deckard 12-10-2002 04:12

.NET cracking tut or hints ?
Have you seen one ? What tools are used to debug .NET apps ?
What's the best approach ?

Thanx in advance


deckard 12-11-2002 03:00

nobody ? ever ?
OK, different question :

I've got the code dissassembled into IL, I found my piece I was looking for, but now what ?
Is there a way to debug it, or what other tools are needed ?

If I have IL like this :

IL_001f: call string [Idxx]xxx.Lib.Misc.Idxx::GetSerial(string)
IL_0024: callvirt instance string [mscorlib]System.String::ToUpper()
IL_0029: stloc.2
IL_002a: ldarg.0
IL_002b: ldstr "edSer"
IL_0030: call instance string [CtlLib]xxx.Lib.CtlLib.SomeControl::GetInput_Value(string)
IL_0035: stloc.3
IL_0036: ldloc.2
IL_0037: ldloc.3
IL_0038: callvirt instance bool [mscorlib]System.String::Equals(string)
IL_003d: ret

how can I "sniff" what values are compared ? How can I found, where exactly are those instructions ? Is there a breakpoint (symbols ?) to set in SIce , or it can be debugged in some other tool ?

And another question : can I "rip" some function (I mean REAL asm code, not some pseudocode) from .net dll ? Or call that function from dll from my non-.NET app ?

Thank you very much

deckard 12-12-2002 01:00

Thank you for answering.

Actually - most of tools you named, are so called OBFUSCATORS, which (if I understand them right) just somehow 'scramble' or rename metadata and all names there - so they are harder to disassemble and understand.
They are something like packers or protectors for 'normal' PE files...

What I needed was decompiler for IL, or some tool to 'relate' IL code produced by ILDasm and REAL (I mean executed) code in CLR, because IL is just some kind of p-code....

One decompiler you mentioned is Anakrino, but I couldn't make that one work :( It just starts ... and ends. No gui, nothing.

But I already solved my problem different way - I learned MSIL and have rewritten needed function in classical C.

Anyway, if somebody knows, how to debug IL, or how to patch it, or use it with non-.NET app, any info is welcome ...


