❔ How to reverse engineer your simple console app code?

Just curious. Is this possible with programs like x64dbg or... ?

You can use ILSpy or similar to open your DLL or EXE and view the IL code

C# is ridiculously easy to reverse-engineer

Maybe some background info from me: I see people doing stuff with x64dbg but this is not intented to reverse-engineer c# stuff?

I have no idea what x64dbg is

ah, so an ASM viewer

Didn't know there was a word for that

Well, C# compiles to IL, which looks kind of like ASM but more high-level. IL is a binary format which is emitted directly into DLL or EXE files by the C# compiler, which means that you can use a program like ILSpy which allows you to view the IL binary in an ASM-like format, and even as C# code.

You can also go to Sharplab.io if you want to see the IL generated by some simple code

Ohh I see. So IL is also called managed code right?

Afaik "managed code" refers to something else unrelated to IL

Hmm reading this book C# in a nutshell and this sentence over here says:

"C# is called a managed language because it compiles source code into managed code, which is represented in Intermediate Language (IL)"

for me it's managed because there is a garbage collector 🤔

I think "managed" might just refer to the fact that there is an runtime

Although you're better off asking about that in #allow-unsafe-blocks

You can write unmanaged code if you just don't use managed types (everything that isn't a reference type or contains reference types as fields)

I need to get a better understanding of this JIT thing. Because that "ASM Viewer" looks alot like that jit in sharplab.io

JIT is the ASM code that the Just In Time compiler generates at runtime

You write C#, the C# gets compiled into IL by the compiler, the runtime runs the IL by running it through the JIT which turns the IL into machine code at runtime.

ohhhh

Although there is also native Ahead Of Time (AOT) which compiles C# directly to architecture-specific machine code

Ok, ok. That's a bit to deep :D. But I had a feeling that I had to understand this first to start reverse engineer stuff

just use ILSpy for classic program

Although be aware that depending on what you reverse engineer, it may or may not be against the terms of service of that thing. Although who tf cares about tos anyway.

haha, yeah true. But btw it's just my own console app which i'm trying to run trough that

I'll give a little sneakpeak of what i'm trying to accomplish

Trying to run this trough that program and I want to change the program via that tool to hit the first if statement

But all I see is machine code with zero string references of what I'm showing lmao

or from ilspy

I'll download ilspy realquick but I assume you cant change the behaviour of ur .exe

you could use dnspy

its ilspy but can debug runnign process

meaning change variables on runtime

theoretically you could also change the code, but it never worked for me^^

while i am at it.. i guess you are using visual studio to develop.. it can decompile aswell

hmmm

there is a plugin to install ILSpy as a plugin in VS

itneresting

I also found this: https://www.youtube.com/watch?v=ZDXTdgfG5HE&ab_channel=howCode

if u skip to 6:32 that's exactly what im trying to do

well sort of

so u can basically open the .exe in vs studio and change code ?

you cannot change it with ilspy

for my examply

with IL spy you can change make it so it runs the first if statement?

well looks like you can change things with ilspy with the video you linked

🤔

never tried

¯\_(ツ)_/¯

looks like ILSpy can edit the ILCode and you can export it after with save as

if you look more closely in the vid he is using reflexil to change the il

oh yeah

it's a plugin ? 🤔

seems like it
https://github.com/sailro/Reflexil

so just use that ogie

Ilspy with reflexil okay

Many people use x64dbg for some reason but hmm

x64dbg is for native apps

What do you mean with native apps?

C or C++ or anything compiled to native

ohh nvm

apps containing native machine code

isn't the console app converted to machine code after publishing ?

nop it's ILCode

C# is compiled to IL

i see so the clr covnerts il to native code of the machine

yeah ok

yeah

hmmmmm

Ok my theory was if it could get converted to machine code somehow you were able to do stuff with x64dbg on that simple console app

just use ILSpy

I give up on x64dbg going to try ilspy now

at the runtime there is at some point machine code but it's clearly easier to manipulate ILCode

If you try to use x64dbg on IL then you'll just end up with garbage

Reflexil doesn't work with latest version of ilspy or a tleast preview version

I guess I'll just wait. Cba uninstalling and downgrading versions

Thanks man dnspy did the job

well I thought that editing the file/ change code would work but nvm

dnspy for the win

naa dnspy had the option te modify code but it doesn't compile 😒

only solution is left to downgrade il spy and get reflixit for it but i guess ill open an issue on dn spy repo

tldr; dnspy is waiting for release version 8 of ilspy. After that dnspy will be upodated to edit code. Huge

source: https://github.com/dnSpyEx/dnSpy/discussions/149

Also for context: dnspy publicly archived but dnSpyEx is an (fork) continuation of the dnSpy repo

No one knows why the heck main repo closed but assumptions are buyouts and to remain silent

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.