1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

C# disassembly and edit

Discussion in 'C, C++, C#' started by healzer, Jul 29, 2013.

  1. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,361
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    Hey guys,

    I been trying to modify an exe file (without source) with ollybdg and IDA, but can't get it to work.
    I did find another small tool which allowed me to edit and save to a new exe, but when I run it, I get a false virus notification from my AV.

    If any1 has some tips or recommends I'd really appreciate it.

    Cheers
    healzer
     
  2. oozyluce

    oozyluce Regular Member

    Joined:
    Jan 26, 2013
    Messages:
    277
    Likes Received:
    231
    Occupation:
    IT Coordinator, Senior Network Administrator
    Location:
    http://www.gaben.tv/
    Home Page:
    You do realise that you're not dissasembling c# but actual Assembly-language based .exe?

    This is one of the hardest programming languages to learn... What are you trying to accomplish here exactly?
     
  3. extremeboy

    extremeboy Jr. VIP Jr. VIP

    Joined:
    Jul 8, 2010
    Messages:
    2,983
    Likes Received:
    646
    Occupation:
    World Best RANK Tracker SERPCloud.com
    Home Page:
    probably that C# .exe was encrypted with some sort of hash?
     
  4. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,361
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    I know the assembly language, but what I'm asking is that I can't find a good program to edit the exe file where I need (whether in hex or in Assembly language) because C# is encrypted, so I have to disassemble it to modify.

    I did find one app which allowed me to do so but after I run the .exe file I get a virus warning (false one), while the original file works normally. But it does work if I ignore the virus warning
     
  5. oozyluce

    oozyluce Regular Member

    Joined:
    Jan 26, 2013
    Messages:
    277
    Likes Received:
    231
    Occupation:
    IT Coordinator, Senior Network Administrator
    Location:
    http://www.gaben.tv/
    Home Page:
    Are you sure it's not just UPX packed? If so just use an UPX unpacker.
    Otherwise i'm not sure, c# ain't my cup of tea, neither is TEA decyphering :)
     
  6. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,361
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    Nope, I already figured out my problem.
    thanks anyways
     
  7. rootjazz

    rootjazz Jr. VIP Jr. VIP

    Joined:
    Dec 21, 2012
    Messages:
    614
    Likes Received:
    313
    Occupation:
    Developer
    Location:
    UK
    Home Page:
    How about posting this in case other users have an issue.

    I hate it when I am searching for a problem only to find a post that matches my issue *exactly* for the final post to be "solved it thanks" grrrr
     
  8. hpv222

    hpv222 Power Member

    Joined:
    Feb 8, 2010
    Messages:
    736
    Likes Received:
    274
    if the code hasn't been obfuscated, you can use Net Reflector, works pretty good.
     
  9. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,062
    Likes Received:
    2,872
    Gender:
    Male
    I guess you won't be able to write directly using ollydbg. You would need a hex editor to do so. Atleast that is what I learned when I did some experiment. Don't know how ollydbg works now a days.
     
  10. healzer

    healzer Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 26, 2011
    Messages:
    2,361
    Likes Received:
    1,966
    Gender:
    Male
    Occupation:
    Marketing automation tools
    Location:
    Somewhere in Europe
    Home Page:
    I tried both, but damn .net encrypts its code or something.
     
    • Thanks Thanks x 1
  11. s0ap

    s0ap Executive VIP Jr. VIP Premium Member

    Joined:
    Sep 23, 2008
    Messages:
    230
    Likes Received:
    810
    Occupation:
    :] guess
    Location:
    Congo/DRC
    Anything in IL needs to be read by the interpreter, which based off assumption probably verifies a size checksum before executing. If you are changing bytes and instructions in assembly you likely changing the length of the program, which will cause this test to fail. Instruction lengths in x86 and x86-64 are variable width, so even if you are doing a 1:1 change or NOP fill there is a strong chance that you will still end up with a different length executable.

    Ollydbg and IDA both allow for change-and-write to new executables, but with older versions of IDA you have to modify a registry setting before the menu will show up.
     
    • Thanks Thanks x 2