Current location: home page > Original course >Text

. net zero basics reverse course lesson 3 (shells and assignments)

Today to talk about the content of the "shell", here I recommend novices try to use shelling machine for shelling.

When it comes to using sheller, many people will have to complain.

Before you spit, I'd like to explain in advance why sheller is recommended.

Since you are a novice and a novice, you should use the convenience of tools. Manual shelling really needs to learn, but not now. Now, the most important thing is "interest"!

Some people have to say "novice must learn manual shelling first!"

Then I want to say, "is the sheller for the master? Does a master need a sheller? "

First know how shell is going on, know the difference between shell and shell, slowly deep manual shelling.

The tool I used today is written by me. The content is very simple. It is a registration tool. If the user name does not match with the registration code, the registration will fail. If it matches, it will succeed.

We can use the knowledge in Lesson 1 and lesson 2 to blow up and obtain the registration code. But this program has a shell

Let's first introduce what the shell like when it is loaded with dnspy,

Take a look at the figure below. Various random names appear in the entry point, namespace and code logic, which greatly reduces the readability of the program This is the shell program.

Therefore, we should develop a good habit, that is, before reverse, we must first check the shell.
We use die to check the shell, see what shell it is, drag the software to check the shell into die. (the first step of formal reverse: shell checking)
We can see that the following figure shows that this program is the shell of. Net reactor (4.8-4.9).

For this kind of shell, we recommend using de4dot for shelling

The purpose of adding shell is to increase the difficulty of reverse. Without affecting the software operation, it confuses the code logic and reduces the code readability

De4dot is an open source. Net anti obfuscation shelling tool, which supports one click decoupling of Xenocode,. Net reactor, maxtocode,,, Phoenix protector, Manco obfuscator, codewall, Netz. Net packer, rpx. Net packer, mpress. Net packer, exepack. Net packer, sixxpack. Net packer, rummage obfuscator, obfusasm They are,,,,

Hold down the left mouse button, we want to shell the program directly drag to de4dot.exe

As shown in the figure below, the shelled software and the shelled software are stored in the same directory. De4dot adds - cleaned to the file name to distinguish it from the original program

Open the shelled software with dnspy, and you can see that the entry point has been decrypted.

I don't seem to need to say more about others. This is an assignment!

There are two assignments:
1. If the user name does not match the registration code, it can be registered successfully!
2. Get the registration code!

Note: basic reverse tutorial, does not involve strong shell, unmanaged shell and so on. In this case, I only use. Net reactor to protect anti ILdasm and obfuscation.

Courseware download: 5puxgjz9hmeb.html

Software unable to download / install / other computer problems, plus Penguin Group: 709531763

In general, there are no private questions in the group

I think the public can learn more about computer numbers

  Computer course for College Students
Article title: reverse course of. Net zero Basics - Lesson 3 (shells and assignments)
Author: Mu Ruoxi
Date of publication: 09:23, March 27, 2019 Mu Ruoxi blog
Link to this article:
Article label:
Last article: Next:


Comments loading
  1. floor

    Where to find Die software?
    Can't programs written with. Net VC be decompiled with dnspy?

    6:45 PM, March 8, 2020   comment
    • Using od or x64dbg for C language or C + +

      7:25 PM, March 8, 2020   comment
  2. Bench
    The rain is cold   

    How to distinguish software written in what language

    6:20 PM, July 4, 2019   comment
    • Pay attention to the shell information in die. Library is the development language and linker is the compiler

      1:55 PM, July 5, 2019   comment
  3. sofa
    Flying snow   

    Thanks to bloggers. It's hard to get out of shell. Unfortunately, many software is not written by. Net

    3:44 PM, March 28, 2019   comment


╮( ̄▽ ̄)╭ |  (= ̄ω ̄=) |  (>﹏<) |  Σ( ° △ °|||)︴ |  Σ(っ °Д °;)っ |  X﹏X |  (╯-_ -)╯╧╧

Tip: after submitting comments, refresh this page to see the hidden files~