ā How to reverse engineer your simple console app code?
Just curious. Is this possible with programs like x64dbg or... ?
67 Replies
You can use ILSpy or similar to open your DLL or EXE and view the IL code
C# is ridiculously easy to reverse-engineer
Maybe some background info from me: I see people doing stuff with x64dbg but this is not intented to reverse-engineer c# stuff?
I have no idea what x64dbg is
ah, so an ASM viewer
Didn't know there was a word for that
Well, C# compiles to IL, which looks kind of like ASM but more high-level. IL is a binary format which is emitted directly into DLL or EXE files by the C# compiler, which means that you can use a program like ILSpy which allows you to view the IL binary in an ASM-like format, and even as C# code.
You can also go to Sharplab.io if you want to see the IL generated by some simple code
Ohh I see. So IL is also called managed code right?
Afaik "managed code" refers to something else unrelated to IL
Hmm reading this book C# in a nutshell and this sentence over here says:
"C# is called a managed language because it compiles source code into managed code, which is represented in Intermediate Language (IL)"
for me it's managed because there is a garbage collector š¤
I think "managed" might just refer to the fact that there is an runtime
Although you're better off asking about that in #allow-unsafe-blocks
You can write unmanaged code if you just don't use managed types (everything that isn't a reference type or contains reference types as fields)
I need to get a better understanding of this JIT thing. Because that "ASM Viewer" looks alot like that jit in sharplab.io
JIT is the ASM code that the Just In Time compiler generates at runtime
You write C#, the C# gets compiled into IL by the compiler, the runtime runs the IL by running it through the JIT which turns the IL into machine code at runtime.
ohhhh
Although there is also native Ahead Of Time (AOT) which compiles C# directly to architecture-specific machine code
Ok, ok. That's a bit to deep :D. But I had a feeling that I had to understand this first to start reverse engineer stuff
just use ILSpy for classic program
Although be aware that depending on what you reverse engineer, it may or may not be against the terms of service of that thing. Although who tf cares about tos anyway.
haha, yeah true. But btw it's just my own console app which i'm trying to run trough that
I'll give a little sneakpeak of what i'm trying to accomplish
Trying to run this trough that program and I want to change the program via that tool to hit the first if statement
But all I see is machine code with zero string references of what I'm showing lmao
or from ilspy
I'll download ilspy realquick but I assume you cant change the behaviour of ur .exe
you could use dnspy
its ilspy but can debug runnign process
meaning change variables on runtime
theoretically you could also change the code, but it never worked for me^^
while i am at it.. i guess you are using visual studio to develop.. it can decompile aswell
hmmm
there is a plugin to install ILSpy as a plugin in VS
itneresting
I also found this: https://www.youtube.com/watch?v=ZDXTdgfG5HE&ab_channel=howCode
howCode
YouTube
Simple Reverse Engineering on Windows
In this video we'll be learning how to use simple reverse engineering techniques to see inside a Windows EXE and manipulate it.
The program we'll be looking at asks for a secret code, we'll be manipulating the program to make it accept any code we give it.
Go to https://howcode.org for more!
Link to the program we'll be manipulating: http://h...
if u skip to 6:32 that's exactly what im trying to do
well sort of
so u can basically open the .exe in vs studio and change code ?
you cannot change it with ilspy
for my examply
with IL spy you can change make it so it runs the first if statement?
Ogie#1985
Quoted by
<@!971836278058405898> from #How to reverse engineer your simple console app code? (click here)
React with ā to remove this embed.
well looks like you can change things with ilspy with the video you linked
š¤
never tried
ĀÆ\_(ć)_/ĀÆ
looks like ILSpy can edit the ILCode and you can export it after with save as
if you look more closely in the vid he is using reflexil to change the il
oh yeah
it's a plugin ? š¤
seems like it
https://github.com/sailro/Reflexil
GitHub
GitHub - sailro/Reflexil: The .NET Assembly Editor
The .NET Assembly Editor. Contribute to sailro/Reflexil development by creating an account on GitHub.
so just use that ogie
Ilspy with reflexil okay
Many people use x64dbg for some reason but hmm
x64dbg is for native apps
What do you mean with native apps?
C or C++ or anything compiled to native
ohh nvm
apps containing native machine code
isn't the console app converted to machine code after publishing ?
nop it's ILCode
C# is compiled to IL
i see so the clr covnerts il to native code of the machine
yeah ok
yeah
hmmmmm
Ok my theory was if it could get converted to machine code somehow you were able to do stuff with x64dbg on that simple console app
just use ILSpy
I give up on x64dbg going to try ilspy now
at the runtime there is at some point machine code but it's clearly easier to manipulate ILCode
If you try to use x64dbg on IL then you'll just end up with garbage
Reflexil doesn't work with latest version of ilspy or a tleast preview version
I guess I'll just wait. Cba uninstalling and downgrading versions
Thanks man dnspy did the job
well I thought that editing the file/ change code would work but nvm
dnspy for the win
dips
naa dnspy had the option te modify code but it doesn't compile š
only solution is left to downgrade il spy and get reflixit for it but i guess ill open an issue on dn spy repo
tldr; dnspy is waiting for release version 8 of ilspy. After that dnspy will be upodated to edit code. Huge
source: https://github.com/dnSpyEx/dnSpy/discussions/149
GitHub
What language version does this version of DnSpy support? Ā· Discuss...
As the title asks, thanks in advance.
Also for context: dnspy publicly archived but dnSpyEx is an (fork) continuation of the dnSpy repo
No one knows why the heck main repo closed but assumptions are buyouts and to remain silent
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.