Today to talk about the content of the "shell", here I recommend novices try to use shelling machine for shelling.
When it comes to using sheller, many people will have to complain.
Before you spit, I'd like to explain in advance why sheller is recommended.
Since you are a novice and a novice, you should use the convenience of tools. Manual shelling really needs to learn, but not now. Now, the most important thing is "interest"!
Some people have to say "novice must learn manual shelling first!"
Then I want to say, "is the sheller for the master? Does a master need a sheller? "
First know how shell is going on, know the difference between shell and shell, slowly deep manual shelling.
The tool I used today is written by me. The content is very simple. It is a registration tool. If the user name does not match with the registration code, the registration will fail. If it matches, it will succeed.
We can use the knowledge in Lesson 1 and lesson 2 to blow up and obtain the registration code. But this program has a shell
Let's first introduce what the shell like when it is loaded with dnspy,
Take a look at the figure below. Various random names appear in the entry point, namespace and code logic, which greatly reduces the readability of the program This is the shell program.
Therefore, we should develop a good habit, that is, before reverse, we must first check the shell.
We use die to check the shell, see what shell it is, drag the software to check the shell into die. (the first step of formal reverse: shell checking)
We can see that the following figure shows that this program is the shell of. Net reactor (4.8-4.9).
For this kind of shell, we recommend using de4dot for shelling
The purpose of adding shell is to increase the difficulty of reverse. Without affecting the software operation, it confuses the code logic and reduces the code readability
De4dot is an open source. Net anti obfuscation shelling tool, which supports one click decoupling of Xenocode,. Net reactor, maxtocode, eazfuscator.net, agile.net, Phoenix protector, Manco obfuscator, codewall, Netz. Net packer, rpx. Net packer, mpress. Net packer, exepack. Net packer, sixxpack. Net packer, rummage obfuscator, obfusasm They are coder.net, scrambler.net, scrambler.net, scrambler.net, scrambler.net.
Hold down the left mouse button, we want to shell the program directly drag to de4dot.exe
As shown in the figure below, the shelled software and the shelled software are stored in the same directory. De4dot adds - cleaned to the file name to distinguish it from the original program
Open the shelled software with dnspy, and you can see that the entry point has been decrypted.
I don't seem to need to say more about others. This is an assignment!
There are two assignments:
1. If the user name does not match the registration code, it can be registered successfully!
2. Get the registration code!
Note: basic reverse tutorial, does not involve strong shell, unmanaged shell and so on. In this case, I only use. Net reactor to protect anti ILdasm and obfuscation.
Courseware download: https://articles.zsxq.com/id_ 5puxgjz9hmeb.html
Software unable to download / install / other computer problems, plus Penguin Group: 709531763
In general, there are no private questions in the group
I think the public can learn more about computer numbers