怎样给没有源代码的.net程序添加修改功能

今天要修改一段代码,可是找不到源代码了,怎么办呢?
具体情况如下:

某个.NET小网站,在做数据库的查询修改删除操作的时候,没有验证输入参数的合法性,没有做错误处理,导致页面异常.

代码如下:

Private Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)
      iClass.Verify(Me)
      Me.DirId = Me.Request.QueryString.Item("DirId")
      Me.InfoId = Me.Request.QueryString.Item("InfoId")
      If Not IsNumber(Me.DirId) Then
            Me.DirId = ""
      End If
      Dim adapter1 As New OleDbDataAdapter(("Select * from Directory where Dirid = " & Me.DirId), Me.mCn)
      Dim table1 As New DataTable
      adapter1.Fill(table1)
      Me.DirPath = StringType.FromObject(table1.Rows.Item(0).Item("DirPath"))
      If (StringType.StrCmp(FileSystem.Dir(Me.Server.MapPath(Me.DirPath), FileAttribute.Directory), "", False) = 0) Then
            FileSystem.MkDir(Me.Server.MapPath(Me.DirPath))
      End If
      If Not Me.Page.IsPostBack Then
            Dim adapter2 As New OleDbDataAdapter(("Select * from info where InfoId=" & Me.InfoId & "and dirid=" & Me.DirId), Me.mCn)
            Dim table2 As New DataTable
            adapter2.Fill(table2)
            Me.txtTitle.Text = table2.Rows.Item(0).Item("Infotitle").ToString.Trim
            Me.txtMain.set_Text(table2.Rows.Item(0).Item("Infomain").ToString.Trim)
            Me.txtMain.set_Text(iClass.unchangestr(Me.txtMain.get_Text).ToString.Trim)
            Me.txtMaker.Text = table2.Rows.Item(0).Item("Infomaker").ToString.Trim
            Me.txtReship.Text = table2.Rows.Item(0).Item("Inforeship").ToString.Trim
      End If
End Sub

其中如果参数DirId和InfoId不为数字型的话,会造成
 "Select * from Directory where Dirid = " & Me.DirId
以及
 "Select * from info where InfoId=" & Me.InfoId & "and dirid=" & Me.DirId
的SQL语句查询出错

解决方法:
If Not IsNumber(Me.DirId) Then
    Me.DirId = ""
End If
改成
If Not IsNumber(DirId) Or Not IsNumeric(InfoId) Then
   DirId = ""
   Return
End If

新建一WEB项目,在Page_Load事件中加入以下代码

Verify(Me)
DirId = Request.QueryString("DirId")
InfoId = Request.QueryString("InfoId")
If Not IsNumber(DirId) Or Not IsNumeric(InfoId) Then
   DirId = ""
   Return
End If
Dim objApt As New OleDbDataAdapter("Select * from Directory where Dirid = " & DirId, mCn)
Dim objDt1 As New DataTable
objApt.Fill(objDt1)
DirPath = objDt1.Rows(0)("DirPath")
If Dir(Me.Server.MapPath(DirPath), FileAttribute.Directory) = "" Then
    MkDir(Me.Server.MapPath(DirPath))
End If
If Not Page.IsPostBack Then
    Dim objApt1 As New OleDbDataAdapter("Select * from info where InfoId=" & InfoId & " and dirid=" & DirId, mCn)
    Dim objDt As New DataTable
    objApt1.Fill(objDt)
    txtTitle.Text = objDt.Rows(0)("Infotitle").ToString.Trim
    txtMain.Text = objDt.Rows(0)("Infomain").ToString.Trim
    txtMain.Text = unchangestr(txtMain.Text).ToString.Trim
    txtMaker.Text = objDt.Rows(0)("Infomaker").ToString.Trim
    txtReship.Text = objDt.Rows(0)("Inforeship").ToString.Trim
End If

(注意,控件中要用到的一些控件要手动添加,函数根据.NET Reflector反编译出源代码加入到项目中.)

将新建项目编译成DLL

接着,用VS自带的ILDASM将原始DLL反编译成IL,用文本编辑器打开IL文件,用查找功能定位到
 "Select * from info where InfoId="
这一行
往下走来到函数结尾
 } // end of method Admin_FileEdit::Page_Load
往上走来到函数开头
 .method private instance void  Page_Load(object sender,
                                             class [mscorlib]System.EventArgs e) cil managed
中间部分就是要修改的代码了

再接着,用VS自带的ILDASM打开刚才生成的项目的DLL,打开IL的树形结构,找到改正后的函数,双击,可以打开一个详细的代码文件
将里面的所有代码复制到刚才打开的IL代码,替换IL文件中的原始函数
即下面的部分
 .method private instance void  Page_Load(object sender,
                                             class [mscorlib]System.EventArgs e) cil managed
  ...................................
  ...................................
  ...................................
 } // end of method Admin_FileEdit::Page_Load

重新编译修改过的IL,"ilasm filename.il /dll"  (filename指你开始用ILDASM导出的IL文件名)


将生成的DLL拷贝到BIN目录,覆盖旧的DLL

至此,修改工作告一段落

posted on 2006-04-14 11:35  Jason.NET  阅读(5398)  评论(14编辑  收藏  举报

Powered by: 博客园 Copyright © 2024 Jason.NET
Powered by .NET 9.0 on Kubernetes