Current location: Home Page > Course > text

.Net zero base reverse tutorial -- the eighth lesson (the procedure that cannot be opened)

The eighth lesson is to prepare a basic usage of de4dot. I haven't found a very good example for a long time. I've searched the CM area of several forums, and haven't found a suitable forum for explanation.

It took ten minutes to see. In order not to pigeon everyone, it took me a minute to open my VS, compile the code for one minute, and then finish the courseware today. Yes, so willful.

Let's take a look at today's program.

Double click to find out... You will find that nothing has happened. After looking at the process log, it is found that it has withdrawn directly.

This is embarrassing. All the operations we have learned before are based on the fact that we have seen the obvious signs. This software has no interface. How do we do it?

Whether we have ideas or not, the basic operations should be done.

DIE shell, no shell, load dnSpy to see, according to our previous ideas, run it directly to see.

It's still a second retreat, so we have to analyze where the software quit. The following diagram sets it off at the entry point.

OK, now we have broken down in the Main method.

We don't need to go into every way to check it, because it is directly out of the wrong report, so we speculate that it is controlled by software.

So we directly use the process to analyze which way it is causing problems. The shortcut key F10 is similar to the way we find the key Call in OD.

After several rounds of F10, we found that after the 16 line was run, the program automatically dropped out, while the 16 line was a closed bracket. It shows that the 15 row method contains the reasons for the program to exit. Is there a sense of substitution for finding key Call in OD?

Let's take a look at the contents of the 15 elements.

 Application.Run (New Form1 ());

After loading into Form1, click Form1 to see this window.

The 14 row, the last lesson, said that it defined some layout of the window, followed by a look at it.

You can see that the 52 line defines a Form_Load event, which is equivalent to the window loading event of the easy language.

Click Form1_Load and you can see that there is a way to close the window.

Right click edit method, annotate this line.

Save to see our results.


In our practical operation, this kind of anti reverse means is more common. Of course, it is more complex than my writing, such as testing hash itself. But the solution is the same. No matter how 37 twenty-one follows the procedures and understands its logic, we can succeed.

After this series, we should have two lessons. One lesson is to briefly talk about the usage of de4dot. Let's talk about the modification of WPF. Then I want to build a website on the first phase of knowledge planet. When the update is finished, I will go back and continue to go deep into the.Net reverse with the example. This is the second issue.

This course Courseware: Https://articles.zsxq.com/id_pb2ritc63ua0.html


 

All resources of this blog are not specified. Harmonious The version does not need to pay, I do not engage in software members, nor accept the designated harmonious business.

 

Software can not download / install / other computer problems, free plus Penguin Group: 709531763

There are problems with the above group, direct group asked, when online answer, private chat generally do not see.

Want to reward WeChat sweep the right side of the two-dimensional code.

 
Article title:.Net zero base reverse tutorial -- eighth lesson (unable to open program)
The writer: Mu Ruoxi
Date of publication: 2019-04-29 02:16 starts on Monday Evening as evening
Fixed links: Https://www.muruoxi.com/jiaocheng/4109.html
 
Article Tags:
Last article: Next article:

No comment

Comment

(E) (= = omega =) (< <) Sigma ( (3) X X (E - -)

Tip: after refreshing the comment, you can see the hidden files.
About ten years
Loading...