Skip to content
mcilspy

Overview

mcilspy is a Model Context Protocol server that gives AI assistants the power to reverse-engineer .NET binaries. It wraps the ILSpy decompiler and dnfile metadata parser behind a clean tool interface, letting Claude (or any MCP client) decompile assemblies, search for hardcoded secrets, explore type hierarchies, and recover lost source code.

Two Engines, One Interface

Section titled “Two Engines, One Interface”

mcilspy operates with two complementary backends:

dnfile (metadata engine) parses PE headers and .NET metadata tables directly in Python. This gives you 7 tools that work immediately — no .NET SDK required. These tools read the MethodDef, Field, Property, Event, and ManifestResource tables to let you search and explore assembly structure without decompiling anything.

ilspycmd (decompilation engine) is the command-line interface to ILSpy, the open-source .NET decompiler. When installed, it unlocks 9 more tools for full C# source recovery, IL bytecode output, interactive HTML diagrams, NuGet package extraction, and PDB generation.

Who Is It For?

Section titled “Who Is It For?”
  • Security researchers finding hardcoded credentials, API keys, and connection strings in compiled binaries
  • Reverse engineers analyzing .NET malware or understanding obfuscated commercial software
  • Developers recovering source code from legacy assemblies when the original source has been lost
  • Library consumers reading actual implementations when documentation falls short

What Is MCP?

Section titled “What Is MCP?”

The Model Context Protocol is an open standard for connecting AI assistants to external tools and data sources. Instead of copying output between terminals, you describe what you want in natural language and the AI calls the right tools automatically.

mcilspy exposes 16 tools and 2 prompts through MCP, making .NET reverse engineering a conversational workflow:

“Search for any hardcoded API keys in MyApp.dll”

The AI calls search_strings and search_fields with the right parameters, aggregates the results, and explains what it found — no manual CLI invocation needed.

Supported Formats

Section titled “Supported Formats”
  • .NET Framework assemblies (2.0 through 4.8)
  • .NET Core / .NET 5 through 9+ assemblies
  • Any PE file with .NET metadata
  • NuGet packages (via dump_package extraction)