I need to edit a query for an application developed some time ago. But I don't have the source code, only the compiled dll's. Following is the source decompiled by Telerik JustDecompile.
conCl.Conn();
conCl.Con.Open();
SqlCommand com = conCl.Com;
string[] strArrays = new string[] { "SELECT * FROM TBL_USER WHERE u_name = '", user.Replace("'", "''"), "' AND u_pass = '", password.Replace("'", "''"), "' and u_IsActive = 1 " };
com.CommandText = string.Concat(strArrays);
SqlDataReader sqlDataReader = conCl.Com.ExecuteReader();
The resulting IL in Reflexil is:
off op operand
set code
18 ldfld System.Data.SqlClient.SqlConnection ANZFrameWorkDAL.ConCls::Con
23 callvirt System.Void System.Data.SqlClient.SqlConnection::Open()
28 nop
29 ldloc.0
30 ldfld System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
35 ldc.i4.5
36 newarr System.String
41 stloc.s -> (4) (System.String[])
43 ldloc.s -> (4) (System.String[])
45 ldc.i4.0
46 ldstr SELECT * FROM TBL_USER WHERE u_name = '
51 stelem.ref
52 nop
53 ldloc.s -> (4) (System.String[])
55 ldc.i4.1
56 ldarg.1
57 ldstr '
62 ldstr ''
67 callvirt System.String System.String::Replace(System.String,System.String)
72 stelem.ref
73 nop
74 ldloc.s -> (4) (System.String[])
76 ldc.i4.2
77 ldstr ' AND u_pass = '
82 stelem.ref
83 nop
84 ldloc.s -> (4) (System.String[])
86 ldc.i4.3
87 ldarg.2
88 ldstr '
93 ldstr ''
98 callvirt System.String System.String::Replace(System.String,System.String)
103 stelem.ref
104 nop
105 ldloc.s -> (4) (System.String[])
107 ldc.i4.4
108 ldstr ' and u_IsActive = 1
113 stelem.ref
114 nop
115 ldloc.s -> (4) (System.String[])
117 call System.String System.String::Concat(System.String[])
122 callvirt System.Void System.Data.SqlClient.SqlCommand::set_CommandText(System.String)
127 nop
128 ldloc.0
129 ldfld System.Data.SqlClient.SqlCommand ANZFrameWorkDAL.ConCls::Com
134 callvirt System.Data.SqlClient.SqlDataReader System.Data.SqlClient.SqlCommand::ExecuteReader()
Now what I want is:
com.CommandText = "Select * form tbl_user where u_name = 'admin'"
I tried to load a string after offset 115 as
opcode = ldstr operand = select * form tbl_user where u_name = 'admin'
but the output became
strArrays.CommandText = string.Concat((string[])"select * form tbl_user where u_name = 'admin'");
so i deleted my change and add the same string after offset 117 as:
opcode = ldstr operand = select * form tbl_user where u_name = 'admin'
the output changed and feels somewhat near to what I want but still not correct. the output became:
string.Concat(strArrays).CommandText = "select * form tbl_user where u_name = 'admin'";
What I want is:
com.CommandText = "select * from tbl_user where u_name = 'admin'"
I also tried to add callvirt opcode after offset 122 but i was unable to find set_CommandText method in System.Data.SqlClient.SqlCommand when the loaded .NET framework was 4.6.1
How can I do this? Please, any help would be appreciated. THANKS
Most of the method is just the string concatenation so you can remove it. You can replace all the instructions from offset 35 to 117 inclusive, with a single
ldstrthat contains your string.