tags:

views:

173

answers:

3
+1  Q: 

I am trying to make an obfuscator.

This is kind of a two part question. But it both relates to the same thing.

I want to work with the IL code of an app to apply patches. I am wondering what would be the right approach. Obviously I could decompile it and read and edit the il code file then recompile. but is there some way to read it as msil code right in the file. and maybe edit it in real time.

I was trying to edit the decompiled code of an executable. but each time I recompiled it I would get a problem with the execution. Like it couldnt find its entry point anymore. How do I calculate that ? Im guessing I need to know the length of the commands and their paramaters, Or to make the entry point a Label or something. I would be nice if there was a Visual Studio Template for something like this.

+6  A: 

As someone who's already read the ECMA-335 spec multiple times and implemented a CLI image loader in two different languages (with a full IL analysis in one), I'd say this would still be a challenging task for me. I say this because it appears that both 1) you haven't done this and 2) you are looking for an easy answer. The spec should definitely be your starting point.

The minimal procedure would be:

  • Load the PE image (exe or dll)
  • Parse the byte code of all methods and resolve symbols
  • Apply code transformations (minimal of course would be a single transformation such as renaming private methods)
  • Save the result as a new PE image

Edit: This won't keep you from having to learn about the detailed structure of .NET assemblies, but it may save you some time in the actual implementation and assist in keeping your obfuscator logic cleanly separated from the loader.

280Z28  2009-09-09 18:31:17
Would Mono Cecil take care of some of those steps trivially?
Luke Quinane  2009-09-10 05:51:31
+1  A: 

To read the MSIL, there sure is, in this thread:

ildasm.exe - Intermediate Language Disassembler. You can view your compiled code at the MSIL level with this tool.

This is found in the Microsoft SDK.

Kyle Rozendo  2009-09-09 18:32:48
+1  A: 

I agree with Sam (280Z28), to modify the code at the byte level you would have to read & understand the ECMA standard. If all you're interested in is obfuscating your code I'd suggest that you look on some freeware obfuscation tools such as CliSecure or dotfuscator community edition.

Kevin Young  2009-09-10 05:48:04

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?