Simple operation of IL files

Getting started with IL File Modification

========================================
Object:
Master simple il file processing knowledge
Skills in using ildasm and ilasm tools
========================================
1. Write a simple hello. CS

2. CompileSource code
CSC hello. CS

3.decompile hello.exe with the following command:
Ildasm hello.exe/out = Hello. Il

4. Open the hello. Il file and find the following statement:
Il_0000: ldstr "Hello world! "
Change
Il_0000: ldstr "Hello world! A cracked version ."
Save the file.

5. Compile the Il File
Ilasm/Res: Hello. Res hello. il/out: hellocracked.exe
--------------------------------------------------------

Microsoft (R). Net Framework il explorer. Version 1.1.4322.573
Copyright (c) Microsoft Corporation 1998-2002. All rights reserved.
Refreshing 'hello. Il ', no listing file, to EXE --> 'hellocracked.exe'
Source file is ANSI

Assembled method helloworld: Main
Assembled method helloworld:. ctor
Creating PE File

Emitting members:
Global
Class 1 Methods: 2;
Writing PE File
Operation completed successfully

-----------------------------------------------------------
Compiled successfully.

5.run hellocracked.exe. The result is as follows:
Hello world! A cracked version.

OK.

 

Il file modification and improvement
========================================
Object:
FamiliarCodeProcessing
========================================
1. Modify the hello. CS file and add the strong name attribute code.
[Assembly: assemblykeyfileattribute ("key. SNK")]
[Assembly: assemblydelaysignattribute (false)]

2. generate strong name pairs. This is a typical RSA application.
Sn-K key. SNK

3. Compile the hello. CS File
CSC hello. CS

4.decompile hello.exe with the following command:
Ildasm hello.exe/out = Hello. Il

5. Open the hello. Il file and find the following statement:
Il_0000: ldstr "Hello world! "
Change
Il_0000: ldstr "Hello world! A cracked version ."
Save the file.

5. Compile the Il File
Ilasm/Res: Hello. Res hello. il/out: hellocracked.exe
--------------------------------------------------------

Microsoft (R). Net Framework il explorer. Version 1.1.4322.573
Copyright (c) Microsoft Corporation 1998-2002. All rights reserved.
Refreshing 'hello. Il ', no listing file, to EXE --> 'hellocracked.exe'
Source file is ANSI

Assembled method helloworld: Main
Assembled method helloworld:. ctor
Creating PE File

Emitting members:
Global
Class 1 Methods: 2;
Writing PE File
Operation completed successfully

-----------------------------------------------------------
Compiled successfully.

5.run hellocracked.exe. The result is as follows:

Unhandled exception: system. Io. fileloadexception: Strong name validation failed
For Assembly 'hellocracked.exe '.
File Name: "hellocracked.exe"

An error occurs because the signature code has been modified. This is often encountered during cracking. The following describes how to correct this error.

[Method A]
6.1.1. regenerate the EXE file
Ilasm/Res: Hello. Res hello. il/out: hellocracked_resign.exe

6.1.2. Because we have RSA keypair, we can re-sign it.ProgramHowever, during the cracking, the signature RSA keypair is not known, andAlgorithmThe possibility of cracking is almost impossible.
Sn-r hellocracked_resign.exe key. SNK
-----------------------------------------------------------
Microsoft (R). Net Framework utility version 1.1.4322.573
Copyright (c) Microsoft Corporation 1998-2002. All rights reserved.

Successfully re-signed the toolset hellocracked_resign.exe.
-----------------------------------------------------------
6.1.32.16restart hellocracked_resign.exe, OK
Hello world! A cracked version.

[Method B]
6.2.1 Delete the following content in the Il file and save the file
. Publickey = (00 24 00 00 04 80 00 00 94 00 00 00 06 02 00 00 ..............
00 24 00 00 52 53 41 31 00 04 00 01 00 01 00 // $... rsa1 ........
3b B2 D0 F9 da 7E 55 B2 50 40 6B cf eb 20 F6 67 //;....~ U. P @ k... G
E7 D6 af 65 32 4f 6D 21 5d 91 53 0b 04 C7 E2 15 //... e2om!]. S .....
F0 6a EE 38 F8 74 dB 22 34 F9 A1 B5 16 C1 04 66 //. j.8.t. "4 ...... F
B7 0b A8 36 49 9e 8A 71 E1 D1 26 AB A2 78 4E 3A //... 6i... Q... Xn:
8b 71 8C 7f 4D 54 22 28 5f 1f 8d de 6C 96 EC 22 //. Q... MT "(_... l .."
34 8A 35 3f 95 0a F4 F4 7f B7 8C F5 5d F4 CB 54 // 4.5? ......] T
92 94 dd 5E D5 0d 20 12 7f B1 9B 15 7f 0e FB 2a //... ^ ..........*
76 5f 45 3D 20 2C E2 6D Fe 55 72 30 49 76 28 Fe) // V_E =,. M. ur0iv (.

6.2.2 regenerate the EXE file
Ilasm/Res: Hello. Res hello. il/out: hellocracked_nosign.exe

6.2.3 re-run hellocracked_nosign.exe, OK
Hello world! A cracked version.
Because the signature information is deleted, the code can still be executed normally, which is a common method for cracking.

If you can understand the Il code, you can basically make any modifications you want.