Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-18-2018, 12:13
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Q: What's all the fuss regarding .NET Reflector?

I'm a newb in .NET RE, but when I use DnSpy, it seems like a MUCH better product - to me at least. I love how it can create a project file out of an EXE (not perfect - but damn, it's close).

Anyway, I'm asking if there is some cool option in Reflector that I'm missing because the free tool seems a clear winner.

-thx
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
niculaita (02-18-2018)
  #2  
Old 02-19-2018, 21:56
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Reflector has different decompiler, so you never know which one will produce better output...
btw, dnSPy is based on old ILSpy (v2.x) decompiler which is pretty poor (eg can't take care of lambdas, etc)

ILSpy v3 in this scense is a cosmic rocket (but still in dev phase...)
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
Stingered (02-20-2018), Uknow007 (02-20-2018)
  #3  
Old 02-20-2018, 01:26
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by sendersu View Post
Reflector has different decompiler, so you never know which one will produce better output...
btw, dnSPy is based on old ILSpy (v2.x) decompiler which is pretty poor (eg can't take care of lambdas, etc)

ILSpy v3 in this scense is a cosmic rocket (but still in dev phase...)
Hmmm... Never thought of it in that respect of decompiler differences. Good feeback. Although, I do like the debugging aspect of dnSPY, which I don't see in Reflector. But I guess it's no different in the respect of different tools for different tasks.
Reply With Quote
  #4  
Old 02-20-2018, 05:12
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
from debugging point of view dnSpy
is

a
super
nova
rock
star


no one is even a 100 miles neaby....

I'm serios - dnSpy is a genious .net debugger, the best ever seen!
Reply With Quote
The Following 2 Users Say Thank You to sendersu For This Useful Post:
Stingered (02-20-2018), tonyweb (02-25-2018)
  #5  
Old 02-20-2018, 05:18
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Addendum - I'm also using these .net decompilers (not debuggers)
free, but closed source

- Telerik Just Decompile http://prntscr.com/ih1nzp
and
- JetBrains DotPeek http://prntscr.com/ih1q5u

the rest are rather old and or obsoleted...

a very few supports latest .net - core ed.
Reply With Quote
The Following User Says Thank You to sendersu For This Useful Post:
Stingered (02-20-2018)
  #6  
Old 02-20-2018, 06:58
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,053 Times in 478 Posts
chants Reputation: 48
Can any .NET decompiler handle 100% of control flow constructs? Or are they all doing non-general naïve structuring algorithms? It seems the algo's are always kept quite proprietary but the graph structure is the only real interesting part of the decompiler.
Reply With Quote
  #7  
Old 02-21-2018, 07:55
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by chants View Post
Can any .NET decompiler handle 100% of control flow constructs? Or are they all doing non-general naïve structuring algorithms? It seems the algo's are always kept quite proprietary but the graph structure is the only real interesting part of the decompiler.
Forgive my ignorance, but I've not seen a graph view in a .NET disassembler. And my guess would be no, to your question, based on the different output I've seen by decompiling the same EXE using different tools. I think you can get close, if you know the language and framework. However, compiler options, etc, would dictate that you would never see a true representation, regardless. That said, you may want to start your own thread to get a potentially better response.
Reply With Quote
  #8  
Old 02-21-2018, 16:08
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
what do you mean under compiler options?
AFAIK there are no optimisation levels in C# comparing to C/C++ (-O1...5)

the question is that once some dirty packer eats genuine brilliant IL byes... they become pretty crazy to almost any decompiler
Reply With Quote
  #9  
Old 02-21-2018, 16:21
goggles99 goggles99 is offline
Friend
 
Join Date: Aug 2004
Posts: 62
Rept. Given: 5
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 4 Times in 4 Posts
goggles99 Reputation: 0
.NET Reflector was the first popular decompiler for .NET languages. It was freeware and had an extension API with quite a few useful community provided extensions. After being freeware for a number of years, the author sold it to redgate which commercialized it. Since then, many freeware and FOSS alternatives have appeared, and rival Reflector in quality.

I guess the fuss surrounding it is because it was once king, and it is the oldest of the good decompilers even though many abandoned it and consider the author a sellout.
Reply With Quote
The Following User Says Thank You to goggles99 For This Useful Post:
zeffy (03-26-2018)
  #10  
Old 02-21-2018, 16:43
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
In first contact with any net assembly the SAE is the way in my opinion, normaly this tool is enought to reverse the aplication, however sometimes the reflector-telerik-ilspy-dotpeek and a debugger dnspy(fantastic tool) need be used too. Reflector have good plugins like dnlibeditor developed by codecracker so you can manage app's in mixed mode, and the reflexil and others. So for me in the net languages scenario it is essential to have at least three tools: SAE, Reflector or Other, and finally the Dnspy.
Reply With Quote
The Following User Says Thank You to wilson bibe For This Useful Post:
tonyweb (02-25-2018)
  #11  
Old 02-22-2018, 06:53
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by sendersu View Post
what do you mean under compiler options?
AFAIK there are no optimisation levels in C# comparing to C/C++ (-O1...5)

the question is that once some dirty packer eats genuine brilliant IL byes... they become pretty crazy to almost any decompiler
Hmmm, that's probably true (as in levels of optimization - sry if I misunderstand you), but there are several compiler options and I thought there was an -optimize option in there somewhere. I'm certainly no expert.
Reply With Quote
  #12  
Old 02-22-2018, 07:02
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by wilson bibe View Post
In first contact with any net assembly the SAE is the way in my opinion, normaly this tool is enought to reverse the aplication, however sometimes the reflector-telerik-ilspy-dotpeek and a debugger dnspy(fantastic tool) need be used too. Reflector have good plugins like dnlibeditor developed by codecracker so you can manage app's in mixed mode, and the reflexil and others. So for me in the net languages scenario it is essential to have at least three tools: SAE, Reflector or Other, and finally the Dnspy.
Excuse my ignorance. Are you talking this?

https://github.com/wickyhu/simple-assembly-explorer

Sadly, the external download locations for DnlibEditor.zip (posted on this forum) are all dead. If you provide an external link, I would be very grateful.

Cheers!
Reply With Quote
  #13  
Old 02-22-2018, 16:42
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 492
Rept. Given: 489
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 853
Thanks Rcvd at 176 Times in 112 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
Quote:
Originally Posted by Stingered View Post
Excuse my ignorance. Are you talking this?

https://github.com/wickyhu/simple-assembly-explorer

Sadly, the external download locations for DnlibEditor.zip (posted on this forum) are all dead. If you provide an external link, I would be very grateful.

Cheers!
You can download this tool here:http://www115.zippyshare.com/v/KHXCRi80/file.html
Reply With Quote
The Following 2 Users Say Thank You to wilson bibe For This Useful Post:
gsaralji (02-22-2018), Stingered (02-23-2018)
  #14  
Old 02-22-2018, 19:27
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,066
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 234
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
wow, old good SAE - is it still supported?
Reply With Quote
The Following User Says Thank You to sendersu For This Useful Post:
tonyweb (02-25-2018)
  #15  
Old 02-23-2018, 00:55
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by sendersu View Post
wow, old good SAE - is it still supported?
The GitHub repository I found is 3yrs since last change. I don't know the original author, so...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 22:07.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )