Jump to content
Tuts 4 You

Reversing .NET (1-3)

Teddy Rogers

About This File

Reversing .NET - Part 1 - Introduction


Every few years, something new hits the streets. The latest craze is .NET. Microsoft's been plugging it like crazy, essentially claiming it to be the best thing since sliced bread. Some programmers have started to develop on it which in turn means reverse engineers have been wondering about what goes on underneath the hood. So far there has been a lack of good information on the subject, and this paper is meant to fill that void.

Reversing .NET - Part 2 - Byte Patching


Having covered the basics in the previous chapter, we now know how to look inside a .NET program. This is all we need to do for some very basic protections, like the hardcoded serial crackme we looked at. A lot of times, however, we will need to do more than just look. We will need to change the program as well. This is known as patching (as you might well know), and is useful for both cracking and other reverse engineering (adding functionality for example). There are some difficulties in doing this, namely finding the right place in the file and figuring out what bytes to put there. The target for this chapter has once again been made by x-Bi0dESC and can be found in the attachment that comes with this paper.

Reversing .NET - Part 3 - Advanced Patching


The time has come to leave the baby steps behind and get busy with more complicated (and thus realistic) problems. This chapter will demonstrate some more advanced patching techniques you will encounter in real situations. Our example target will be the third reverseme created x-Bi0dESC to help with this course. Because the subject involves more advanced patching, the Reflector tool will no longer suffice (it is really not suited for use in patching, but more for understanding a program), instead we will switch to using IDA for analysis. IDA is a powerful disassembler that will give us a lot useful information (like the location in file, the code bytes representing instructions, and a lot of other advanced analysis information.


User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...