In MSIL, a call instruction includes the fully qualified name. Therefore, using Cecil you can do the following:
if (i.OpCode == Mono.Cecil.Cil.OpCodes.Call)
{
MethodReference rf = (MethodReference)i.Operand;
if (rf.DeclaringType.Namespace.StartsWith("System"))
{
systemCount++;
}
else
{
nonSystemCount++;
}
}
Currently considering what architecture is best for storing type/method call frequency which would be more complicated than simple system-calls frequency.
2 comments:
That seems rather a weak way to achieve detection as namespace aren't restricted. Anyone can create their own System.* stuff (even if they shouldn't pollute the namespace) and the core assemblies also include Microsoft.* stuff (generally less important).
In the case of Mono we include non System.* classes into the core libraries (as internals) but they may count, somewhere, toward the importance of the public "system calls".
A better way to detect them would be to find the assembly (.Module.Assembly) and the compare the public key token with the one MS (and Mono) use for ECMA and MS assemblies.
Thanks for the suggestion.
Post a Comment