How to find Code generating known data? | ansaurus

tags:

reverse-engineering

views:

46

answers:

1

Q:

How to find Code generating known data?

From debugging the program I only know that before clicking a button a set of known data isn't in memory (confirmed by memory search) and after clicking it the data is in memory (all the time a different location).

How can I find the code that generates this data?

One of the major problems (which might be important to know) is that it is a .net-Program (which I can't analyze with Reflector because it is obfuscated). So I'm analyzing the assembly generated by .NET (in Olly / Immunity / IDA).

A:

If it is .Net you could debug the IL code. It is not easy though, but it should be possible to find the il intruction that writes the sequence into memory.

Try debugging tools for windows with the so called SOS extension.

You could also try if it would be possible to generate say C# code from the obfuscated assemblies for debugging. But this will most certainly not better readable code than IL.

schoetbi 2010-09-05 18:47:56

Can't I somehow just find the assembly instructions generated by the .NET-Framework that generate my preknown data?

Stefan Lendl 2010-09-05 19:03:47

I do not know such a method. The only way I can think of is debugging the code starting from the method handling the button click event if you can find this point in the il.

schoetbi 2010-09-05 21:51:37

Debugging through that code is nearly impossible, because .NET generates lots of code. I tried instruction traceing for the button click and stopped it after 8h so thats pretty much not doable.

Stefan Lendl 2010-09-06 05:10:56

related questions

Wrapping Visual C++ in C#

Open source ER diagramming tool for mysql

What are the best ways to understand an unfamiliar database?

Is reverse engineering evil?

Best way to inject functionality into a binary...

Good techniques for understanding someone else's code

How is the photoshop cutout filter implemented?

Best way to reverse-engineer a web service interface from a WSDL file?

How to reverse engineer undocumented legacy application?

Is there a C++ decompiler?

What's a good C decompiler?

Reverse engineering war stories

How do I decompile a .NET EXE into readable C# source code?

Creating a new rrd database based on an existing one

how are serial generators / cracks developed?

Is it legal to reverse engineer binary file formats

How would you go about reverse engineering a set of binary data pulled from a device?

Reverse Engineering C# code using StarUML

What are the best tools for reverse engineering z80 machine code?

Sequence Diagram Reverse Engineering

Stored procedures reverse engineering

How do I disassemble a VC++ application?

best tool to reverse-engineer a WinXP PS/2 touchpad driver?

Reverse engineer (oracle) schema to ERD

Annotating YouTube videos programatically