Quote:
|
Originally Posted by SystemeD
I didn't try the attachment but I suggest you to not patch mscoree.dll because it's a framework .net assembly and it would be better achieve your result, patching your app and not the framework. Try to disassemble the prog, find a way to recognize the strong name signature lenght inside the file and patch it.
Remember the "/adv" option while running ILDASM, it will give you more advanced feature when dumping (i.e. dump metadata and so on).
Good luck
|
Thanks SystemeD.
Here are some updates. I found the byte where strong name signature's length is stored. Search for 00 80 00 and it is around 0x1020. change it to 00 00 00 will bypass the checkings.
I tested this on three programs. It seems this position is fixed. I have patched two programs by myself (LLBLGen Pro and ReSharper).
for anyone who can read Chinese and interested in reverse engineering, pelase check this article:
hxxp://www.cnblogs.com/feidao/archive/2004/08/17/32555.aspx
at the very beginning, the author mentioned he tried to rewrite the CheckSum and GetExpirationDate function but failed. The reason is he didn't patch the signature length byte, if it is changed from 80 to 00, then the program will be fully cracked. That's the thing i tried two days ago.
anyway, thanks for all the people who helped me. I have learned a great deal! ^__^