You can achieve this by parsing the methodbody of each method and search for the respective metadata token. Have a look at this example it will print out the offsets of all instructions using the searched method token.
namespace TokenSearch
{
internal static class Program
{
private static void Main()
{
var token = typeof (Class1).GetProperty("TargetProp").GetGetMethod().MetadataToken;
const BindingFlags findAll = BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.Static;
var references =
typeof (Program).Assembly.ManifestModule.GetTypes()
.SelectMany(x => x.GetMethods(findAll).Cast<MethodBase>().Union(x.GetConstructors(findAll)))
.ToDictionary(y => y, y => y.GetMethodUsageOffsets(token).ToArray())
.Where(z => z.Value.Length > 0).ToList();
foreach (var kv in references)
{
Console.WriteLine(
$"{kv.Key.DeclaringType}::{kv.Key.Name}: {string.Join(" ", kv.Value.Select(x => $"0x{x:x}"))}");
}
}
}
//some tests
public class Class1
{
public string TargetProp { get; set; }
private void TestMethod()
{
TargetProp = "123";
var x = TargetProp;
var y = TargetProp;
}
}
public class Class2
{
private string c1 = new Class1().TargetProp;
public void MoreMethods()
{
var c = new Class1();
var x = c.TargetProp;
}
public void CantFindThis()
{
var c = new Class1();
var x = c.ToString();
}
}
public static class Extensions
{
private static readonly Dictionary<short, OpCode> OpcodeDict =
typeof (OpCodes).GetFields(BindingFlags.Public | BindingFlags.Static)
.Select(x => (OpCode) x.GetValue(null))
.ToDictionary(x => x.Value, x => x);
public static IEnumerable<short> GetMethodUsageOffsets(this MethodBase mi, int token)
{
var il = mi.GetMethodBody()?.GetILAsByteArray();
if (il == null) yield break;
using (var br = new BinaryReader(new MemoryStream(il)))
{
while (br.BaseStream.Position < br.BaseStream.Length)
{
var firstByte = br.ReadByte();
var opcode =
OpcodeDict[
firstByte != 0xFE
? firstByte
: BitConverter.ToInt16(new[] {br.ReadByte(), firstByte}, 0)];
switch (opcode.OperandType)
{
case OperandType.ShortInlineBrTarget:
case OperandType.ShortInlineVar:
case OperandType.ShortInlineI:
br.ReadByte();
break;
case OperandType.InlineVar:
br.ReadInt16();
break;
case OperandType.InlineField:
case OperandType.InlineType:
case OperandType.ShortInlineR:
case OperandType.InlineString:
case OperandType.InlineSig:
case OperandType.InlineI:
case OperandType.InlineBrTarget:
br.ReadInt32();
break;
case OperandType.InlineI8:
case OperandType.InlineR:
br.ReadInt64();
break;
case OperandType.InlineSwitch:
var size = (int) br.ReadUInt32();
br.ReadBytes(size*4);
break;
case OperandType.InlineMethod:
case OperandType.InlineTok:
if (br.ReadInt32() == token)
{
yield return (short) (br.BaseStream.Position - 4 - opcode.Size);
}
break;
}
}
}
}
}
}
Console output:
TokenSearch.Class1::TestMethod: 0xe 0x15
TokenSearch.Class2::MoreMethods: 0x8
TokenSearch.Class2::.ctor: 0x6
ILdasm output of Class1::TestMethod
for reference:
.method private hidebysig instance void TestMethod() cil managed
// SIG: 20 00 01
{
// Method begins at RVA 0x21d0
// Code size 28 (0x1c)
.maxstack 2
.locals init ([0] string x,
[1] string y)
IL_0000: /* 00 | */ nop
IL_0001: /* 02 | */ ldarg.0
IL_0002: /* 72 | (70)000037 */ ldstr "123"
IL_0007: /* 28 | (06)000003 */ call instance void TokenSearch.Class1::set_TargetProp(string)
IL_000c: /* 00 | */ nop
IL_000d: /* 02 | */ ldarg.0
IL_000e: /* 28 | (06)000002 */ call instance string TokenSearch.Class1::get_TargetProp()
IL_0013: /* 0A | */ stloc.0
IL_0014: /* 02 | */ ldarg.0
IL_0015: /* 28 | (06)000002 */ call instance string TokenSearch.Class1::get_TargetProp()
IL_001a: /* 0B | */ stloc.1
IL_001b: /* 2A | */ ret
} // end of method Class1::TestMethod
A full implementation of a method body parser can be found in Mono.Reflection: MethodBodyReader.cs
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…