Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Search Forums
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Showing results 1 to 25 of 184
Search took 0.01 seconds.
Search: Posts Made By: kao
Forum: .NET Reverse Engineering 08-27-2012, 06:50 PM
Replies: 6
Views: 23,491
Posted By kao
In general, you cannot remove strong name from...

In general, you cannot remove strong name from DLL and expect it to run. To verify if strong name is the issue, you can use Fusion log: http://msdn.microsoft.com/en-us/library/e74a18c4.aspx

There...
Forum: .NET Reverse Engineering 08-24-2012, 08:06 AM
Replies: 2
Views: 19,715
Posted By kao
ilasm /dll file.il

ilasm /dll file.il
Forum: Reverse Code Engineering 07-08-2012, 02:56 AM
Replies: 2
Views: 3,069
Posted By kao
It is protected with CryptoObfuscator. Use de4dot...

It is protected with CryptoObfuscator. Use de4dot to deobfuscate it.
Forum: .NET Reverse Engineering 06-13-2012, 02:03 PM
Replies: 2
Views: 18,348
Posted By kao
You've made some progress since last post,...

You've made some progress since last post, congratulations! :)

You should look into GClass32.smethod_9() - it gets password in one of parameters and then modifies it a bit. Figure out the the...
Forum: General Forum 05-25-2012, 03:50 PM
Replies: 4
Views: 7,549
Posted By kao
Haven't tried myself but might get you...

Haven't tried myself but might get you started:
1) http://flashrom.org/
2) BootROM Flash utility from...
Forum: File Unpacking 02-27-2012, 06:36 PM
Replies: 2
Views: 5,039
Posted By kao
There's additional protection for the most juicy...

There's additional protection for the most juicy part of code. Small virtual machine - VMProtect, if I'm not mistaken.
See here:

UPX0:00401800 push ebp
UPX0:00401801 mov ebp,...
Forum: .NET Reverse Engineering 02-27-2012, 12:20 PM
Replies: 1
Views: 16,109
Posted By kao
Why do you want to use old DLL with new...

Why do you want to use old DLL with new executable? In general it's a bad idea.

Normally I would suggest Mono.Cecil, as it can add new functions to assembly. But taken into account your previous...
Forum: File Unpacking 02-26-2012, 01:08 PM
Replies: 2
Views: 8,857
Posted By kao
Someone already told you on Tuts4You - your file...

Someone already told you on Tuts4You - your file is protected with Winlicense and for unpacking you can use script from...
Forum: .NET Reverse Engineering 02-14-2012, 10:33 AM
Replies: 3
Views: 17,459
Posted By kao
It is not obfuscated, so - there is nothing to...

It is not obfuscated, so - there is nothing to deobfuscate.
Forum: General Forum 01-31-2012, 06:24 AM
Replies: 14
Views: 45,638
Posted By kao
Dear demigods, it's been 2 months since you...

Dear demigods,
it's been 2 months since you disabled new user registrations. In your initial post you said that the restriction will last "30 days or so".

Have you decided in which direction this...
Forum: Reverse Code Engineering 01-25-2012, 05:09 AM
Replies: 4
Views: 4,633
Posted By kao
Ok, here's my rough plan how I'd approach it: 1)...

Ok, here's my rough plan how I'd approach it:

1) Load injector.exe in Olly, put breakpoints on CreateProcessXXX, WriteProcessMemory, NtWriteVirtualMemory, CreateRemoteThread, SetThreadContext...
Forum: Reverse Code Engineering 01-24-2012, 05:07 PM
Replies: 4
Views: 4,633
Posted By kao
You could start by NOT cross-posting from...

You could start by NOT cross-posting from Tuts4you. (http://forum.tuts4you.com/topic/28181-how-to-jump-into-a-freshly-injected-dll/) ;)

Having said that, check out these Google searches:...
Forum: .NET Reverse Engineering 01-24-2012, 09:09 AM
Replies: 2
Views: 10,966
Posted By kao
I'm not aware of any ready-made tool. Most...

I'm not aware of any ready-made tool. Most obvious choice would be to use Mono.Cecil and write ~20 line utility for that purpose.
Forum: .NET Reverse Engineering 01-19-2012, 04:49 PM
Replies: 5
Views: 17,669
Posted By kao
Sure you can do it, you just need to be extremely...

Sure you can do it, you just need to be extremely careful when patching your program. The crashes you see most likely come from .NET framework detecting invalid IL code or type.

The proper code...
Forum: .NET Reverse Engineering 12-15-2011, 08:39 AM
Replies: 7
Views: 9,139
Posted By kao
Protected with Eazfuscator. Use de4dot to unpack.

Protected with Eazfuscator. Use de4dot to unpack.
Forum: General Forum 12-05-2011, 09:45 AM
Replies: 14
Views: 45,638
Posted By kao
Yes, I'm serious. But that's only my opinion,...

Yes, I'm serious. But that's only my opinion, based on my experience at Exelab and Wasm. :)

Registration at Exelab requires answering several questions about reversing and about board rules. As a...
Forum: General Forum 12-05-2011, 06:37 AM
Replies: 14
Views: 45,638
Posted By kao
It's an interesting decision but I'm not sure...

It's an interesting decision but I'm not sure it's the right one. New members were the ones asking interesting questions and exhibiting interesting problems. Af if there are no interesting problems,...
Forum: .NET Reverse Engineering 11-17-2011, 01:43 PM
Replies: 2
Views: 7,908
Posted By kao
To get address of unmanaged functions, you can...

To get address of unmanaged functions, you can use ILDASM.
You'll see something like this:


.method public static pinvokeimpl(/* No map */)
bool...
Forum: .NET Reverse Engineering 11-16-2011, 04:18 AM
Replies: 21
Views: 122,050
Posted By kao
It's a mixed-mode assembly, meaning it contains...

It's a mixed-mode assembly, meaning it contains both managed and native code. It is not obfuscated in any way, so - no need to run de4dot on it. Removing native code will remove most of its...
Forum: File Unpacking 11-15-2011, 02:19 PM
Replies: 7
Views: 12,696
Posted By kao
Packed with Themida.

Packed with Themida.
Forum: File Unpacking 11-12-2011, 02:52 PM
Replies: 22
Views: 20,057
Posted By kao
I don't think it's commercial solution. In fact,...

I don't think it's commercial solution. In fact, given the way it's integrated in app, I'm quite sure it's custom-made. :)
Forum: .NET Reverse Engineering 10-30-2011, 12:08 PM
Replies: 2
Views: 7,032
Posted By kao
If you had spent at least a minute searching this...

If you had spent at least a minute searching this board, you would have found the answer already.

V4 is very similar to v3.2, and the old tutorials still work.
Forum: .NET Reverse Engineering 09-09-2011, 06:53 AM
Replies: 5
Views: 6,717
Posted By kao
Thanks, much better! :) If I was going to attack...

Thanks, much better! :)

If I was going to attack such a product, I would go for keygen, as protection is really trivial. SAE (Simple Assembly Explorer) can deobfuscate strings and partially fix...
Forum: .NET Reverse Engineering 09-09-2011, 06:09 AM
Replies: 5
Views: 6,717
Posted By kao
Seriously, why do you make it so hard for anyone...

Seriously, why do you make it so hard for anyone to help you? It is you who needs help, so...

1) Please be so kind and write product name you are talking about - someone might be already familiar...
Forum: File Unpacking 09-08-2011, 11:26 AM
Replies: 2
Views: 5,544
Posted By kao
1) It's not "unknown.dll", it's...

1) It's not "unknown.dll", it's "MapleStory.dll" - part of BT.MSEA.v107.5, cheat for MappleStory game.
2) It's protected with VMProtect.
Showing results 1 to 25 of 184

 
Forum Jump




Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.