2021年12月16日 星期四

dnspy ildasm de4dot ILSpy NET debugger assembly editor Decompilers

 dnspy ildasm  de4dot ILSpy

NET debugger assembly editor Decompilers

https://bytepointer.com/articles/flare2015/index.htm
https://cracklab.team/index.php?threads/7/

dnspy ildasm  de4dot ILSpy NET debugger  assembly editor dnspy ildasm  de4dot ILSpy NET debugger  assembly editor Decompilers   ILSpy PDB generation


ILSpy PDB generation


    Debug .NET and Unity assemblies
    Edit .NET and Unity assemblies
    Light and dark themes

https://github.com/dnSpy/dnSpy
ILSpy

 .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!


    Decompilation to C#
    Whole-project decompilation (csproj, not sln!)
    Search for types/methods/properties (substring)
    Hyperlink-based type/method/property navigation
    Base/Derived types navigation, history
    BAML to XAML decompiler
    Extensible via plugins (MEF)
    Check out the language support status
https://github.com/icsharpcode/ILSpy/wiki/Plugins
https://github.com/icsharpcode/ILSpy/issues/829
https://github.com/icsharpcode/ilspy
Dotnet IL Editor

https://blog.ndepend.com/in-the-jungle-of-net-decompilers/
https://github.com/icsharpcode/ILSpy
https://github.com/icsharpcode/ILSpy/tree/master/ICSharpCode.Decompiler.Console
https://github.com/icsharpcode/AvaloniaILSpy?WT.mc_id=-blog-scottha

Dotnet IL Editor (DILE) allows disassembling and debugging .NET 1.0/1.1/2.0/3.0/3.5/4.0 applications without source code or .pdb files. It can debug even itself or the assemblies of the .NET Framework on IL level.
https://sourceforge.net/projects/dile/

https://github.com/jbevain/cecil/wiki/Users
https://github.com/sponsors/jbevain/
 
CLI tool to compute the TypeRefHash (TRH) for .NET binaries.
https://github.com/GDATASoftwareAG/TypeRefHasher
Simple Assembly Explor (SAE) - Assembler, Disassembler, Deobfuscator, IL editor and more
 
https://sites.google.com/site/simpledotnet/simple-assembly-explorer
https://github.com/wickyhu/simple-assembly-explorer

https://www.gdatasoftware.com/blog/2020/06/36164-introducing-the-typerefhash-trh
TypeRefHash (TRH)
https://sites.google.com/site/simpledotnet/simple-assembly-explorer
https://github.com/wickyhu/simple-assembly-explorer

.Net Reflector
https://www.red-gate.com/products/dotnet-development/reflector/
VB Decompiler
https://www.vb-decompiler.org/
ReSharper
https://www.jetbrains.com/resharper/
JetBrains DotPeak
https://www.jetbrains.com/decompiler/
Telerik JustDecompile
https://www.telerik.com/products/decompiler.aspx
ilasm & ildasm
https://docs.microsoft.com/zh-cn/dotnet/framework/tools/ilasm-exe-il-assembler
https://docs.microsoft.com/zh-cn/dotnet/framework/tools/ildasm -exe-il-disassembler?redirectedfrom=MSDN
CodeReflect
https://devextras.com/decompiler/

https://github.com/0xd4d/de4dot/actions.
https://github.com/de4dot/de4dot
BitDiffer

Homepage: http://reflexil.net
Howto: http://www.codeproject.com/KB/msil/reflexil.aspx

Compatible with:

    ILSpy
    Reflector
    Telerik JustDecompile

Videos:

    Converting a .NET GUI application to console using Reflexil and ILSpy (http://bit.ly/1H5RDdh)
    Unity3D assembly patching (AngryBots game) with Reflexil (http://bit.ly/un1ty)
    Playing with Reflexil and Reflector (http://bit.ly/kill3rv1d)

Download stable releases here: https://github.com/sailro/Reflexil/releases
or nightly releases here: https://sailro.visualstudio.com/Reflexil/_build?definitionId=2&_a=summary&view=runs

https://github.com/sailro/Reflexil/releases

https://bytepointer.com/articles/flare2015/challenge07.htm
FLARE-On 2015 Challenge #7

Date: Aug 19, 2015

CHALLENGE MATERIALS:

filename:            YUSoMeta             https://bytepointer.com/download.php?name=flare2015_07_0CC92381BDCA47754B144A4FC2E41623.zip
md5        d17e49a45830a40c844f2bbf1046c99a
size        16 k (15,872 bytes)
type        .NET 4.0 Console App
Original FLARE Author        Matt Graeber
 
tool:            CFF Explorer / PE Viewer/Editor            Visit  http://www.ntcore.com/
tool:            de4dot / .NET de-obfuscator and unpacker            Visit Website http://de4dot.com/#download
tool:            ILSpy / .NET decompiler            Visit  http://ilspy.net/
tool:            Debugging Tools for Windows / Debugger            Visit  https://msdn.microsoft.com/en-us/library/windows/hardware/ff551063%28v=vs.85%29.aspx
tool:            SOSEX Debugger Extension / Managed Code debugging helper            Visit  http://www.stevestechspot.com/

http://dependencywalker.com/
Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.

https://bytepointer.com/articles/flare2015/challenge06.htm
 This is your basic-looking Android app that asks for the password, but you'll find the password is buried pretty deep. Android development skills are not completely necessary, however ARM assembly or C-pseudocode (IDA's C decompiler output) analysis skills are necessary to break this one.

CHALLENGE MATERIALS:

filename:            android.apk            https://bytepointer.com/download.php?name=flare2015_06_63C64502837A89CA0147095726DF8262.zip
md5        8afcfdae4ddc16134964c1be3f741191
size        1.03 mb (1,078,129 bytes)
type        Android 'Froyo' App (Java + Native ARM code)
Original FLARE Author        Moritz Raabe
 
tool:            Android Studio (SDK) / ADB tool / Android Emulator            Visit  https://developer.android.com/studio/index.html
tool:            dex2jar / DEX Converter            Visit  https://github.com/pxb1988/dex2jar
tool:            JD-GUI 1.4.0 / Java Decompiler            Visit  http://jd.benow.ca/
tool:            Apktool / APK Resource Decompiler            Visit  http://ibotpeaches.github.io/Apktool/install/
tool:            IDA / Disassembler            Visit  https://www.hex-rays.com/products/ida/index.shtml

This is your basic-looking Android app that asks for the password, but you'll find the password is buried pretty deep. Android development skills are not completely necessary, however ARM assembly or C-pseudocode (IDA's C decompiler output) analysis skills are necessary to break this one.

NOTE: The compiled Java code for the app is located in classes.dex. We need to convert it from Dalvik bytecode (.DEX) to Java bytecode before we can decompile it. Run the following command to perform the Java conversion:

    d2j-dex2jar classes.dex



     IDA / Disassembler            Visit  https://www.hex-rays.com/products/ida/index.shtml
OllyDbg 2.01 / Debugger            Visit  http://www.ollydbg.de/version2.html


 tool:            IDA / Disassembler            Visit  https://www.hex-rays.com/products/ida/index.shtml
tool:            Exe2Aut / AutoIt3 Decompiler            Visit  https://web.archive.org/web/20140910212943/https://exe2aut.com/downloads/Exe2Aut.zip
tool:            AutoIt 3.3.14.1 / AutoIt Interpreter            Visit  https://www.autoitscript.com/site/
tool:            VMWare Workstation / Guest copy of Windows XP            Visit  http://www.vmware.com/products/workstation/
tool:            Debugging Tools for Windows / WinDbg            Visit  https://msdn.microsoft.com/en-us/library/windows/hardware/ff551063%28v=vs.85%29.aspx
tool:            VirtualKD / Kernel Debug Virtualization Accelerator            Visit  http://virtualkd.sysprogs.org/
 

沒有留言:

張貼留言