.net class/library to patch/load native targets?

[cob_258]

Hi everyone,
I wanted to know if the community consider it acceptable to use .net tools to write a patch or loader for native targets? I mean is it useful to develop .net classes/library that help in building patches/loaders for native targets?

[XenocodeRCE]

hey old friend

you can extract value from non-managed sample using bea engine, in c# using this wrapper : https://github.com/carterjones/beaengine-cs

you can runtime-patch values in memory using memory sharp : https://github.com/ZenLulz/MemorySharp

i don't know for any lib that can patch non-managed file not at runtime yet.

 

It would be excellent to have the equivalent of dnlib or mono.cecil for non-managed app, be sure a lot of people would help

Edited March 6, 2018 by XenocodeRCE

[cob_258]

Hi @XenocodeRCE how do you do? fine?
The tools you linked seem interesting, I'll take a look in them;

My question is about releasing patch/loader that uses .net code, i.e you need the .net framework to run a loader while the target doesn't need it, I asked this question because I was writing a loader in assembly (for a native target), the loader used some ReadProcessMemory/WriteProcessMemory to write 0xEB 0xFE on some adresses (to simulate BP since debug loop is harder to code/hide) and then I thought that this would be easier if I write it in C# in a way that the code is reusable (the only languages I know are assembly, c# and some Autoit)

You talked about a native alternative for dnlib and mono, what exactly the library should do? I guess reading headers, read imports, fix dumps, add sections...etc or do you have other ideas?

[whoknows]

https://board.b-at-s.info/index.php?showtopic=9912
https://board.b-at-s.info/index.php?showtopic=9923