首页
论坛
课程
招聘
[下载]Dotnet Msil Dumper 0.4 by Kurapica
2009-4-13 00:19 4010

[下载]Dotnet Msil Dumper 0.4 by Kurapica

2009-4-13 00:19
4010
The idea of this tool is to achieve two objects:

1 - It will dump the body of every Method (Function, Procedure) called by the executable assembly you select, The dumping occurs whenever compiler enters that method, for example if you Click some button and this button calls method "CheckLicense" then you will find a file named "CheckLicense.txt" in the "\Dump" folder.

2 - It will show you in details the methods being called and also the modules that your application loads so it could be used as a simple tracing utility for .net assemblies.

I wrote this tool to help me rebuild assemblies protected with JIT hooking technique, those assemblies can't be explored in Reflector because their methods' body is encrypted and only decrypted in runtime when the method is called so you will see no code in reflector, I assumed that I will have access to the encrypted MSIL code of the methods using Profiling APIs, there was a 50% chance of success but it turned out to be only useful against certain protections like the one that LibX coded which depends on System.Reflection.Emit.DynamicMethod to excute protected methods.

you can find more on LibX protection here
hxxp://www.reteam.org/board/showthread.php?t=799

----------------------------------------------
What's NEW ?

1- fixed a major bug that could cause an overflow while dealing with huge functions
2- The "Log loading modules" has been fixed and can be disabled now to increase speed.

----------------------------------------------
To do :

In next release I will add the ability to dump native compiled code of MSIL functions on the fly. I hope it's worth the effort  

http://portal.b-at-s.info/download.php?view.36

看雪招聘平台创建简历并且简历完整度达到90%及以上可获得500看雪币~

收藏
点赞0
打赏
分享
最新回复 (3)
雪    币: 209
活跃值: 活跃值 (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
llyang 活跃值 2009-4-13 10:40
2
0
thanks for your attention
雪    币: 232
活跃值: 活跃值 (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
yjwgood 活跃值 2009-6-27 23:17
3
0
不知道怎么用……
雪    币: 326
活跃值: 活跃值 (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
快雪时晴 活跃值 4 2009-6-28 14:01
4
0
导出TXT,内容其实是OPCODE字节码,还是无法直接阅读
游客
登录 | 注册 方可回帖
返回