I. Preparation
Required software:
Ildasm.exe: used to compile DLL and exe into il files.
Ilasm.exe: used to compile the Il file back to DLL or EXE
These two tools are installed with vs (vs2005 can handle 2003 of them, but not vice versa)
Text processing tool:
Ultraedit: http://www.crsky.com/soft/1469.html
Emeditorpro: http://www.crsky.com/soft/4278.html
Use different tools as needed
Other tools:
Reflector.exe: http://www.pediy.com/tools/dotnet.htm
Xenocode FOX: http://www.pediy.com/tools/dotnet.htm
Modified ildasm: http://www.pediy.com/tools/dotnet.htm
You can use reflector at ordinary times, which is especially convenient to use fox. Use the modified ildasm when dealing with copyrighted or specially obfuscated. net1.x.
When using these things
The general cracking process of. NET is roughly as follows:
1. Use ildasm to compile the target file (EXE/DLL) as Il
2. Remove the strong name and use ilasm to decompile it back to see if it can run correctly.
If you can run the command, you can do everything (Step 3). If not (step 4)
3. Search for limits in the Il file and modify them to decompile until the cracking is completed.
4. check whether there are other restrictions on the Il file.
If you still cannot run it, you may not be able to use the usual method to crack it. The specific problem is analyzed.
Ii. Example
Select a calendar control (download: http://www.mediachase.com /)
After installation and running, check how the trial restrictions are reflected.
Let's find a page and run it to see the effect home/fullsample. aspx.
We can see that there will be warnings when there is no registration
(Some software trial prompts appear randomly, but in any case, the first step for us to crack a software is to understand the restrictions of the Software)
Next, let's try to see if decompilation is possible.
Open ildasm.exe and compile it as an il file.
(Ildasm.exe is in c: \ Program Files \ Microsoft Visual Studio 8 \ SDK \ V2.0 \ bin by default)
We use emeditor to open the Il file and delete the strong name.
Deleting a strong name is a required step for cracking by using the decompilation method. If ildasm is used for compilation, the strong name must be deleted.
The gray part is a strong name. Delete and save all
Next, compile il back to DLL.
Enter the vs2005 command line (if you directly use cmd to Access DoS, you may need to enter the full path due to environment variables)
Switch to the Il directory for execution
Ilasm/dll/resource = mediachase. Web. UI. webcontrols. Res mediachase. Web. UI. webcontrols. Il
Successful execution (but does not indicate that the control can be cracked using this method)
We still go back to vs to refresh the page we just opened and find that there is no error saying. This basically indicates that the control can be cracked using this method.
Next, we will enter the burst search stage.
Emeditor opens the Il File
Search for the keyword. We entered "this is" and found two results.
Next, find out where this is used. We can see it on the page.
Is in the calendar AR: rendercontents
Open reflector.exe, read the DLL and locate it. There are two parts in total, and they are all in the same process.
We found that the two have the same thing in common. They all decide whether to output warning language based on the isdemoversion variable.
Now we have two routes.
1. Delete the alert directly, so it is OK.
2. Modify the isdemoversion variable.
Select 2
Click me. isdemoversion to jump, and right-click analyze.
View all calls to the isdemoversion variable
There are only two places, one is where we just stayed, and the other one. Let's take a look.
We can see that isdemoversion is assigned true when the instance is initialized.
In addition, we can see that only this part changes the isdemoversion.
Therefore, we only need to change isdemoversion to false.
Final operation
Open emeditor and locate
Find the corresponding location and change "true" to "false" (Change "LDC. i4.1" to "LDC. i4.0" in IL)
Save Il
Re-dos Compilation
Refresh the page again
Warning Message missing
Summary:
- Before cracking, you must first find out the software restrictions.
- When using ildasm to crack, you must first Delete the strong name in Il
- The emeditor plug-in search feature that is good at using during il modification can list all targets.
- Try to break through the root cause of the restriction. For example, this time, you can directly Delete the string to achieve the goal of cracking. You can modify isdemoversion to make it better, because some complicated software will have multiple points in the future, at that time, you must start the root again.