Can .Net Core 3 self-contained single executable be decompiled?

Eren Ersönmez 2020-02-27 18:54

The single-file exe is really an unmanaged wrapper and ILSpy doesn't support decompiling this. But when you run the exe, it unwraps its contents to a temp folder. So you can find the managed dll there and decompile it using ILSpy.

To find the temp folder, you can use any tool that shows locations of assemblies loaded by a process. SysInternals Process Monitor (procmon) is a good one.

You can setup procmon to filter by your exe name, and when you launch your exe, procmon should show some events for assemblies being loaded from a temp folder:

You can browse to that folder and find your managed dll there. And you can decompile using ILSpy from that location.

I wrote a blog entry: https://eersonmez.blogspot.com/2020/02/ilspy-decompiling-net-core-self.html

Related issues

How to get complete Log in Azure Function?

ASP.NET Core

Using enum in data annotation

How to make console logger in .net core 3.1 console app work

Logging in .Net core console application not working

AutoMapper third level subcollection map with root properties

Starting .NET Core installer using Inno Setup fails with result code 2

ASP.NET CORE, Web API: No route matches the supplied values

Which .NET Azure Service Bus library should I use for queues?

how to change main window state in a single instance using .Net Core