About the functional limitations and relief of ildasm

First of all, I hereby declare that this article does not teach others to break through the limitations, but we just look at the problem from a learning perspective.

We all know that ildasm is. NetProgramIs a decompilation tool provided by Microsoft.

It can be directly put. . Net Program decompiling into il files and resource files, which can easily allow hackers to modify, delete Strong names, and modify the registration code.AlgorithmAnd so on... And ilasm is compiled again to get a correct and publishable assembly.

In addition, this function is irreplaceable by other anti-compilers, because ildasm is really important. Maybe some friends can understand, some friends can't understand, but it doesn't matter. Today's focus is not on this.

This is an incredible thing, so that the software has no security protection. Thanks to the xenocode, it has an anti ildasm function. This is a great feature, but how does it do it?

In fact, this is a limitation of ildasm. When you create a flag in a program, the Assembly cannot be decompiled by ildasm. ildasm will prompt you, this Assembly is already copyrighted and cannot be decompiled. Haha, will our most lovely ildasm go on strike?

I have looked for relevant materials, but I have not found any simple way to turn my assembly into an existing copyrighted assembly. xenocode does this, but I don't want to analyze it. If you have any friends, please contact me

So what is our task today? It is to pull the strike ildasm back and let it continue to work for us.

OK. Let's take a look: after a short analysis, I sweated... This kind of copyright protection is not as good as none, so many friends may be misled.

Why do I say this? Because I found that ildasm is much simpler than I imagined to work again, and it cannot be stuck with anything. Please refer to the followingCode:

 

1 0042b4bd E8 8 afcfdff call ildasmcr.0040b14c // Error Function

2

3
4 00366fc6 E8 12470100 Call ildasm.0042a6dd // Main Function

5

6
7 0042 aabd ff51 0C call dword ptr ds: [ECx + C] // Judgment Function

8 0042aac0 3bf7 cmp esi, EDI

9 0042aac2 75 0f jnz short ildasm.0042aad3 // Change the key jump address to JMP.

10 0042aac4 68   96010000 Push 196

11 0042aac9 E8 8964 FFFF call ildasm.00420f57

12 0042 aace E9 e3090000 JMP ildasm.0042b4b6

13

Obviously, ildasm uses only one flag to block copyrighted assemblies. Instead, you only need to modify one machine command to decompile any assemblies smoothly, and modify its content to compile again

The above code can be modified by yourself, if you do not, you can also download a modified version from the http://files.cnblogs.com/Aiasted/ildasm.rar.

Xenocode, in combination with strong naming practices, may disappear from then on

(Note: I have never done anything. . Net Assembly cracking. I only read the article "Strong names" can be removed from the decompiled assembly in ildasm. If there is any difference, please correct it)