Hi to all. I'm starting in this world... the truth is that i'm starting from a lot of years (since Sice for DOS), but i don't get very high results (not a lot off free time).

Well i'm seeking for an answer for a very very simple question about .net programs. How can i locate a method in PEBrowse (for example) if i have already find it in Reflector ¿? (obviusly i suppouse that is obfuscated and there are thousands of items). Or viceversa ¿?

Imagine, that i want to change il byte code brtrue for brfalse. And i know (in Reflector for example) where the routine are, but i need to know the bytes around it to find the opcode in the hex editor. How i can do this?

I know is a very starting question... so, please, be "good" with me ;)

And excuse me for my poor english.

potros

Hi there

It looks like you are very new here !
anyway I wanna help as much as I can but you have to gain some basic knowledge first

you can read some papers and watch some videos from tuts4you or follow this link : http://portal.b-at-s.info/news.php

If you have any other questions then post again.

good luck.

Just download the reflexIL plugin for reflector, and edit with that. Or if that doesn't work, go to the attributes plugin in reflector and it'll give you the RVA offset of the method. Just plug that into CFF Explorer and you'll be at the target method.

Hi!

Well.. as i said, a very simply question, but i think that this is not my real level. Thanks to both of you. I'm really look for information in manuals, tutors and crackmes, but it's too information in a short time.

Now, an other question. This time a bit more hard.

I'm working over a dll modified with {SM} (I don't know wich ver.) Well, the first thing that i have to do is to remove SN and her refereces. No problem with that (a lot of tools). But there are a SN check into the dll. The first part of the function read the SN and load it into an array. Like that

Dim executingAssembly As Assembly = Assembly.GetExecutingAssembly
_._ = executingAssembly.GetManifestResourceStream("{45e2bd01-0bdb-4a35-a2f1-2e927a700c6f}")
Dim publicKeyToken As Byte() = executingAssembly.GetName.GetPublicKeyToken

As i removed the SN, the later check will fail, so i think that i can load byte by byte the values into the array. Something like that (I add the IL codes on the correct place):

ldloc.2 // Load the reference to the array
ldc.i4.s (sbyte) "index of array" // Load the array index
ldc.i4.s (sbyte) (int8 value) // The value
stelem.i4 // Modify the array

Doing that for every byte.... but this don't work. The application launch an exception. ¿Anybody knows Why?

Thanks. potros

I use .NET 3.5 SP1 because it doesn't check for strongname. Try using that version of the framework.