We had an interesting scenario at a client’s a couple of months ago. A staff member had deleted the source code repository for an ASP.NET Web API from Azure DevOps – their justification was that the repository had the name “to be deleted”, so they went ahead and deleted it.
Months later, they realised that actually, the application is still in use in production, and we need the source code back. It could not be restored from Azure DevOps, as it had been deleted too long ago.
An old timer (Mark) had recently left the company and so handed in his laptop, which, fortunately, hadn’t been reformatted, and still had a copy of the source code of the deleted repository on it. So they took the code from his laptop and added it back to Azure DevOps.
But it was always thought that the code recovered from Mark’s laptop wasn’t the latest version of the code, and that what was deployed to production was newer than the recovered code. Therefore the recovered code is read-only and only for reference, and we couldn’t deploy any changes to the API.
About a year goes by, and we need an enhancement done to the production API, which I’m asked to have a look at.
So, I first needed to determine if the source code really was older than what was really deployed. We came up with a plan:
- deploy the recovered source code for the API to our test server
- download the compiled dlls from the test Azure app service
- download the compiled dlls from the production Azure app service
- decompile the compiled dlls from both to reverse-engineer the source code
- compare the decompiled source code from both to determine what code changes there are
It could have been quite a laborious process, because the application in question had lots of projects (.csproj files) and thus lots of dlls (28) to compare. But I found a couple of tools which helped greatly.
- ILSpy (free)
- Beyond Compare (free trial)
Download the dlls from Azure
You can do this from the Azure Portal using the Kudu console, aka “Advanced tools”, and then the CMD Debug Console:
Decompile source code from the Azure app service website
ILSpy is a great tool for this, and it’s free.
- Open ILSpy, and clear out the Assemblies window (Ctrl-A, delete)
- Unzip the wwwroot folder you downloaded above
- Select the .dlls containing your source code
- Drag them into ILSpy’s Assemblies window
- Select all of the Assemblies in ILSpy (Ctrl-A)
- File -> Save Code. ILSpy will generate a Visual Studio .sln file containing all the code for you – too easy!
I did this for our test server (from the recovered source code), and then again for the code in production.
Compare content of two folders
Once I had my decompiled source from test and production, I needed to compare the 2 to check for differences.
I couldn’t find a decent free tool to easily compare the content of 2 folders. I ended up using Beyond Compare, which I first saw over ten years ago. It has a free trial. I tweaked its options to ignore timestamps.
Leave a comment if you know of a decent freeware tool for comparing folders.
Results
I did find a couple of minor changes between the decompiled code in test and production. I also needed to check other non-code files such as web.config for differences. In the end it looked to me that what was on our test server was actually a newer version than what was in production. I figured that Mark probably had develop branch with some minor fixes (which never made it to prod) checked out on his laptop when it was recovered, and so what was deployed to prod was older.
I was able to add the requested minor enhancement, but also the team was stoked to know that they now have the source code for their API back. Although, it’s a legacy API which is on the roadmap to be replaced in the next few months anyway…