|
.Net native compiling
Hi all!
I do have a Dll protected with Remotesoft Salamander. This protector compiles native .Net code to asm without destroying the .Net methods. The methods only do have a stack and ret variable. Code:
.method family hidebysig virtual instance void ProtMethod() noinliningSadly I don't know how to map the methods to the asm code? Is there any tutorial for solving this kind of protection? Thanks! |
Don't believe these protectors. Grab the IL from memory as each method is called.
|
Quote:
|
Since I'm new to .net reversing could you please elaborate on this?
Maybe with a tutorial or the kind of tools and steps used. Thanks! |
just try that tools for .net or run the app and dump it .. u will see it will often work that easy
|
Does Redgate reflector shed on light on this dll? or does it refuse due to the native code?
|
@atzplzw
Remotesoft Salamander crypts your original IL (and store it encrypted in PE) and only at run-time (when JIT is invoked) code is decrypted on the fly and executed ... JIT hooking and decryption are handled by a native DLL shipped with any protected program (name can vary but you can find RemoteSoft copyright in File Info :P) . For version 3.5 I analyzed, the process isn't too hard .... just need to understand a little bit of Windows Crypto API and trace a bit (more ;) ) to find where location and size of every method is stored ... there is no IL translated in ASM :D Best Regards, Tony |
Thanks Tony. I found a dll with version info...
|
@atzplzw
Can you please PM me the name of the target you're working on ? Thanks and Regards, Tony |
| All times are GMT +8. The time now is 17:32. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX