Detection Code
Remove Anti-debug Code
Control Flow deobfuscation. Many obfuscators modify the IL code so it looks like spaghetti code making it very difficult to understand the code.
Restore class fields. Some obfuscators can move fields from one class to Some and other obfuscator created class.
Convert a PE exe to a. NET exe. Some obfuscators Wrap A. NET assembly inside a Win32 PE so a. NET Decompiler can ' t read the file.
Removes Most/all junk classes added by the obfuscator.
Fix
confusion is the name of confusion, will be named Space name, class name, method name, field name and so on all replaced with special symbols or other symbols, the purpose is to let people see halo, but does not change the program execution logic. I use the dotfuscator here to confuse. Dotfuscator Obfuscation method: 1. Create a new project; 2. Select the DLL, EXE file to be confused, 3. Select the library
When doing XDCTF, encountered a. NET reverse, I did not learn at all. NET, with reflector open after directly read do not understand, give up.Now look at the next writeup, know the reason why do not understand is because of the Packers. So, subconsciously understand the underlying tools for the reverse of. NET applications. Here, paste in an article to record the things.Transferred from: http://www.52pojie.cn/thread-174802-1-1.htmlFirst of all, let me introduce the four artifacts in my eyes: De4
program cannot reference unsigned assemblies. (The above article has the corresponding solution)
ConfuseConfusion is the compilation of the generated MSIL intermediate code obfuscation, the simplest confusion is the name confusion, the namespace name, class name, method name, field name, and so on are replaced by special symbols or other symbols, the purpose is to let people see faint, but does not change the program execution logic.The Dotfuscator
virginity novice paste "[original" novice hack. NET program refers to this tool, which I serve as an artifact-level tool. Because of its shelling ability is indeed very strong, using it I successfully took off the Dotfuscator, Maxtocode processed procedures, as for other packers/anti-obfuscation tools such as Xenocode, Themida, etc. I have not experimented, and then I will plan to study all kinds of packers/ Anti-obfuscation tool shelling method, I a
. (There are corresponding solutions in the above article)
ObfuscationObfuscation is to blur the MSIL intermediate code generated by compilation. The simplest obfuscation is name obfuscation, the purpose of changing the namespace name, class name, method name, field name, and so on to special or other symbols is to make people dizzy, but does not change the program execution logic.I am using Dotfuscator for obfuscation.Dotfuscator obfuscation method
decompile, as shown in:Dotfuscated is the VS self-contained, it exists in the VS installation directory: D:\Program Files (x86) \microsoft Visual Studio 12.0\preemptive Solutions\dotfuscator and Analytics Community EditionAs shown in the following:Note:Change the project properties, application-and target framework: to. NET Framework 3.5 or below. This step is important because the. Net supported by Unity3d (the current version of Unity3d is 3.5) is
So far, obfuscation remains. NetProgramAnd obfuscatorsWPFWhat is application support? Let's explain it through an example today.
First, create a simple user interface as shown in:
On the pageCodeSet some binding attributes:
In the background code, first define a race enumeration to facilitate use in the list:
Below is the formWindow1Class defines the following attributes:
The code function at the Red Circle is to load all the values of the racial enumeration to the racial list
the difference between the two numbers must be checked.
9. Use the ildasm provided by Vs to decompile the. Net class library into the Il intermediate language. (In Program Files \ microsoft sdks \ windows \ v7.0a \ bin)
10. Using the built-in dotfuscator software services in vs20101 can protect and confuse DLL, so that it cannot be decompiled.CodeIt is not maliciously exploited.
11. Therefore, the value types all inherit from a special
Target software: emailxxxxxSoftware features: Send email, verify email, and collect email in one.Software language: DOTNET vs2005 framework20 platform.Cracking tool: DOTNET id.exe detects which. Net obfuscator shells reflector dotnethelper hexchange (self-written) dbgclr (Microsoft's own debugger) editplusTool Description: static tool: reflector view some class information dotnethelper decompile the program into an il file and then generate EXE hexchange with the Il file again. This function is
. Net edition, automatedqa (www.automatedqa.com)Runner-up: dotfuscator, preemptive solutions (www.preemptive.com)Runner-up: devpartner profiler community edition, compuware (www.compuware.com)Fourth place: optimizeit profiler for the Microsoft. NET Framework, Borland (www.borland.com)
Best. net source code control and group Auxiliary ToolsWinner: Microsoft Visual sourcesafe, Microsoft (www.microsoft.com)Runner-up: Borland starteam, Borland (www.borlan
increases, the human brain's ability to carry out multiple aspects of intellectual thinking gradually decreases, protectingSource codeTo improve the difficulty of decompilation. This type of fuzzy processing does not change the logic of program execution.
There are many obfuscation tools: dotfuscator, obfuscator. net, xeoncode, maxtocode
Merger
It is also possible to sign the Assembly and perform obfuscation. If the strongly-named assembly is ob
intermediate code generated by compilation. The simplest obfuscation is name obfuscation, the purpose of changing the namespace name, class name, method name, field name, and so on to special or other symbols is to make people dizzy, but does not change the program execution logic.I am using dotfuscator for obfuscation.Dotfuscator obfuscation method:1. Create a new project;2. Select the DLL and exe files to be confused;3. Select the Library Attribute
Smartassembly provides a method to optimize and confuse your. netProgramTo protect your work and software, reduce the size of the distribution package, and improve program performance. Visual Studio 2003/2005/2008 integrates a dotfuscatorCommunityVersion of the tool, the function is very simple, easy to use, specific operations can be referred to the followingArticle: Use of dotfuscator in Visual Studio 2008
Here, demonstrate the use of smartassembl
Recent interest in. NET assistive tools has already been posted on the 10 essential tools for. NET, which provides a comprehensive list of tools:Code generation
Nvelocity
Codesmith
X-code. NET
Xgof-nmatrix/deverest
Compilation
Extensible C #-Resolvecorp
Mono
Dotgnu-gnu
Obfuscation
Lsw-il-obfuscator-lesser Software
Demeanor for. Net-wise OWL
Salamander. NET Obfuscator-remotesoft
Salamander. NET Protector-remotesoft
Il-obfusc
Today we introduce an open source. NET Obfuscation--confuserexhttp://yck1509.github.io/ConfuserEx/Due to the use of. NET obfuscation in the project, there are many online searches, such as Dotfuscator, Xeoncode, Foxit and so on.But most of the charges, of course, there are cracked version of the company requirements can not use pirated software.Find a half-day finally found Confuserex, use up also line, hurriedly take out to everyone to share under.:
build the DLL, put into the Unity3d project: In fact, to see the contents of the DLL, a lot of software can be, we take the Unity3d from the MonoDevelop to see. Find the DLL file referenced inside, this is AzhaoDll.dll.You can browse directly to the contents of the DLL, to see just that test class, is not every variable, each method is a word of the lack of a display.There is also the last written Math3d method, can also be seen directly. DLL is such an uninsured thing, so we're going to introd
Visual
Developers who use Vs.net are trying to find a way to prevent or prevent others from using their own code to prevent others from understanding their business processes or the implementation process of some important algorithms.One of the most familiar is the vs.net on the Dotfuscator Community Edition tools, here is no longer introduced this tool, interested can go to http://thesource.ofallevil.com/china/ Msdn/library/langtool/vcsharp/misnetcod
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.