Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   .NET Reverse Engineering (http://www.reteam.org/board/forumdisplay.php?f=28)
-   -   advise on .net executable (http://www.reteam.org/board/showthread.php?t=2136)

remko 12-09-2009 11:22 AM

I tried sn already it reports: target.exe does not represent a strongly named assembly

ILDasm doesn't work on the original exe, it reports Protected module -- cannot disassemble.

Maybe I can set a breakpoint and inspect the value? Can you recommend a debugger for this?

remko 12-09-2009 08:07 PM

Using debugger I watched the result and it is 0x00000005 so I inserted opcode ldc.i4.5.
Using reflector the code is now:
Code:

public static string Method_00(int num1)
{
    byte[] buffer;
    lock (typeof(Class_01))
    {
        if (Field_00 == null)
        {
            Assembly executingAssembly = Assembly.GetExecutingAssembly();
            Field_00 = executingAssembly.GetManifestResourceStream(executingAssembly.ManifestModule.ModuleVersionId.ToString("B"));
            byte[] publicKeyToken = executingAssembly.GetName().GetPublicKeyToken();
            if (publicKeyToken != null)
            {
                int num = 0;
                do
                {
                    Field_01 = 7;
                    num += 2;
                }
                while (num < (publicKeyToken.Length - 1));
            }
            Field_01 = 5;
        }

But still crashes

bball0002 12-09-2009 11:46 PM

For SmartAss'd targets, I usually use a loader. You can use a loader to modify the method while it's in memory. Just use CFF Explorer to get the Virtual Offset of the opcode that you want to patch, and patch it in memory. If you don't want to make your own loader you can use DUP to create one for you.

Modifying the method in memory bypasses all of those checks that SmartAssembly makes to the methods/exe.


All times are GMT -4. The time now is 09:46 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.