Simple edit of a PE

RapidCrash · #1 05-22-2009, 05:54 AM

Alright, so I have recently unpacked an executable that was originally protected with Codeveil. The executable works perfectly (given the other required assemblies of course), and so all I need to make is a simple edit. However whenever I load it up in Reflector, Reflexil keeps crashing on it, I'm getting "Object reference not set to an instance of an object.", and with other tests, it shows some RVA pointer gone wrong.
Here is the executable: *removed - sorry but considering some people such as Eaton are on here, I can't really risk a leak*

Is there any way you can see of editing this? I extracted the original executable with WinHex if that helps, other programs didn't extract it in any workable form. It also gives errors for other programs, such as deobfuscators. Dotdeobfuscator is what told me about the RVA pointer error if that helps.

Kurapica · #2 05-22-2009, 06:14 AM

Editing a veiled application with Reflexil is not possible, Reflexil is very sensitive towards modifications of assembly strucutre, so any invalid value will render reflexil useless.

solution is to learn the manual way, yeah you have to do it manually using Ildasm and any hex editor you like.

greetz

RapidCrash · #3 05-22-2009, 06:25 AM

Quote:

Originally Posted by Kurapica

Editing a veiled application with Reflexil is not possible, Reflexil is very sensitive towards modifications of assembly strucutre, so any invalid value will render reflexil useless.

solution is to learn the manual way, yeah you have to do it manually using Ildasm and any hex editor you like.

greetz

Well I guess what I really want to know is what exactly is wrong with my application? It seems that just about any program will crash on it except for raw il disassembly.

Kurapica · #4 05-22-2009, 11:15 AM

Quote:

The executable works perfectly (given the other required assemblies of course)

that's good news, but editing a codeveil dump is not possible with common tools like for example Reflexil.

What exactly do you want to edit in your application ?

RapidCrash · #5 05-22-2009, 03:38 PM

Quote:

Originally Posted by Kurapica

that's good news, but editing a codeveil dump is not possible with common tools like for example Reflexil.

What exactly do you want to edit in your application ?

there's a single check. It follows:

if (dictionary != null)
{
goto Label_012E;
}

What I want to do is change the != operator to == operator, or something of the sort. The single IL instruction i want to change is from brtrue.s to brfalse.s
Would you know of any way to accomplish this?

Kurapica · #6 05-22-2009, 05:07 PM

You need to RTFM

there are many turors on editing MSIL code using many techniques and it's so easy in your case, simply go here and read some tutors.

http://portal.b-at-s.info/download.php?list.2

good luck

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode