View Single Post
  #1  
Old 12-13-2009, 08:09 AM
min2max min2max is offline
Junior Member
 
Join Date: Dec 2009
Posts: 1
Question

I am new to reverse engineering altho I am experienced programmer. Basically, I want to decompile a .net dll so I can look at the source code (method names and data structures at least). This dll is used by another application and is not an exe file.

I can not open the file in .net reflector (invalid number of data directories in NT header). I can open the dll in CFF explorer, but the interesting classes/methods are obfuscated. I used a tool called DotNetId that says it is most likely protected by MaxtoCode.

questions:

1. how can I de-obfuscate this dll?
2. are there tools to decompile this dll?

also, what does unpack mean exactly?

thanks.

after doing a lot more reading I dont think this dll is protected by maxtocode as I cannot find the maxtocode runtime dll on my computer.

Ok, I am able to view the IL with ildasm1.1.exe. The most interesting class is partially obfuscated/encrypted (the member variables names are encrypted). Other class names are also encrypted. So either I somehow figure out how to decrypt to make it more readable OR is there a way to decompile from the IL? I am basicially flying by the seat of my pants here. This is probably child's play for someone who knows this stuff. Any help/suggestions appreciated.

Last edited by min2max : 12-13-2009 at 09:09 AM. Reason: more info
Reply With Quote