '
93  ldstr   ''
98  callvirt    System.String System.String::Replace(System.String,System.String)
103 stelem.ref  
104 nop 
105 ldloc.s -> (4)  (System.String[])
107 ldc.i4.4    
108 ldstr   ' and u_IsActive = 1 
113 stelem.ref  
114 nop 
115 ldloc.s -> (4)  (System.String[])
117 call    System.String System.String::Concat(System.String[])
122 callvirt    System.Void System.Data.SqlClient.SqlCommand::set_CommandText(System.String)
127 nop 
128 ldloc.0 
129 ldfld   System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
134 callvirt    System.Data.SqlClient.SqlDataReader System.Data.SqlClient.SqlCommand::ExecuteReader()

Now what I want is:

com.CommandText = "Select * form tbl_user where u_name = 'admin'"

I tried to load a string after offset 115 as

opcode = ldstr  operand = select * form tbl_user where u_name = 'admin'

but the output became

strArrays.CommandText = string.Concat((string[])"select * form tbl_user where u_name = 'admin'");

so i deleted my change and add the same string after offset 117 as:

opcode = ldstr  operand  = select * form tbl_user where u_name = 'admin'

the output changed and feels somewhat near to what I want but still not correct. the output became:

string.Concat(strArrays).CommandText = "select * form tbl_user where u_name = 'admin'";

What I want is:

com.CommandText = "select * from tbl_user where u_name = 'admin'"

I also tried to add callvirt opcode after offset 122 but i was unable to find set_CommandText method in System.Data.SqlClient.SqlCommand when the loaded .NET framework was 4.6.1

How can I do this? Please, any help would be appreciated. THANKS


Solution

  • Most of the method is just the string concatenation so you can remove it. You can replace all the instructions from offset 35 to 117 inclusive, with a single ldstr that contains your string.