Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 07-08-2008, 04:37 PM
tribal tribal is offline
Join Date: Jun 2008
Posts: 11
Default disassemble xenocode protected file


I have an application which is obfuscated and packed by xenocode.
I used olly to unpack the .net assembly which seem to have worked. If I open the app when another instance is already running, I get the normal error message that the app is already running, so the binary seems to be good.

To remove the licence protection I want to edit some msil code and re-compile the app so it works without the licence.

However, if I disassemble the file using ildasm I get allot of unresolved function names (e.g. '?'(object '?',). I dont really know how i can resolve this problem. Using general de-obfuscators seem to break the program, reassembling the program doesnt work. (it breaks on all the xenocode functions. If i comment those functions out i get errors on the unresolved symbols).

Im a noob in reversing .net and still learning, and I dont know where to go from here.

fwiw, the licence lib used is If i try to load that dll into reflector it says // Invalid method body. I got stuck there also, so i tried this approach which fails also...
Reply With Quote
Old 07-09-2008, 12:32 PM
tribal tribal is offline
Join Date: Jun 2008
Posts: 11

Hm, I figured out 1 solution:

1) Unpack exe and other files of the virtual FS
2) Create own signed license dll that has all used functions implemented
3) Change public signature from original license dll to the signature of own license dll in the unpacked exe
4) works

My original question still stands, I would like to be able to disassemble and re-assemble the file using il(d)asm.

My next question: Is it possible to use the public signature of the original dll file as the public signature of my own dll file? This doestn require me to fully unpack and patch the original binary...

Last edited by tribal : 07-09-2008 at 12:34 PM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.