Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04-20-2019, 23:51
LaptoniC LaptoniC is offline
Family
 
Join Date: Jan 2002
Posts: 27
Rept. Given: 1
Rept. Rcvd 37 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 3 Times in 3 Posts
LaptoniC Reputation: 37
dnSpy oddities

Hi,
I am trying to reverse a net app for fun and tried to use dnSpy for the job. I found the methods in dll and edit the method and saved the file. When I run with dnSpy debugger, it works. If I run it directly my patch doesn't have any effect. I figured out it is loading files from C:\Windows\assembly\NativeImagesxx. I tried to ngen.exe but now apps don't open at all. What am I doing wrong? Sorry it's been a long time I have touched those tools I am kind a lost lol
Reply With Quote
The Following User Says Thank You to LaptoniC For This Useful Post:
Indigo (07-19-2019)
  #2  
Old 04-21-2019, 12:07
the_beginner the_beginner is offline
Friend
 
Join Date: Feb 2004
Location: Germany
Posts: 85
Rept. Given: 114
Rept. Rcvd 13 Times in 7 Posts
Thanks Given: 97
Thanks Rcvd at 16 Times in 9 Posts
the_beginner Reputation: 13
It's depend how you patch the file, it can be also the location of the file. I remember I was Patching one file, everything was fine, show registered in the debugger, I closed open without dnspy, not working, again in dnspy and then I saw, dnspy loaded always a new dll. Try to patch the file in dnspy, if it is not work, find the location of the bytes and patch it with a hexeditor.
Reply With Quote
The Following User Says Thank You to the_beginner For This Useful Post:
Indigo (07-19-2019)
  #3  
Old 04-21-2019, 19:04
ymg2006 ymg2006 is offline
Friend
 
Join Date: Jan 2019
Posts: 14
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 5
Thanks Rcvd at 29 Times in 11 Posts
ymg2006 Reputation: 1
you will have to understand how GAC and ngen works, you'll have to probe about signatures in .net (signed assembly).
as far as i know dnSpy is working perfectly.
Reply With Quote
The Following User Says Thank You to ymg2006 For This Useful Post:
Indigo (07-19-2019)
  #4  
Old 04-21-2019, 19:20
tonyweb tonyweb is offline
Family
 
Join Date: Jan 2009
Posts: 139
Rept. Given: 163
Rept. Rcvd 86 Times in 31 Posts
Thanks Given: 1,146
Thanks Rcvd at 167 Times in 84 Posts
tonyweb Reputation: 86
@LaptoniC
Start by uninstalling the file from the GAC ...
Code:
ngen uninstall AssemblyName
... and see if it makes any difference.

Regards,
Tony
__________________
Want to learn unpacking ... but I'm too stupid
Reply With Quote
The Following User Says Thank You to tonyweb For This Useful Post:
Indigo (07-19-2019)
  #5  
Old 04-24-2019, 21:37
LaptoniC LaptoniC is offline
Family
 
Join Date: Jan 2002
Posts: 27
Rept. Given: 1
Rept. Rcvd 37 Times in 4 Posts
Thanks Given: 1
Thanks Rcvd at 3 Times in 3 Posts
LaptoniC Reputation: 37
Thanks @tonyweb it worked when I uninstalled it.
Reply With Quote
The Following User Says Thank You to LaptoniC For This Useful Post:
Indigo (07-19-2019)
  #6  
Old 05-05-2019, 22:34
s0me0n3 s0me0n3 is offline
Family
 
Join Date: Mar 2012
Posts: 134
Rept. Given: 43
Rept. Rcvd 95 Times in 33 Posts
Thanks Given: 16
Thanks Rcvd at 43 Times in 28 Posts
s0me0n3 Reputation: 95
When I play around with that kind of things, I locate the corresponding path and files inside the win dir with this small regfile content:

Code:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion]
"DisableCacheViewer"=dword:00000001
Maybe it's helpful for somebody.
Attached Files
File Type: rar dotnet_cal_il_code_view.rar (302 Bytes, 3 views)
Reply With Quote
The Following 2 Users Say Thank You to s0me0n3 For This Useful Post:
Indigo (07-19-2019), niculaita (05-06-2019)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need an assist with adding locals using DNspy Stingered General Discussion 1 12-30-2018 07:15
[DnSpy] - Find out running threads tusk General Discussion 3 04-17-2017 03:06
[dnSpy Extension] TraceSpy phono Community Tools 7 12-06-2016 02:11
dnSpy Plugins n00b Developer Section 2 08-29-2015 17:11


All times are GMT +8. The time now is 20:47.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX