Olly & .NET

[peleon]

Hello,

I have started playing with .NET and I'd like to debug a bit inside them to have a closer inside using Ollydbg.

When I load a .NET EXE in Olly, it won't stop in .NET entry point (Jmp _CorExeMain). I have tried with all kind of stops options when application loaded but nothing, the application just starts running and Olly does not break on it.

Anyone has managed to do it?

Thanks.

im not expert in .net field, but isnt .net something like java? so really this pe exe isnt exe its just like dos info in PE file, this program cant be run under dos, so same here with pe, you need .net enviroment like java. so only way is wait for olly2 or debug .net tools that start this exe, or maybe look on .net exe specification and it maybe has additional structure like tls in execryptor

[Hero]

It is strange....
As I remember .NET is IL not normal assembly,then I don't think that you could debug it using olly.
Isn't it?

sincerely yours

The _CorExeMain function is indeed the main entrypoint of .NET runtime loader. However, things are a little more complicated. On Windows 2000, the Windows PE loader treated .NET exes just like normal ones regarding this import - you could put a BP there and it would stop. With XP though, the Windows PE loader handles .NET assemblies internally, and don't call/use that entry in import table.

Besides, like others said, .NET assemblies are just bytecode compiled to native instructions in runtime. So, you can't use x86 debuggers (well, you can, but you'd be tracing framework's compiler/runtime Use, for example, cordbg from .NET SDK (MSDN article)

You could not trace dot net file by OllyDbg or SoftICE. It is not a normal PE files. Indeed program runs in Virtual Machine of dot net core. It is clear by normal assembly debugger, you do not have any success to trace by OllyDbg. It has IL assembly langauge codes which run in a VM such as Java VM. If you want to trace a dot net program, the following link might be useful to you:

http://www.smidgeonsoft.prohosting.com/pebrowse-pro-interactive-debugger.html

[peleon]

Hello guys,

Thanks for your feedbacks.

Well, I know about Olly is not the one to trace over assemblies, but I just wanted to debug inside the .NET framework (mscorlib, etc), so I can see how metadata is read, strong name bullshit, etc Just to have an internal look how the misterious .NET runs inside

Vodu: thanks for the pebrowse link, I used it but I have to learn more about it. I am so used to the nice Olly that is difficult for the to debug with other debuggers

Thanks.

Quote:

Originally Posted by peleon

Vodu: thanks for the pebrowse link, I used it but I have to learn more about it. I am so used to the nice Olly that is difficult for the to debug with other debuggers

For tracing .NET file it has also a tutorial:
http://www.smidgeonsoft.prohosting.com/documentation/pebrowse-pro-interactive-debugger-tutorial-introduction.html

or you can take a look at:
http://www.smidgeonsoft.prohosting.com/documentation.html

[NeOXOeN]

vodu thx i was looking for something like this for long time...

I think pebrowse-pro-interactive-debugger.html isnt good for debuger NeT.. but it would be nice to see this option in olly.. i think some plugin would be nice :P

thx..
bye

Quote:

Originally Posted by NeOXOeN

vodu thx i was looking for something like this for long time...

I think pebrowse-pro-interactive-debugger.html isnt good for debuger NeT.. but it would be nice to see this option in olly.. i think some plugin would be nice :P

thx..
bye

So do I !