C
Join ServerC#
help
โ How to reverse engineer your simple console app code?
OOgie12/10/2022
Just curious. Is this possible with programs like x64dbg or... ?
Tthinker22712/10/2022
You can use ILSpy or similar to open your DLL or EXE and view the IL code
Tthinker22712/10/2022
C# is ridiculously easy to reverse-engineer
OOgie12/10/2022
Maybe some background info from me: I see people doing stuff with x64dbg but this is not intented to reverse-engineer c# stuff?
Tthinker22712/10/2022
I have no idea what x64dbg is
OOgie12/10/2022

Tthinker22712/10/2022
ah, so an ASM viewer
OOgie12/10/2022
Didn't know there was a word for that
Tthinker22712/10/2022
Well, C# compiles to IL, which looks kind of like ASM but more high-level. IL is a binary format which is emitted directly into DLL or EXE files by the C# compiler, which means that you can use a program like ILSpy which allows you to view the IL binary in an ASM-like format, and even as C# code.
Tthinker22712/10/2022
You can also go to Sharplab.io if you want to see the IL generated by some simple code
OOgie12/10/2022
Ohh I see. So IL is also called managed code right?
Tthinker22712/10/2022
Afaik "managed code" refers to something else unrelated to IL
OOgie12/10/2022
Hmm reading this book C# in a nutshell and this sentence over here says:
"C# is called a managed language because it compiles source code into managed code, which is represented in Intermediate Language (IL)"
"C# is called a managed language because it compiles source code into managed code, which is represented in Intermediate Language (IL)"
Xx0rld12/10/2022
for me it's managed because there is a garbage collector ๐ค
Tthinker22712/10/2022
I think "managed" might just refer to the fact that there is an runtime
Tthinker22712/10/2022
Although you're better off asking about that in #allow-unsafe-blocks
Tthinker22712/10/2022
You can write unmanaged code if you just don't use managed types (everything that isn't a reference type or contains reference types as fields)
OOgie12/10/2022
I need to get a better understanding of this JIT thing. Because that "ASM Viewer" looks alot like that jit in sharplab.io
Tthinker22712/10/2022
JIT is the ASM code that the Just In Time compiler generates at runtime
OOgie12/10/2022
Tthinker22712/10/2022
You write C#, the C# gets compiled into IL by the compiler, the runtime runs the IL by running it through the JIT which turns the IL into machine code at runtime.
OOgie12/10/2022
ohhhh
Tthinker22712/10/2022
Although there is also native Ahead Of Time (AOT) which compiles C# directly to architecture-specific machine code
OOgie12/10/2022
Ok, ok. That's a bit to deep :D. But I had a feeling that I had to understand this first to start reverse engineer stuff
Xx0rld12/10/2022
just use ILSpy for classic program
Tthinker22712/10/2022
Although be aware that depending on what you reverse engineer, it may or may not be against the terms of service of that thing. Although who tf cares about tos anyway.
OOgie12/10/2022
haha, yeah true. But btw it's just my own console app which i'm trying to run trough that
OOgie12/10/2022
I'll give a little sneakpeak of what i'm trying to accomplish
OOgie12/10/2022

OOgie12/10/2022
Trying to run this trough that program and I want to change the program via that tool to hit the first if statement
OOgie12/10/2022
But all I see is machine code with zero string references of what I'm showing lmao
AACiDCA712/10/2022
or from ilspy
AACiDCA712/10/2022

OOgie12/10/2022
I'll download ilspy realquick but I assume you cant change the behaviour of ur .exe
AACiDCA712/10/2022
you could use dnspy
AACiDCA712/10/2022
its ilspy but can debug runnign process
AACiDCA712/10/2022
meaning change variables on runtime
AACiDCA712/10/2022
theoretically you could also change the code, but it never worked for me^^
AACiDCA712/10/2022
while i am at it.. i guess you are using visual studio to develop.. it can decompile aswell
OOgie12/10/2022
hmmm
Xx0rld12/10/2022
there is a plugin to install ILSpy as a plugin in VS
OOgie12/10/2022
itneresting
OOgie12/10/2022
I also found this: https://www.youtube.com/watch?v=ZDXTdgfG5HE&ab_channel=howCode
OOgie12/10/2022
if u skip to 6:32 that's exactly what im trying to do
OOgie12/10/2022
well sort of
OOgie12/10/2022
so u can basically open the .exe in vs studio and change code ?
Xx0rld12/10/2022
you cannot change it with ilspy
OOgie12/10/2022
for my examply
OOgie12/10/2022
with IL spy you can change make it so it runs the first if statement?
Xx0rld12/10/2022
well looks like you can change things with ilspy with the video you linked
Xx0rld12/10/2022
๐ค
Xx0rld12/10/2022
never tried
Xx0rld12/10/2022
ยฏ\_(ใ)_/ยฏ
Xx0rld12/10/2022
looks like ILSpy can edit the ILCode and you can export it after with save as
AACiDCA712/10/2022
if you look more closely in the vid he is using reflexil to change the il
Xx0rld12/10/2022
oh yeah
Xx0rld12/10/2022
it's a plugin ? ๐ค
AACiDCA712/10/2022
seems like it
https://github.com/sailro/Reflexil
https://github.com/sailro/Reflexil
Xx0rld12/10/2022
so just use that ogie
OOgie12/10/2022
Ilspy with reflexil okay
OOgie12/10/2022
Many people use x64dbg for some reason but hmm
AACiDCA712/10/2022
x64dbg is for native apps
OOgie12/10/2022
What do you mean with native apps?
Xx0rld12/10/2022
C or C++ or anything compiled to native
OOgie12/10/2022
ohh nvm
Tthinker22712/10/2022
apps containing native machine code
OOgie12/10/2022
isn't the console app converted to machine code after publishing ?
Xx0rld12/10/2022
nop it's ILCode
Tthinker22712/10/2022
C# is compiled to IL
OOgie12/10/2022
i see so the clr covnerts il to native code of the machine
Xx0rld12/10/2022

OOgie12/10/2022
yeah ok
Xx0rld12/10/2022
yeah
OOgie12/10/2022
hmmmmm
OOgie12/10/2022
Ok my theory was if it could get converted to machine code somehow you were able to do stuff with x64dbg on that simple console app
Tthinker22712/10/2022
just use ILSpy
OOgie12/10/2022
I give up on x64dbg going to try ilspy now
Xx0rld12/10/2022
at the runtime there is at some point machine code but it's clearly easier to manipulate ILCode
Tthinker22712/10/2022
If you try to use x64dbg on IL then you'll just end up with garbage
OOgie12/10/2022
Reflexil doesn't work with latest version of ilspy or a tleast preview version
OOgie12/10/2022
I guess I'll just wait. Cba uninstalling and downgrading versions
OOgie12/10/2022
Thanks man dnspy did the job
OOgie12/10/2022
well I thought that editing the file/ change code would work but nvm
OOneWholesomeDev12/10/2022
dnspy for the win
OOneWholesomeDev12/10/2022
dips
OOgie12/11/2022
naa dnspy had the option te modify code but it doesn't compile ๐
OOgie12/11/2022
only solution is left to downgrade il spy and get reflixit for it but i guess ill open an issue on dn spy repo
OOgie12/11/2022
tldr; dnspy is waiting for release version 8 of ilspy. After that dnspy will be upodated to edit code. Huge
source: https://github.com/dnSpyEx/dnSpy/discussions/149
source: https://github.com/dnSpyEx/dnSpy/discussions/149
OOgie12/11/2022
Also for context: dnspy publicly archived but dnSpyEx is an (fork) continuation of the dnSpy repo
OOgie12/11/2022
No one knows why the heck main repo closed but assumptions are buyouts and to remain silent
AAccord12/12/2022
Was this issue resolved? If so, run
/close
- otherwise I will mark this as stale and this post will be archived until there is new activity.