Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   dnSpy oddities (https://forum.exetools.com/showthread.php?t=19201)

LaptoniC 04-20-2019 23:51

dnSpy oddities
 
Hi,
I am trying to reverse a net app for fun and tried to use dnSpy for the job. I found the methods in dll and edit the method and saved the file. When I run with dnSpy debugger, it works. If I run it directly my patch doesn't have any effect. I figured out it is loading files from C:\Windows\assembly\NativeImagesxx. I tried to ngen.exe but now apps don't open at all. What am I doing wrong? Sorry it's been a long time I have touched those tools I am kind a lost lol

the_beginner 04-21-2019 12:07

It's depend how you patch the file, it can be also the location of the file. I remember I was Patching one file, everything was fine, show registered in the debugger, I closed open without dnspy, not working, again in dnspy and then I saw, dnspy loaded always a new dll. Try to patch the file in dnspy, if it is not work, find the location of the bytes and patch it with a hexeditor.

ymg2006 04-21-2019 19:04

you will have to understand how GAC and ngen works, you'll have to probe about signatures in .net (signed assembly).
as far as i know dnSpy is working perfectly.

tonyweb 04-21-2019 19:20

@LaptoniC
Start by uninstalling the file from the GAC ...
Code:

ngen uninstall AssemblyName
... and see if it makes any difference.

Regards,
Tony

LaptoniC 04-24-2019 21:37

Thanks @tonyweb it worked when I uninstalled it.

s0me0n3 05-05-2019 22:34

1 Attachment(s)
When I play around with that kind of things, I locate the corresponding path and files inside the win dir with this small regfile content:

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion]
"DisableCacheViewer"=dword:00000001

Maybe it's helpful for somebody. :)


All times are GMT +8. The time now is 20:45.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX