Reverse Engineering Asked by warchantua on April 11, 2021
I have C# binary. I was able to use dnSpy
to decompile it, and analyze. The binary was obfuscated with xenocode
obfuscator.
I figured out that I can directly manipulate IL instructions if I just find correct instruction offset, and replace instruction byte(s).
Original bytes and C# code (replaced with letters so it is readable):
a.b().c.d = (int)e.f;
06 6F A0010006 6F 9302000A
^ ^ ^ ^ ^-------- T2
| | | ----------- callvirt to set_d
| | -------------------- T1
| ----------------------- callvirt to get_f
-------------------------- ldloc.0
What I want to achieve and resulting bytes:
a.b().c.d = 6;
1C 00 00000000 6F 9302000A
^ ^ ^ ^-------- T2
| | ----------- callvirt to set_d
| |
| ----------------------- 5x nop, so the length of file is same
-------------------------- ldc.i4.6
I am able to decompile changed binary without error, and I can observe my changed instructions, but when binary executes this region, it dies. Any ideas?
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP