Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-15-2010, 15:51
atzplzw atzplzw is offline
Friend
 
Join Date: Sep 2004
Posts: 33
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
atzplzw Reputation: 0
Question .Net native compiling

Hi all!

I do have a Dll protected with Remotesoft Salamander. This protector compiles native .Net code to asm without destroying the .Net methods.
The methods only do have a stack and ret variable.

Code:
.method family hidebysig virtual instance void ProtMethod() noinlining
{
   .maxstack 8
   ret
}


Sadly I don't know how to map the methods to the asm code?
Is there any tutorial for solving this kind of protection?

Thanks!
Reply With Quote
  #2  
Old 09-16-2010, 06:13
bball0002 bball0002 is offline
Friend
 
Join Date: Sep 2009
Posts: 28
Rept. Given: 3
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 5 Times in 1 Post
bball0002 Reputation: 6
Don't believe these protectors. Grab the IL from memory as each method is called.
Reply With Quote
  #3  
Old 09-16-2010, 09:37
remal
 
Posts: n/a
Quote:
Originally Posted by bball0002 View Post
as each method is called.
do you mean runtime trace? what if a method is not invoked during runtime?
Reply With Quote
  #4  
Old 09-16-2010, 16:04
atzplzw atzplzw is offline
Friend
 
Join Date: Sep 2004
Posts: 33
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
atzplzw Reputation: 0
Since I'm new to .net reversing could you please elaborate on this?
Maybe with a tutorial or the kind of tools and steps used.

Thanks!
Reply With Quote
  #5  
Old 10-04-2010, 06:59
romero romero is offline
Friend
 
Join Date: Sep 2010
Posts: 40
Rept. Given: 10
Rept. Rcvd 24 Times in 6 Posts
Thanks Given: 36
Thanks Rcvd at 16 Times in 4 Posts
romero Reputation: 24
just try that tools for .net or run the app and dump it .. u will see it will often work that easy
Reply With Quote
  #6  
Old 10-06-2010, 16:56
redbull redbull is offline
Friend
 
Join Date: Mar 2004
Posts: 160
Rept. Given: 17
Rept. Rcvd 5 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 6 Times in 6 Posts
redbull Reputation: 5
Does Redgate reflector shed on light on this dll? or does it refuse due to the native code?
Reply With Quote
  #7  
Old 12-28-2010, 03:05
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 190
Rept. Given: 190
Rept. Rcvd 95 Times in 36 Posts
Thanks Given: 1,901
Thanks Rcvd at 299 Times in 122 Posts
tonyweb Reputation: 95
@atzplzw
Remotesoft Salamander crypts your original IL (and store it encrypted in PE) and only at run-time (when JIT is invoked) code is decrypted on the fly and executed ...

JIT hooking and decryption are handled by a native DLL shipped with any protected program (name can vary but you can find RemoteSoft copyright in File Info :P) .

For version 3.5 I analyzed, the process isn't too hard .... just need to understand a little bit of Windows Crypto API and trace a bit (more ) to find where location and size of every method is stored ... there is no IL translated in ASM

Best Regards,
Tony
Reply With Quote
  #8  
Old 01-10-2011, 03:22
atzplzw atzplzw is offline
Friend
 
Join Date: Sep 2004
Posts: 33
Rept. Given: 1
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
atzplzw Reputation: 0
Thanks Tony. I found a dll with version info...
Reply With Quote
  #9  
Old 01-10-2011, 15:47
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 190
Rept. Given: 190
Rept. Rcvd 95 Times in 36 Posts
Thanks Given: 1,901
Thanks Rcvd at 299 Times in 122 Posts
tonyweb Reputation: 95
@atzplzw
Can you please PM me the name of the target you're working on ?

Thanks and Regards,
Tony
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
need help on compiling FlexLM v9.2 alastone General Discussion 16 10-26-2005 11:04
Problem compiling IL loman General Discussion 6 06-25-2005 17:56
MS-DOS 6 Source Code - Compiling? PiG_DoG General Discussion 1 07-10-2003 22:59


All times are GMT +8. The time now is 13:53.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )