Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 12-13-2009, 08:09 AM
min2max min2max is offline
Junior Member
 
Join Date: Dec 2009
Posts: 1
Question

I am new to reverse engineering altho I am experienced programmer. Basically, I want to decompile a .net dll so I can look at the source code (method names and data structures at least). This dll is used by another application and is not an exe file.

I can not open the file in .net reflector (invalid number of data directories in NT header). I can open the dll in CFF explorer, but the interesting classes/methods are obfuscated. I used a tool called DotNetId that says it is most likely protected by MaxtoCode.

questions:

1. how can I de-obfuscate this dll?
2. are there tools to decompile this dll?

also, what does unpack mean exactly?

thanks.

after doing a lot more reading I dont think this dll is protected by maxtocode as I cannot find the maxtocode runtime dll on my computer.

Ok, I am able to view the IL with ildasm1.1.exe. The most interesting class is partially obfuscated/encrypted (the member variables names are encrypted). Other class names are also encrypted. So either I somehow figure out how to decrypt to make it more readable OR is there a way to decompile from the IL? I am basicially flying by the seat of my pants here. This is probably child's play for someone who knows this stuff. Any help/suggestions appreciated.

Last edited by min2max : 12-13-2009 at 09:09 AM. Reason: more info
Reply With Quote
  #2  
Old 12-13-2009, 12:54 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Quote:
invalid number of data directories in NT header
usually means an old version of .NET reactor !
so many tutors on this, google google google
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.