Log in

View Full Version : .NET Internals and Code Injection


Daniel Pistelli
May 9th, 2008, 04:31
http://ntcore.com/Files/netint_injection.htm

The first article of the two is out. The next will be about .NET native compiling.

If you notice typos in the text, please do tell me. I'm a bit wasted, as you can see it's a long article.

The content should be quite a new thing. I hope you enjoy the journey into the .NET internals from the perspective of a reverser.

Also the applications of this can be many.

evilcry
May 9th, 2008, 04:35
What to say? =)

The first real big analysis of .NET Internals, full of starting points for other great ideas!

Big Work, big Congratz Daniel

JMI
May 9th, 2008, 05:58
Very interesting and illuminating information, as usual, Daniel. Keep them coming.

Regards,

Daniel Pistelli
May 9th, 2008, 06:44
Thanks evilcry and JMI. I'll do the best to continue writing useful things. I hope the next article will be even more useful.

Let's wait for rendari's comment on this. After all, the article contains his crackme among other things.

dELTA
May 9th, 2008, 07:58
Extremely solid stuff Daniel, as usual.

rendari
May 9th, 2008, 08:38
Haha, awesome

Admiral
May 9th, 2008, 12:00
Tremendous.
It's reassuring to know that somebody so capable is paving the way for the inevitable future of .NET reversing .

Iwarez
May 9th, 2008, 12:46
It's a very interesting read Daniel. As you requested to be notified of typos:

Quote:
And this is about all that code injectors ought to now to do their job.


And this is about all that code injectors ought to know to do their job.

Thanks for the read.

Daniel Pistelli
May 9th, 2008, 13:07
Thanks dELTA and rendari. Many thanks Admiral! And many thanks also to Iwarez, I just fixed the typo!

GEEK
May 9th, 2008, 16:00
Excellent fantastic
Great work Daniel

your article was really worth the curiosity generated.

GEEK

rendari
May 9th, 2008, 19:52
Again, excellent work Daniel. Just reread the article a couple of times til I understood everything I see you also noticed GetCLRFunction. I do believe that is one of the lamest/most useless functions I've ever seen

Now that I see how you're "ejecting" my code, I have a bunch of ideas kicking around inside my head about how to thrawt you. Now all I have to do is find the time to put those ideas down in code. I'll be sure to start on it as soon as I find the time

Sab
May 10th, 2008, 00:04
That was nice. I tend to steer away from .NET but I did think this was time well spent. Conclusion dead on. Thank you for the contribution was fun, look forward to other ideas.

Daniel Pistelli
May 10th, 2008, 01:30
Many thanks GEEK. I'm glad you weren't disappointed. Thanks Sab.

rendari:thanks. The getclrfunc is very lame indeed, but getrealproc wins in lameness, imho. If I was you, I'd wait the next article before writing a new crackme. I'll show how to "native compile" and I think one can't go further in .NET protections (using a VM is the same procedure).

rendari
May 10th, 2008, 01:50
Alright, waiting for it. Gonna be a lot of fun I suppose

soft123123
May 11th, 2008, 09:54
the best paper i'v ever read. thanks Daniel

Daniel Pistelli
May 13th, 2008, 05:55
Well, that's too much I might say. Anyway, I thank you for your appreciation. I'll do my best for the next article. I also apologize for the late reply, but my attention has been focused these days on other things not related to .NET. Anyway, in a few days I'm sure I can write the second part.