Log in

View Full Version : .NET Reversing: Unpacking and Debugging


pnluck
January 26th, 2006, 15:59
In this article I show unpacking and debugging's techniques on .NET software.
Can you'll see, there are other tools, not more OllyDbg and imprec :*(


http://pnluck.altervista.org/article.php

ksbrace
January 26th, 2006, 17:15
what about salamander?
http://www.remotesoft.com/salamander/
I have used this and it works!

SKiLLa
January 26th, 2006, 17:19
Nice info pnluck

I've been reversing .Net apps mostly with Reflector, IDA 4.80 and WinHex.
Somethimes including Olly and some other tools; but I didn't know PEBrowse Pro Interactive had IL support Thanx ...

What about reversing RS .Net Protector 'packed' programs ... fixing the anti-decompiling/obfuscating stuff isn't that hard, but debugging/tracing it is a @#$%^ tedious job. I couldn't find any useful info/hints/tricks on that ... One might use/write a custom tracer or alike, but I didn't put that much effort in a general approach yet So, anyone .. any good idea's ?

ZaiRoN
January 27th, 2006, 08:30
Hi Pnluck,
nice reading

I would like to suggest another interesting reading from PEBrowse Debugger's author. Useful for many things, especially for the initial configuration.
http://www.smidgeonsoft.prohosting.com/documentation/pebrowse-pro-interactive-debugger-tutorial-introduction.html

Regards,
ZaiRoN

pnluck
January 27th, 2006, 14:51
zai there 's also a link to a tutorial on codeproject site
I thought that who goes on site, he doesn't download only the software but that he'll annoying on its

pnluck
February 10th, 2006, 10:11
I upload my tutorial, with the source of my .NET Generic Unpacker
h**://pnluck.altervista.org

It's funny

pnluck
October 6th, 2006, 10:29
I uploaded this tute making it more complete, I believe that this tutorial talks about all necessary knowledge of NET Unpacking: there're theory about Net generic packer and the source of a .net generic unpacker
pnluck.netsons.org in RCE section

LLXX
October 7th, 2006, 20:29
.NET is a rather interesting environment... my experience is that it's either extremely easy (near-perfect decompilation) or hard (obfuscated, packed, etc.)