1. Content Hidden For Guests in a Forum! You Must Register To See The Hidden Data Contained Here! 

    [ SIGN UP NOW! ] [Read Our Forums Rules]
    Dismiss Notice
Dismiss Notice
Do Not Try To Register Using Temp Mail.! We Will Ban Your IP Permanently!
^Spam Killer Staff

[Quick Guide] How to reverse engineering .NET

Discussion in 'Reverse Engineering' started by CodeCracker, Sep 11, 2017.

Leaked forums
  1. CodeCracker

    CodeCracker - Elite Member -
    Staff Member - Elite - [Pro] Donor

    Joined:
    Sep 9, 2017
    Messages:
    29
    Likes Received:
    68
    [​IMG]
    In this post I am explaining the reverse engineering process using few other tools. You need to download “Telerik JustDecompile or Red Gate’s Reflector”, It allows you to explore and analyze compile .NET assemblies, viewing them in C#, VB and IL. Once you install,:emoji_grinning: Telerik JustDecompile, you need to download “Assembly Editor plugin(Reflexil)”, using Plugins Manager. Reflexil is an assembly editor and runs as a plug-in for Red Gate’s Reflector and Telerik’s JustDecompile. Reflexil is using Mono.Cecil, written by Jb Evain and is able to manipulate IL code and save the modified assemblies to disk. Reflexil also supports C#/VB.NET code injection. You can more details about Reflexil here. :emoji_kissing_heart:Lets start to reverse engineer any .NET application.

    Here is the code snippet which I am using for demonstration purposes. :emoji_hugging:

    Code:
    public Form1()
    {
        InitializeComponent();
        string user = Environment.UserName;
        if (DateTime.Now.Hour < 12)
        {
            lblGreeting.Text = "Good Morning " + user;
        }
        else if (DateTime.Now.Hour < 16)
        {
            lblGreeting.Text = "Good Afternoon " + user;
        }
        else
        {
            lblGreeting.Text = "Good Evening " + user;
        }
    }
    I have a form with a label docked in it. While launching the application, based on the time, it will display a greeting in the label with the username.

    [​IMG]
    Now build the application, open the executable in Just Decompile. Expand the Form1 node from the tree. You can see the code like this.

    [​IMG]

    If you look into the code, you can find a small issue in the code, it is displaying Good Evening, after 4 PM, and you need to modify it like it should display Good Evening only after 5 PM. :emoji_grimacing:Lets reverse engineer that. Click on the Plugins menu and select Reflexil plugin and select the method you want to modify, in this scenario, the constructor. Reflexil plugin will open up a window on the bottom of the screen with few tabs in it like this.

    [​IMG]

    Look for the value 16, in the operand column of the Reflexil Grid. Right click on the row and select edit.

    [​IMG]

    Now modify the value from 16 to 17 in the Edit existing instruction dialog. :emoji_flushed:

    [​IMG]

    Click update. Most of the instructions, Edit existing instruction dialog will display details. You can learn more from any IL tutorial. Now go the assembly in Tree view, right click, Select Reflexil 1.5, and choose "Save As" option.:emoji_baby:

    [​IMG]

    :emoji_heart_eyes:Now save the file, by default the filename with be assembly name.patched.exe. Now run the patched executable you can see the change! :emoji_kissing_heart:

    :emoji_footprints: Happy Reverse Engineering! :emoji_boot:
    [​IMG] | CodeCracker | [​IMG]
     
    #1 CodeCracker, Sep 11, 2017
    Last edited: Sep 11, 2017
    UKBoy001 likes this.
  2. Elina

    Elina Super Administrator
    Staff Member - VIP - [Pro] Donor

    Joined:
    Jul 29, 2017
    Messages:
    43
    Likes Received:
    49
    So cute! :D keep it up!!
     

Share This Page