Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-23-2014, 02:20
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
DnlibEditor

DnlibEditor is an assembly editor and runs as a plug-in for Red Gate's Reflector.
DnlibEditor is using dnlib by 0xd4d and is able to manipulate IL code and save
the modified assemblies to disk.
DnlibEditor is a replacer for Reflexil plugin.

Separator for Decimal symbol is the one specific for each language -
look on Control Panel for "Regional and Language Options".
Array separator (i.e. for constants) is the ',' char!

Generic type ("-> Generic type refence") are not supported!!

For Windows 64 bit:
DnlibEditor.dll is an 32 bit assembly so can't be loaded
by 64 bit processes like Reflector.exe
So load Reflector.exe on your favorite PE editor
(CFF Explorer is a good one), goto .NET Directory and change
the Flags value: make sure the "32bit required" flag is marked!

Changing Reflector version:
You will need to change the Reflector assembly version
since it has a reference to old Reflector 7.0 version!
For this task use ReferencedVersionChanger! (attached)
Simply add DnlibEditor.dll to the list by clicking "Add files" button
and after that click the "Get them from file" button and select
your Reflector.exe file!
Finish it using Execute button!

Let me know about any bug you may find!
Attached Files
File Type: zip ReferencedVersionChanger.zip (17.2 KB, 73 views)

Last edited by CodeCracker; 04-23-2017 at 21:30.
Reply With Quote
The Following 10 Users Gave Reputation+1 to CodeCracker For This Useful Post:
0xd4d (09-23-2014), ahmadmansoor (09-23-2014), chessgod101 (09-29-2014), emo (10-09-2014), Levis (09-24-2014), nikkapedd (09-28-2014), quygia128 (10-07-2014), riverstore (10-19-2014), the_beginner (09-25-2014), uel888 (09-26-2014)
The Following 3 Users Say Thank You to CodeCracker For This Useful Post:
Black_Legion (10-12-2015), NoYes (04-04-2015), s0me0n3 (09-28-2015)
  #2  
Old 09-23-2014, 22:46
0xd4d 0xd4d is offline
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 78
Rept. Given: 12
Rept. Rcvd 308 Times in 44 Posts
Thanks Given: 2
Thanks Rcvd at 175 Times in 24 Posts
0xd4d Reputation: 300-399 0xd4d Reputation: 300-399 0xd4d Reputation: 300-399 0xd4d Reputation: 300-399
Some questions CodeCracker. (I don't use Reflector at all)

Does it support mixed mode assemblies?

Is it not possible to build it as AnyCPU so it can be loaded without modifying Reflector?
Reply With Quote
  #3  
Old 09-25-2014, 01:45
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
It should support mixed mode assemblies!

As for AnyCPU I've tried to set it with SharpDevelop 4.0!
But Reflector was not able to load even some simple plugins!
Do you know which are the differences between AnyCPU and x32 assemblies?
Reply With Quote
  #4  
Old 09-25-2014, 02:07
0xd4d 0xd4d is offline
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 78
Rept. Given: 12
Rept. Rcvd 308 Times in 44 Posts
Thanks Given: 2
Thanks Rcvd at 175 Times in 24 Posts
0xd4d Reputation: 300-399 0xd4d Reputation: 300-399 0xd4d Reputation: 300-399 0xd4d Reputation: 300-399
The difference is that AnyCPU should be usable by any .NET DLL (32-bit or 64-bit or AnyCPU executable), but x86-only can only be loaded by 32-bit processes.
Reply With Quote
  #5  
Old 09-25-2014, 02:21
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
What I mean: what are the actual differences? I know that for AnyCPU "32bit required" flag
should be unmarked! But what other differences are?
Reply With Quote
  #6  
Old 09-25-2014, 03:43
0xd4d 0xd4d is offline
Lo*eXeTools*rd
 
Join Date: Mar 2012
Posts: 78
Rept. Given: 12
Rept. Rcvd 308 Times in 44 Posts
Thanks Given: 2
Thanks Rcvd at 175 Times in 24 Posts
0xd4d Reputation: 300-399 0xd4d Reputation: 300-399 0xd4d Reputation: 300-399 0xd4d Reputation: 300-399
AFAIK, that's the only difference between an AnyCPU assembly and an x86-only assembly.
Reply With Quote
  #7  
Old 09-25-2014, 05:01
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
Quote:
Originally Posted by 0xd4d View Post
AFAIK, that's the only difference between an AnyCPU assembly and an x86-only assembly.
100% correct! The problem was my ungenuine Reflector!
So all we have to do is umarking "32bit required" flag for both Reflector.exe and DnlibEditor.dll
Go to .NET Directory and change the Flags value: make sure the "32bit required" flag is unmarked!
Tested on Windows 7 64 bits and all seems to work ok!
Reply With Quote
  #8  
Old 09-25-2014, 07:16
s0me0n3 s0me0n3 is offline
Family
 
Join Date: Mar 2012
Posts: 134
Rept. Given: 42
Rept. Rcvd 95 Times in 33 Posts
Thanks Given: 16
Thanks Rcvd at 43 Times in 28 Posts
s0me0n3 Reputation: 95
May I ask what is better on it compared to Reflexil? I mean, if it's basically doing the same without any difference/advantage, it wouldn't make sense to code it so there has to be something different and I would like to know what it is before I replace Reflexir.
Would you mind explaining it to me and others eventually going to use it?
Reply With Quote
  #9  
Old 09-25-2014, 17:53
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
The major difference is migrating from Mono.Cecil to dnlib! You should keep in mind that dnlib is much better then Mono.Cecil!
As a result mixed mode assemblies are supported!
Also when you save the module definition all tokens are preserved, when you save the assembly definition tokens are not preserved.
Reply With Quote
  #10  
Old 10-06-2014, 17:02
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 850
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
This tool that you developed is amazing, for those who like reverse engineering regarding "net assembly" will certainly think twice before using the reflexil, because this does not support the mixed mode. I tested it in some net assembly in "mixed mode" and works very fine. Thank You CodeCracker
Reply With Quote
  #11  
Old 12-04-2014, 23:25
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
What's new:
- Some bugs fixed;
- Save assembly/module changed, now shows a form with two options:
- "Perserve" - perserve tokens and streams
- "KeepOldMaxStack" - if you select this option you will be able to save obfuscated assemblies.

Last edited by CodeCracker; 04-23-2017 at 21:28.
Reply With Quote
The Following 10 Users Gave Reputation+1 to CodeCracker For This Useful Post:
besoeso (12-07-2014), BetaMaster (12-15-2014), canopus (12-05-2014), chessgod101 (12-05-2014), dnvthv (12-05-2014), emo (12-05-2014), kjms (12-04-2014), nikkapedd (12-07-2014), sh3dow (12-12-2014), wilson bibe (12-05-2014)
The Following User Says Thank You to CodeCracker For This Useful Post:
s0me0n3 (09-28-2015)
  #12  
Old 12-15-2014, 17:41
s0me0n3 s0me0n3 is offline
Family
 
Join Date: Mar 2012
Posts: 134
Rept. Given: 42
Rept. Rcvd 95 Times in 33 Posts
Thanks Given: 16
Thanks Rcvd at 43 Times in 28 Posts
s0me0n3 Reputation: 95
After some testing your first version, I am pretty happy you actively develop and maintain it.
One request:
If you entered eg ldc.i4.1 manually through pasting via clipboard, it refused to save it. You have to select it with your mouse so it gets accepted, pretty annoying in some cases where you enter some quick command with your keyboard and it refuses to accept it.
This behaviour however does not occur with Reflexir so I guess there is some small messup. Any quick and clean way to fix this, too if not done already? Thanks in advance.
Reply With Quote
  #13  
Old 12-15-2014, 18:48
s0me0n3 s0me0n3 is offline
Family
 
Join Date: Mar 2012
Posts: 134
Rept. Given: 42
Rept. Rcvd 95 Times in 33 Posts
Thanks Given: 16
Thanks Rcvd at 43 Times in 28 Posts
s0me0n3 Reputation: 95
My edit wasn't saved, servers are slow these days for me:
I quickly checked your latest version. It still selects 'add' instead of your manually entered command. Please fix it, it's going to add alot usability imo.
Reply With Quote
  #14  
Old 09-28-2015, 19:26
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
DnlibEditorFixedEdition

- Fixed: now you can simply paste the opcode
(as text for exemple ldc.i4.1) in opcode combo,
- Added: NoThrowInstance when saving assemblies

Last edited by CodeCracker; 04-23-2017 at 21:30.
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
riverstore (10-04-2015)
The Following User Says Thank You to CodeCracker For This Useful Post:
riverstore (10-04-2015)
  #15  
Old 10-11-2015, 21:04
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 453
Rept. Given: 27
Rept. Rcvd 398 Times in 129 Posts
Thanks Given: 21
Thanks Rcvd at 1,812 Times in 348 Posts
CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399 CodeCracker Reputation: 300-399
On instructions added

On instructions added:
- Search for opcode or operand
- Go to instruction index or instruction offset
Attached Files
File Type: zip DnlibEditor.zip (489.0 KB, 28 views)
Reply With Quote
The Following 2 Users Say Thank You to CodeCracker For This Useful Post:
Black_Legion (10-12-2015), Ghost0507 (10-14-2015)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 11:38.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )