Exetools - View Single Post

SystemeD · #16 03-11-2005, 01:25

Quote:

Originally Posted by newbie_cracker

As jjhsd said, in case of obfuscated, decompiling and compiling again, may not possible sometimes.

It's not completely true...
Probably you are saying this because ildasm crashes while dumping, but this only means that obfuscator inserted some invalid metadata. So:
1 - If you find and remove this metadata you are still able to decompile/recompile.
2 - Future version of ILDASM will be able to manage invalid metadata so it would not be a problem anymore.

Quote:

Originally Posted by zacdac

...but for an asp.net assembly you will need to also patch the strong named attribute which is stored as meta data before the RAS key.

It's true, I tried it by myself. I made some experiments and finally I found the way to do that. Well, you have to patch the Strong Name length as for Win apps and than patch this (again 80h to 00h):

Code:

00012140   0E 0E 04 20 01 01 02 03  20 00 01 80 A0 00 24 00   ... .... ..€ .$.
00012150   00 04 80 00 00 94 00 00  00 06 02 00 00 00 24 00   ..€..��........$.
00012160   00 52 53 41 31 00 04 00  00 01 00 01 00 CD 62 12   .RSA1........&#205;b.
00012170   05 0E 7C CD 6F 51 AF 2C  41 FD CC 65 44 AC E3 CF   ..|&#205;oQ&#175;,A&#253;&#204;eD&#172;&#227;&#207;

Recompile the app that use the dll and... enjoy!