Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   .NET Reverse Engineering (http://www.reteam.org/board/forumdisplay.php?f=28)
-   -   Newbie questions (http://www.reteam.org/board/showthread.php?t=2146)

min2max 12-13-2009 08:09 AM

I am new to reverse engineering altho I am experienced programmer. Basically, I want to decompile a .net dll so I can look at the source code (method names and data structures at least). This dll is used by another application and is not an exe file.

I can not open the file in .net reflector (invalid number of data directories in NT header). I can open the dll in CFF explorer, but the interesting classes/methods are obfuscated. I used a tool called DotNetId that says it is most likely protected by MaxtoCode.

questions:

1. how can I de-obfuscate this dll?
2. are there tools to decompile this dll?

also, what does unpack mean exactly?

thanks.

after doing a lot more reading I dont think this dll is protected by maxtocode as I cannot find the maxtocode runtime dll on my computer.

Ok, I am able to view the IL with ildasm1.1.exe. The most interesting class is partially obfuscated/encrypted (the member variables names are encrypted). Other class names are also encrypted. So either I somehow figure out how to decrypt to make it more readable OR is there a way to decompile from the IL? I am basicially flying by the seat of my pants here. This is probably child's play for someone who knows this stuff. Any help/suggestions appreciated.

Kurapica 12-13-2009 12:54 PM

Quote:

invalid number of data directories in NT header
usually means an old version of .NET reactor !
so many tutors on this, google google google :D


All times are GMT -4. The time now is 05:52 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.