Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 05-10-2008, 07:21 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Wink .NET Profiler

This is a simple project that I'm working on in order to build a tool that can dump and rebuild encrypted assemblies that use JIT hooking and similar protection schemes, It uses Profiling APIs to dump IL code and then rebuild the original assemblies.

It's about 50% done and it works against assemblies built with framework 1.1 only !!

But it still needs some work to make it compatible with .net framework 2.0 and laterz.

This is a snapshot that shows how you can see when certain methods are compiled, you need DebugView tool to see this in realtime which you will find in the file below.



Download Sample from here :

http://www.filesend.net/download.php...aea0300b8ac4c7

Bug reports are welcome...
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #2  
Old 05-10-2008, 01:07 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

nice job. ..
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #3  
Old 05-10-2008, 01:58 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

GJ. Looks like you and Daniel are into my JIT hooks. I'll be rewriting my crackme soon after Daniel releases his spiel on .NET native compiling. Then, we'll see how long it lasts (1 day? lol) :P
Reply With Quote
  #4  
Old 05-11-2008, 06:05 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Wink Profiler for Framework 2.0

Finally and after too much sweat and pain It works for assemblies built with framework 2.0 !
Still in viewing mode but I will start the dumping process soon.

Check this here...

http://www.filesend.net/download.php...cbdad4b4657ec9

Enjoy...
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #5  
Old 05-11-2008, 08:16 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

kewl


Reply With Quote
  #6  
Old 05-20-2008, 10:55 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default Kdd

This is the beta version that can dump all methods on the fly.

1 - Select the executable assembly
2 - Click "Start"
3 - Check the "\Dump" folder in the selected assembly's folder to see the dumped methods


greetz.

http://www.gigasize.com/get.php?d=kcdv6o3z3xb

P.S : This is not the final shit
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #7  
Old 05-20-2008, 01:06 PM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

@Kurapica: I see many dumped files in Dump folder. Do they contain bytes cod of IL ?
__________________
My site: http://rongchaua.net
Reply With Quote
  #8  
Old 05-20-2008, 02:18 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Yes, every file represents an IL method that was compiled.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #9  
Old 05-21-2008, 12:29 AM
tankaiha tankaiha is offline
Member
 
Join Date: May 2007
Posts: 30
Default

cool staff!
two advice:
1) emit all IL to Rebel.Net file format. So we can use Rebel.Net to rebuild assembly.(see NTCore.com)
2) i don't check, but does it has some anti-anti-profiler function?

let's make this profiler dumper better
Reply With Quote
  #10  
Old 05-21-2008, 02:51 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

@tankaiha : Thanks for the tips, I think I will work on those two ideas soon.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.