min2max
12-13-2009, 08:09 AM
I am new to reverse engineering altho I am experienced programmer. Basically, I want to decompile a .net dll so I can look at the source code (method names and data structures at least). This dll is used by another application and is not an exe file.
I can not open the file in .net reflector (invalid number of data directories in NT header). I can open the dll in CFF explorer, but the interesting classes/methods are obfuscated. I used a tool called DotNetId that says it is most likely protected by MaxtoCode.
questions:
1. how can I de-obfuscate this dll?
2. are there tools to decompile this dll?
also, what does unpack mean exactly?
thanks.
after doing a lot more reading I dont think this dll is protected by maxtocode as I cannot find the maxtocode runtime dll on my computer.
Ok, I am able to view the IL with ildasm1.1.exe. The most interesting class is partially obfuscated/encrypted (the member variables names are encrypted). Other class names are also encrypted. So either I somehow figure out how to decrypt to make it more readable OR is there a way to decompile from the IL? I am basicially flying by the seat of my pants here. This is probably child's play for someone who knows this stuff. Any help/suggestions appreciated.
I can not open the file in .net reflector (invalid number of data directories in NT header). I can open the dll in CFF explorer, but the interesting classes/methods are obfuscated. I used a tool called DotNetId that says it is most likely protected by MaxtoCode.
questions:
1. how can I de-obfuscate this dll?
2. are there tools to decompile this dll?
also, what does unpack mean exactly?
thanks.
after doing a lot more reading I dont think this dll is protected by maxtocode as I cannot find the maxtocode runtime dll on my computer.
Ok, I am able to view the IL with ildasm1.1.exe. The most interesting class is partially obfuscated/encrypted (the member variables names are encrypted). Other class names are also encrypted. So either I somehow figure out how to decrypt to make it more readable OR is there a way to decompile from the IL? I am basicially flying by the seat of my pants here. This is probably child's play for someone who knows this stuff. Any help/suggestions appreciated.