Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 05-22-2008, 07:22 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Post Version 0.3 with tracing

Now you can see messages in real time for events without using DebugView or any other external tools.

http://www.sendspace.com/file/nypukc


Enjoy.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #12  
Old 07-04-2008, 10:38 AM
rymez2K rymez2K is offline
Junior Member
 
Join Date: Feb 2008
Posts: 2
Default

Kurapica
Great work. This tools is nice.
One question...
Is there a way to use the dumped files to overwrite methods in another assembly.
I have an assembly that has empty methods which I would like to fix with what gets dumped with KDD.
Many thanks
Reply With Quote
  #13  
Old 07-04-2008, 01:53 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

The idea of this tool is to achieve two objects:

1 - It will dump the body of every Method (Function, Procedure) called by the executable assembly you select, The dumping occurs whenever compiler enters that method, for example if you Click some button and this button calls method "CheckLicense" then you will find a file named "CheckLicense.txt" in the "\Dump" folder.

2 - It will show you in details the methods being called and also the modules that your application loads so it could be used as a simple tracing utility for .net assemblies.

I wrote this tool to help me rebuild assemblies protected with JIT hooking technique, those assemblies can't be explored in Reflector because their methods' body is encrypted and only decrypted in runtime when the method is called so you will see no code in reflector, I assumed that I will have access to the encrypted MSIL code of the methods using Profiling APIs, there was a 50% chance of success but it turned out to be only useful against certain protections like the one that LibX coded which depends on System.Reflection.Emit.DynamicMethod to excute protected methods.

you can find more on LibX protection here
hxxp://www.reteam.org/board/showthread.php?t=799

You can also copy/paste bytes of the method you want to replace, but this needs some work because you may need to modify some fields including .txt section properties and some other values, but it is possible to replace some method's code by the code you get from the dump.

greetz.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.