Current location: Home Page > Original course > text

.Net zero base reverse tutorial -- the eighth lesson (the procedure that cannot be opened)

The eighth lesson is to prepare a basic usage of de4dot. I haven't found a very good example for a long time. I've searched the CM area of several forums, and haven't found a suitable forum for explanation.

It took ten minutes to see. In order not to pigeon everyone, it took me a minute to open my VS, compile the code for one minute, and then finish the courseware today. Yes, so willful.

Let's take a look at today's program.

Double click to find out... You will find that nothing has happened. After looking at the process log, it is found that it has withdrawn directly.

This is embarrassing. All the operations we have learned before are based on the fact that we have seen the obvious signs. This software has no interface. How do we do it?

Whether we have ideas or not, the basic operations should be done.

DIE shell, no shell, load dnSpy to see, according to our previous ideas, run it directly to see.

It's still a second retreat, so we have to analyze where the software quit. The following diagram sets it off at the entry point.

OK, now we have broken down in the Main method.

We don't need to go into every way to check it, because it is directly out of the wrong report, so we speculate that it is controlled by software.

So we directly use the process to analyze which way it is causing problems. The shortcut key F10 is similar to the way we find the key Call in OD.

After several rounds of F10, we found that after the 16 line was run, the program automatically dropped out, while the 16 line was a closed bracket. It shows that the 15 row method contains the reasons for the program to exit. Is there a sense of substitution for finding key Call in OD?

Let's take a look at the contents of the 15 elements.

 Application.Run (New Form1 ());

After loading into Form1, click Form1 to see this window.

The 14 row, the last lesson, said that it defined some layout of the window, followed by a look at it.

You can see that the 52 line defines a Form_. Load event (equivalent to window loading event in easy language)

Click Form1_. Load, you can see that there is a way to close the window.

Right click edit method, annotate this line.

Save to see our results.

In our practical operation, this kind of anti reverse means is more common. Of course, it is more complex than my writing, such as testing hash itself. But the solution is the same. No matter how 37 twenty-one follows the procedures and understands its logic, we can succeed.

After this series, we should have two lessons. One lesson is to briefly talk about the usage of de4dot. Let's talk about the modification of WPF. Then I want to build a website on the first phase of knowledge planet. When the update is finished, I will go back and continue to go deep into the.Net reverse with the example. This is the second issue.

This course Courseware: Https:// Pb2ritc63ua0.html


Software can not download / install / other computer problems, plus Penguin Group: 709531763

There is a problem in the direct group. When you are online, you need to answer questions.


If you want to learn computer knowledge, you can pay attention to my public number.

  Computer courses for College Students
Article title:.Net zero base reverse tutorial -- eighth lesson (unable to open program)
The writer: Mu Ruoxi
Date of publication: 2019-04-29 02:16 starts on Monday Mu Yue Xi blog
Fixed links: Https://
Article Tags:
Last article: Next article:


Comments loaded...
  1. Sofa
    Zzy_ ATP   

    Good strong.

    9:38 p.m. on November 2, 2019   comment



(E) (= = omega =) (< <) Sigma ( (3) X X (E) -)

Tip: after refreshing the comment, you can see the hidden files.