Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Need some pointers with a .Net target
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-22-2010, 14:13
Sailor_EDA Sailor_EDA is offline
Friend
  
Join Date: Nov 2004
Posts: 68
Rept. Given: 8
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 50
Thanks Rcvd at 4 Times in 2 Posts
Sailor_EDA Reputation: 2
Question Need some pointers with a .Net target
I'm trying to patch a dll file that's been written in (Refactor seems to indicate C# but I think its VB). I've patched many pure x86 assembly files and on the face of it, this should also be the same - or at least I think.

This is where I'm at:
Here's a section of code that interests me, this is the disassembly produced by IDA

ldstr "SC0004: License 1: "
ldarg.0
ldfld class [SKCLNET]SKCLNET.LFile ME4XL.Connect::LFile1
callvirt int32 [SKCLNET]SKCLNET.LFile::get_DaysLeft()
call class System.String [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Conversions::ToString(int32)
ldstr " days left."
call class System.String [mscorlib]System.String::Concat(class System.String, class System.String, class System.String)
call void [System]System.Diagnostics.Trace::WriteLine(class System.String)
ldarg.0
ldfld class [SKCLNET]SKCLNET.LFile ME4XL.Connect::LFile1
callvirt bool [SKCLNET]SKCLNET.LFile::get_IsDemo()
brfalse.s loc_42D07
ldstr " Demo"
call void [System]System.Diagnostics.Trace::WriteLine(class System.String)

loc_42D07: // CODE XREF: OnStartupComplete+13Bj
ldarg.0
ldfld class [SKCLNET]SKCLNET.LFile ME4XL.Connect::LFile1
callvirt bool [SKCLNET]SKCLNET.LFile::get_IsClockTurnedBack()
brfalse.s loc_42D1E
ldstr " Clock Turned Back"
call void [System]System.Diagnostics.Trace::WriteLine(class System.String)

loc_42D1E: // CODE XREF: OnStartupComplete+152j
ldarg.0
ldfld class [SKCLNET]SKCLNET.LFile ME4XL.Connect::LFile1
callvirt bool [SKCLNET]SKCLNET.LFile::get_IsExpired()
brfalse.s loc_42D35
ldstr " Expired"
call void [System]System.Diagnostics.Trace::WriteLine(class System.String)

loc_42D35: // CODE XREF: OnStartupComplete+169j
ldarg.0
ldfld class [SKCLNET]SKCLNET.LFile ME4XL.Connect::LFile1
callvirt bool [SKCLNET]SKCLNET.LFile::get_IsLFOpen()
brfalse.s loc_42D4C
ldstr " Open"
call void [System]System.Diagnostics.Trace::WriteLine(class System.String)

As you can see its not x86 assembly as expected, its .Net assembly.
The most obvious way to patch this would the good old jne to jmp trick that we're all so familiar with. I'm not too familiar with .Net assembly but from what I understand, its a stack based architecture and all arguments and return values are PUSHed and POPed off the stack respectively.

I haven't got around to just changing the binary values to match to say a branch at the appropriate place (the code is on a different machine) but something tells me its going to be more complicated than just that. Code signing could be an issue for example.

I just wanted to get some feedback from our members on what they thought. I haven't found any .Net patching tutorials in general, there is a simple one that uses a plug-in to reflector that didn't seem to work for me.

TIA

Sailor_EDA
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Any pointers on this troublesome algorithm? Cryo General Discussion 11 12-05-2016 07:35
Pointers in Delphi chessgod101 Source Code 1 04-06-2014 23:54
x64 Website Pointers Evilcry x64 OS 3 10-01-2009 22:25
Need some pointers lorn General Discussion 8 11-04-2004 13:20


All times are GMT +8. The time now is 09:44.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )