•  24-03-2022
  •  | 
  •  

Question

Hey i have done a few of decompiling in .net as i am learning c# so it helps me to see codes as it helps a lot. But lately i have come acrossed few program that i know are .net but in reflector show up as non .net assemblies. Here is the example of program named: Proxy Multiply.

I am not trying to do any illegal stuff or something. Just trying to learn. I have tried to google this but i was not able to achieve any good result. Thanks here is the link to image.

Picture

De4Dot Error

PEid Screenshot

Was it helpful?

Solution

There are many .Net code protection alternative, that obfuscate the IL codes so that they are not that much exposed to IL disassembler application.

  • .Net Reactor
  • Themida
  • SmartAssembly
  • the list is huge . . .

many of the protector modify the Exe (PE Header info), .Net exe contains some extra MetaData that helps disassembler to identify it.

Download this little application it may tell you a little more about the exe.

Download PEiD 0.95

PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files – its detection rate is higher than that of other similar tools since the app packs more than 600 different signatures in PE files.

PEiD comes with three different scanning methods, each suitable for a distinct purpose. The Normal one scans the user-specified PE file at its Entry Point for all its included signatures. The so-called Deep Mode comes with increased detection ratio since it scans the file's Entry Point containing section, whereas the Hardcore mode scans the entire file for all the documented signatures.

My best guess the assembly you are looking for is Protected by .Net Reactor or Themida

OTHER TIPS

I have same problem with dot net reflector before, try JetBrains dotPeek version 1.0 Decompling(this application will show code that obfuscated)

  1. Decompiling .NET 1.0-4.5 assemblies to C#
  2. Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files
  3. Quick jump to a type, assembly, symbol, or type member
  4. Effortless navigation to symbol declarations,
  5. implementations, derived and base symbols, and more
  6. Accurate search for symbol usages
  7. with advanced presentation of search results
  8. Overview of inheritance chains
  9. Support for downloading code from source servers
  10. Syntax highlighting
  11. Complete keyboard support
  12. dotPeek is free!

Just because it is .NET doesn't mean that you can just decompile it like that. They probably used ILMerge. That's not to say it's impossible but it will require more work.

See Is it possible to “decompile” a Windows .exe? Or at least view the Assembly?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top