kappasm
December 3rd, 2010, 16:24
Hi,
I have one problem with remotion of Strong-Name on EXE that load an DLL (the DLL is in Mixed-Mode).
The EXE is a Service that start on Windows load. The DLL is a License Check that I have patched also
previous version, but this new version, after patching, do not start for the license check.
With "ProcMon.exe" I have verified that DLL is loaded by EXE.
Main.exe (.Net Application)
|
\--DLL.exe (.Net+C/C++ Application Mixed-Mode)
I have patched DLL.exe with previous fix but after replace the DLL, the Service do not start. After few
search with google and in many forum I have undestood that .NET use a Strong-Name and PublicKey.
For remove Strong-Key, PublicKey and PublicKeyOrToken I have follow this procedure with CFF Explorer
For Patched DLL :
- .NET Directory -> Flags -> Remove Strong Name signed
- .NET Directory -> StrongNameSignature RVA -> Fill with 0x00000000
- .NET Directory -> StrongNameSignature Size -> Fill with 0x00000000
- .NET Directory -> MetaData Stream -> Tables -> Assembly -> 1 - Main -> Flags -> Remove PublicKey
- .NET Directory -> MetaData Stream -> Tables -> Assembly -> 1 - Main -> PublicKey -> Fill with 0x0000
For Original Main.exe
- .NET Directory -> MetaData Stream -> Tables -> AssemblyRef -> !!! ... Problem ... !!!
I have found one problem at this point, the DLL reference is not here !!! Why ???
How can bypass the Strong-Name if I can't remove the Assembly Reference ???
Does anyone ever run into something similar ?
I have one packet to test this phenomenon without install all software.
Someone wants to try ?
Kappasm.
I have one problem with remotion of Strong-Name on EXE that load an DLL (the DLL is in Mixed-Mode).
The EXE is a Service that start on Windows load. The DLL is a License Check that I have patched also
previous version, but this new version, after patching, do not start for the license check.
With "ProcMon.exe" I have verified that DLL is loaded by EXE.
Main.exe (.Net Application)
|
\--DLL.exe (.Net+C/C++ Application Mixed-Mode)
I have patched DLL.exe with previous fix but after replace the DLL, the Service do not start. After few
search with google and in many forum I have undestood that .NET use a Strong-Name and PublicKey.
For remove Strong-Key, PublicKey and PublicKeyOrToken I have follow this procedure with CFF Explorer
For Patched DLL :
- .NET Directory -> Flags -> Remove Strong Name signed
- .NET Directory -> StrongNameSignature RVA -> Fill with 0x00000000
- .NET Directory -> StrongNameSignature Size -> Fill with 0x00000000
- .NET Directory -> MetaData Stream -> Tables -> Assembly -> 1 - Main -> Flags -> Remove PublicKey
- .NET Directory -> MetaData Stream -> Tables -> Assembly -> 1 - Main -> PublicKey -> Fill with 0x0000
For Original Main.exe
- .NET Directory -> MetaData Stream -> Tables -> AssemblyRef -> !!! ... Problem ... !!!
I have found one problem at this point, the DLL reference is not here !!! Why ???
How can bypass the Strong-Name if I can't remove the Assembly Reference ???
Does anyone ever run into something similar ?
I have one packet to test this phenomenon without install all software.
Someone wants to try ?
Kappasm.