Quick Start

First Analysis

Once mcilspy is installed and configured with your MCP client, you’re ready to analyze .NET assemblies.

1. Point at an assembly

   Give your AI assistant a path to any .dll or .exe:

   “Analyze the assembly at /path/to/MyApp.dll”

   The assistant will call get_metadata_summary to get a quick overview — type counts, method counts, referenced assemblies, and target framework.

2. Explore the types

   “List all the classes and interfaces in MyApp.dll”

   This calls list_types to enumerate everything in the assembly, organized by namespace.

3. Search for something specific

   “Find all methods with ‘Login’ in the name”

   The assistant uses search_methods to find matching methods across all types, showing you their declaring types and visibility.

4. Decompile what interests you

   “Decompile the AuthService class and explain what it does”

   This calls decompile_assembly with the specific type name, returning full C# source code. The assistant reads and explains the implementation.

5. Go deeper

   “Search for any hardcoded API keys or connection strings”

   The assistant combines search_strings and search_fields to find embedded secrets — URLs, keys, passwords, and configuration values.

Recommended Workflow

When analyzing an unknown assembly, this sequence covers the most ground:

Step	Tool	Purpose
1	get_metadata_summary	Quick reconnaissance — how big is it? What does it reference?
2	list_types	Discover what types exist
3	search_types / search_methods	Find specific types or methods by pattern
4	search_strings / search_fields	Find hardcoded strings and constants
5	decompile_assembly	Deep dive into specific types
6	generate_diagrammer	Visualize type relationships
7	list_resources	Check for embedded files

Tip

Steps 1–4 use metadata tools and work without ilspycmd. Steps 5–7 require it for full decompilation. You can always start with metadata exploration and install ilspycmd later when you need deeper analysis.

Example Prompts

Here are natural language prompts that work well with mcilspy:

Security analysis:

“Search for any URLs, API keys, or connection strings in MyApp.dll”

Architecture exploration:

“List all interfaces in this assembly and show me the dependency structure”

Source recovery:

“Decompile the entire assembly to a project I can build”

Targeted investigation:

“Find all methods that handle HTTP requests and decompile them”

Library understanding:

“Show me how Newtonsoft.Json handles circular references”