#1
|
|||
|
|||
.Net native compiling
Hi all!
I do have a Dll protected with Remotesoft Salamander. This protector compiles native .Net code to asm without destroying the .Net methods. The methods only do have a stack and ret variable. Code:
.method family hidebysig virtual instance void ProtMethod() noinlining { .maxstack 8 ret } Sadly I don't know how to map the methods to the asm code? Is there any tutorial for solving this kind of protection? Thanks! |
#2
|
|||
|
|||
Don't believe these protectors. Grab the IL from memory as each method is called.
|
#3
|
|||
|
|||
do you mean runtime trace? what if a method is not invoked during runtime?
|
#4
|
|||
|
|||
Since I'm new to .net reversing could you please elaborate on this?
Maybe with a tutorial or the kind of tools and steps used. Thanks! |
#5
|
|||
|
|||
just try that tools for .net or run the app and dump it .. u will see it will often work that easy
|
#6
|
|||
|
|||
Does Redgate reflector shed on light on this dll? or does it refuse due to the native code?
|
#7
|
|||
|
|||
@atzplzw
Remotesoft Salamander crypts your original IL (and store it encrypted in PE) and only at run-time (when JIT is invoked) code is decrypted on the fly and executed ... JIT hooking and decryption are handled by a native DLL shipped with any protected program (name can vary but you can find RemoteSoft copyright in File Info :P) . For version 3.5 I analyzed, the process isn't too hard .... just need to understand a little bit of Windows Crypto API and trace a bit (more ) to find where location and size of every method is stored ... there is no IL translated in ASM Best Regards, Tony |
#8
|
|||
|
|||
Thanks Tony. I found a dll with version info...
|
#9
|
|||
|
|||
@atzplzw
Can you please PM me the name of the target you're working on ? Thanks and Regards, Tony |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
need help on compiling FlexLM v9.2 | alastone | General Discussion | 16 | 10-26-2005 11:04 |
Problem compiling IL | loman | General Discussion | 6 | 06-25-2005 17:56 |
MS-DOS 6 Source Code - Compiling? | PiG_DoG | General Discussion | 1 | 07-10-2003 22:59 |