Kurapica
June 11th, 2008, 17:58
Hello people
This is a tool that should help you when working on assemblies protected with {SmartAssembly} protector.
Kurapica
June 12th, 2008, 14:57
More About smartkill
=======================================================================
DECODER:
=============
Open or drag&drop a file. File means DUMP or EXE/DLL/COM.
There are 4 checkboxes. Three for the used SmartAssembly
version. If 'Auto' is checked, it will autodetect the version,
but only, if you feed it with an EXE/DLL/COM (not dump file),
since it's looking for an IL code pattern.
Press the 'Abort' button, if you realize, that it's decoding shit.
'ID-Hex' should show you the right value, which is seen for example
in Reflector (instead of the encoded string/name). This is only
interesting for {sa}version 2.xx-3.xx, coz in earlier versions
the ID always begins with zero.
NOTE: If the target is strongnamed, the value correction won't
work anymore after fixing, so that it will always start with zero.
Open up the original EXE again, if you wish to see the correct
ID-Hex.
'File offset' shows you the correct offset, when you're going
to change a string/name in a hex-editor.
'Search' function sould be clear.
'Copy'... well, this might occasionally be interesting while
keygenning some .net shit.
PATCHER:
=============
This time file means EXE, COM or DLL.
Note: There might be cases, when you need to remove a StrongName
from a DLL... and other way around. {smartkill} will be your friend in
needs!
'Fix code' is only needed, when you've got a StrongName signed
target, which is protected with SmartAssembly version 2.xx-3.xx.
Because only removing StrongName would make 'em crash.
NOTE: You gotta do it BEFORE removing the StrongName !
'Kill StrongName' means what it says.
'Patch Refs'.. similar to removing StrongName. Generally usefull,
when patching signed .net assemblies.
ENCODER:
=============
And here we'll put our dirty hands on strings/names, if needed.
Use the 'Keep length' function to prevent oversizing, when throwing
something into a target with a hex-editor. 'Old' will remember the
correct length - 'New' shows the actual length.
NOTE: You can always decrease a string/name length, but increasing
would mean fucking up the following one !
Change a string, use 'Copy HEX' (or 'Copy ASCII'?), open the target
in a hex-editor and just paste it in at the offset location shown
in the 'Decoder Tab'.
That's it... have some phun !
=======================================================================
Thanks to UFO-PU55Y
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.
