assembly - Cracking C# application with OllyDebug -
i know if there way crack c# windows application ollydebug. have simple own crackme application written visual c# 2010 express. when open ollydebug , modify asm code need, there no "copy executable" alternative in ollydebug since registration form window dynamically allocated "new" operator (which is, believe, virtualalloc() function phone call in debugger). though able modify asm code (which nop'ing je jumps), not able save .exe file cracked code, looks ollydbg "sees" code in info segment not existing when application launches , dynamically allocated. can help me problem? think modifying *.exe should possible @ to the lowest degree 2 approaches:
1) dig deeper code ollydbg , find place actual code held before allocation (because new instance of registrationform doesn't come magically out of space, it?)
2) if allows fast creation of application in vs express , doesn't require much complicated code, utilize static calls each time clicking on "register" shows same registrationform window (which held in code section of application , hence modifyable in ollydbg).
it ok point out how rewrite code , maintain simple allocate same instance of registrationform (singleton?). thing need crack&save *.exe, relaunch , fill in info "complete registration".
here code of mycrackme class main() method:
using system; using system.collections.generic; using system.linq; using system.text; namespace mycrackme { class mycrackme { public static void main() { myform mainwindow = new myform(); system.windows.forms.application.run(mainwindow); } } } main window class:
using system; using system.collections.generic; using system.componentmodel; using system.data; using system.drawing; using system.linq; using system.text; using system.windows.forms; namespace mycrackme { public partial class myform : form { public myform() { initializecomponent(); } private void exittoolstripmenuitem_click(object sender, eventargs e) { application.exit(); } private void abouttoolstripmenuitem_click(object sender, eventargs e) { messagebox.show("all rights reserved", "message"); } private void registertoolstripmenuitem_click(object sender, eventargs e) { registrationform registrationform = new registrationform(); registrationform.show(); } } } registration form class:
using system; using system.collections.generic; using system.componentmodel; using system.data; using system.drawing; using system.linq; using system.text; using system.windows.forms; using system.runtime.interopservices; namespace mycrackme { public partial class registrationform : form { // utilize dllimport import win32 messagebox function. [dllimport("user32.dll", entrypoint = "messageboxa", charset = charset.ansi)] public static extern int msgbox(int hwnd, string text, string caption, uint type); public registrationform() { initializecomponent(); } private void button1_click(object sender, eventargs e) { if (textbox1.text == "lincoln" && textbox2.text == "12345") { msgbox(0, "registration completed successfully!", "registration message", 0); } else { msgbox(0, "registration failed", "message", 0); } } } } here ollydbg screenshot , message comes when setting breakpoints
.net using il bytecodes, gets compiled native instructions when run application, runs in .net vm, similar java. might doing olly debug framework self, not jit generated native code. (which want if understand correctly). saving patched .net application not available in olly far know. there other solutions manipulate/observe msil code.
dbgclr ildasm cordbg cffexploreralso pebrowse can debug jit generated native machine code too!
you might interested in these papers:
reverse code engineering science of .net applications shukhrat nekbaev
owasp .net debugging
dotnet
rewrite msil on fly on msdn
.net internals , native compiling
stackexchange network has site dedicated reverse engineering, please bring together there :) there might answer question on there.
c# assembly ollydbg cracking
No comments:
Post a Comment