Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-18-2013, 15:52
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
.net modification of a method (without decompilation)

Hi all,
here the request.

Suppose I have a method like GetMACAddress() in a .net program and suppose also I don't want (or can't) decompile it to a svn project and recompile it.

What I have is reflector and an IL editor (or even IDA).

Now the mentioned method returns the MAC address of the machine into a string, what I would like to do is to patch the function with something like the following: just return a string I decide and nothing else.

GetMACAddress() {
return "0A-00-00-00-00";
}

the question is therefore twofold.
1. how can I add this string (the fake MAC) to the resources (I tried several resource editor or reflexil but can't do this on a .net exe).
2. how can I code a function like the one I said, take the IL code and patch the original function.

Suggestions and tools are welcome

Thanks
Shub
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #2  
Old 09-18-2013, 15:58
Smoke Smoke is online now
Friend
 
Join Date: Jan 2013
Posts: 24
Rept. Given: 13
Rept. Rcvd 8 Times in 4 Posts
Thanks Given: 4
Thanks Rcvd at 7 Times in 2 Posts
Smoke Reputation: 8
reflexil -> repace all with code... -> ret ""0A-00-00-00-00";

or IL

ldsrt 0A-00-00-00-00;
ret
Reply With Quote
  #3  
Old 09-18-2013, 17:37
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
Did you tried the CFF explorer, there are a resource editor in it.
Reply With Quote
The Following User Gave Reputation+1 to wilson bibe For This Useful Post:
Dreamer (09-18-2013)
  #4  
Old 09-18-2013, 18:39
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
CFF damn, I forgot of it .. thanks
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #5  
Old 09-18-2013, 18:58
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
ReflexIL, CFF Explorer, all cool to change bytes
but what if assembly is signed?
Reply With Quote
  #6  
Old 09-18-2013, 19:44
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
If the assembly is signed you can use the StrongName_Killer coded by codecraker, or Strong Name Remover coded by Andrea bertolotto, Reflector, etc....
Reply With Quote
The Following 2 Users Gave Reputation+1 to wilson bibe For This Useful Post:
Dreamer (09-18-2013), sendersu (09-18-2013)
  #7  
Old 09-20-2013, 20:43
LaDidi LaDidi is offline
VIP
 
Join Date: Aug 2004
Posts: 210
Rept. Given: 2
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 46
Thanks Rcvd at 41 Times in 24 Posts
LaDidi Reputation: 11
@Shub-Nigurrath:
May you send us your exemple ?
Regards.
Reply With Quote
  #8  
Old 09-21-2013, 00:54
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
I'll see what can I share.
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #9  
Old 10-15-2013, 21:04
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 190
Rept. Given: 20
Rept. Rcvd 143 Times in 42 Posts
Thanks Given: 67
Thanks Rcvd at 404 Times in 87 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Shub, If you need any help then you can send me a pm
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
modification of GUI for 16-Bit Program reagent General Discussion 7 01-12-2005 13:27
Old VB3 Program decompilation & port to VB.Net XCPTiON™ General Discussion 7 09-08-2004 08:53
Autodesk Visual Lisp Decompilation... gadget General Discussion 3 05-25-2003 06:33


All times are GMT +8. The time now is 17:27.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )