Creating a Loader for DotNet Apps?

[bball0002]

Hello. I've been trying to create a loader (with DUP) for a dotnet application that has a login, and I can't seem to get it to work. The reason I think this is odd is because I cracked the target by dumping the IL with ILDasm, then editing the IL in notepad and compiling with IlAsm, but when I try to patch the same offsets (I got the offsets using IDA Pro) with DUP, clicking the Login button makes the program error. All I am trying to do is turn a 'nop' into a 'br IL****', and patch another 'nop' to a 'ret'.


I dumped my exe after it was patched in memory, and when I view the method in IDA Pro, the 'nop' to 'ret' patch seems to look correct, but I'm not sure how to patch the 'nop' to a 'br', since it appears to overwrite some IL instructions. If someone with knowledge in creating a Loader for dotnet has any knowledge about this, or can post a DUP project file with a loader that patches a function, it would be great to see.



Thanks.

[NoneForce]

Hi,

this is a very handy guide for OpCode :

Compact Framework OpCode Support in a Nutshell

Code:

http://blogs.msdn.com/bluecollar/archive/2006/09/27/773065.aspx

When you're making a loader for a .Net app with dUP make sure that "Target is a compressed PE file" is checked.

[nanobit]

as what you said "...I'm not sure how to patch the 'nop' to a 'br', since it appears to overwrite some IL instructions...", isn't this a common problem in all patchings, not just the .NET targets!? the normal procedure to pass this problem is:

1) you have to find a code cave
2) patch where-you-want-to-patch to jump to that code cave
3) insert the bytes you want to be executed and take care of the damaged instructions because of #2
4) resume the program control flow

and as NoneForce said:

Quote:

Originally Posted by NoneForce

When you're making a loader for a .Net app with dUP make sure that "Target is a compressed PE file" is checked.

P.S: are you certain that the file is not protected against tampering?