-
-
[求助]询问反射调用的方法?
-
发表于: 2012-1-19 12:05 3122
-
http://bbs.pediy.com/showthread.php?t=93719
这个帖子里雨痕写的连接已经失效了
谁能讲讲如何反射调用吗?
我现在遇到了一个.net写的dll,被Dotfuscator混淆过,使用了denot1.0.0.6和DotFuckScator都不能成功的反混淆
有几个加密的字符我想看一下
L_008a: stloc.1
L_008b: ldloc.1
L_008c: ldstr "\uxxx\uxxx\…………………………"(我没有贴出来)
L_0091: ldloc num4
L_0095: call string <Module>::a(string, int32)
string <Module>::a(string, int32)是这样的
.method privatescope hidebysig static string a(string A_0, int32 A_1) cil managed
{
.maxstack 8
.locals init (
[0] char[] chArray,
[1] int32 num,
[2] int32 num2,
[3] uint8 num3,
[4] uint8 num4)
L_0000: ldarg.0
L_0001: callvirt instance char[] [mscorlib]System.String::ToCharArray()
L_0006: stloc.0
L_0007: ldc.i4 0x7ccb4eef
L_000c: ldarg.1
L_000d: add
L_000e: stloc.1
L_000f: ldc.i4.0
L_0010: dup
L_0011: ldc.i4.1
L_0012: blt.s L_0047
L_0014: dup
L_0015: stloc.2
L_0016: ldloc.0
L_0017: ldloc.2
L_0018: ldloc.0
L_0019: ldloc.2
L_001a: ldelem.i2
L_001b: dup
L_001c: ldc.i4 0xff
L_0021: and
L_0022: ldloc.1
L_0023: dup
L_0024: ldc.i4.1
L_0025: add
L_0026: stloc.1
L_0027: xor
L_0028: conv.u1
L_0029: stloc.3
L_002a: dup
L_002b: ldc.i4.8
L_002c: shr
L_002d: ldloc.1
L_002e: dup
L_002f: ldc.i4.1
L_0030: add
L_0031: stloc.1
L_0032: xor
L_0033: conv.u1
L_0034: stloc.s num4
L_0036: pop
L_0037: ldloc.s num4
L_0039: ldloc.3
L_003a: stloc.s num4
L_003c: stloc.3
L_003d: ldloc.s num4
L_003f: ldc.i4.8
L_0040: shl
L_0041: ldloc.3
L_0042: or
L_0043: conv.u2
L_0044: stelem.i2
L_0045: ldc.i4.1
L_0046: add
L_0047: dup
L_0048: ldloc.0
L_0049: ldlen
L_004a: conv.i4
L_004b: blt.s L_0014
L_004d: pop
L_004e: ldloc.0
L_004f: newobj instance void [mscorlib]System.String::.ctor(char[])
L_0054: call string [mscorlib]System.String::Intern(string)
L_0059: ret
}
这个a似乎混淆的不完善,Reflector能看到部分代码
/* private scope */ static string a(string A_0, int A_1)
{
// This item is obfuscated and can not be translated.
int num1;
char[] chArray = A_0.ToCharArray();
int num = 0x7ccb4eef + A_1;
if (0 < 1)
{
goto Label_0047;
}
do
{
int num2;
char ch1 = chArray[num2];
byte num3 = (byte) ((ch1 & '\x00ff') ^ num++);
byte num4 = (byte) ((ch1 >> 8) ^ num++);
num4 = num3;
num3 = num4;
chArray[num2] = (char) ((num4 << 8) | num3);
num1 = (num2 = 0) + 1;
}
while (num1 < chArray.Length);
return string.Intern(new string(chArray));
}
如何下手呢?
这个帖子里雨痕写的连接已经失效了
谁能讲讲如何反射调用吗?
我现在遇到了一个.net写的dll,被Dotfuscator混淆过,使用了denot1.0.0.6和DotFuckScator都不能成功的反混淆
有几个加密的字符我想看一下
L_008a: stloc.1
L_008b: ldloc.1
L_008c: ldstr "\uxxx\uxxx\…………………………"(我没有贴出来)
L_0091: ldloc num4
L_0095: call string <Module>::a(string, int32)
string <Module>::a(string, int32)是这样的
.method privatescope hidebysig static string a(string A_0, int32 A_1) cil managed
{
.maxstack 8
.locals init (
[0] char[] chArray,
[1] int32 num,
[2] int32 num2,
[3] uint8 num3,
[4] uint8 num4)
L_0000: ldarg.0
L_0001: callvirt instance char[] [mscorlib]System.String::ToCharArray()
L_0006: stloc.0
L_0007: ldc.i4 0x7ccb4eef
L_000c: ldarg.1
L_000d: add
L_000e: stloc.1
L_000f: ldc.i4.0
L_0010: dup
L_0011: ldc.i4.1
L_0012: blt.s L_0047
L_0014: dup
L_0015: stloc.2
L_0016: ldloc.0
L_0017: ldloc.2
L_0018: ldloc.0
L_0019: ldloc.2
L_001a: ldelem.i2
L_001b: dup
L_001c: ldc.i4 0xff
L_0021: and
L_0022: ldloc.1
L_0023: dup
L_0024: ldc.i4.1
L_0025: add
L_0026: stloc.1
L_0027: xor
L_0028: conv.u1
L_0029: stloc.3
L_002a: dup
L_002b: ldc.i4.8
L_002c: shr
L_002d: ldloc.1
L_002e: dup
L_002f: ldc.i4.1
L_0030: add
L_0031: stloc.1
L_0032: xor
L_0033: conv.u1
L_0034: stloc.s num4
L_0036: pop
L_0037: ldloc.s num4
L_0039: ldloc.3
L_003a: stloc.s num4
L_003c: stloc.3
L_003d: ldloc.s num4
L_003f: ldc.i4.8
L_0040: shl
L_0041: ldloc.3
L_0042: or
L_0043: conv.u2
L_0044: stelem.i2
L_0045: ldc.i4.1
L_0046: add
L_0047: dup
L_0048: ldloc.0
L_0049: ldlen
L_004a: conv.i4
L_004b: blt.s L_0014
L_004d: pop
L_004e: ldloc.0
L_004f: newobj instance void [mscorlib]System.String::.ctor(char[])
L_0054: call string [mscorlib]System.String::Intern(string)
L_0059: ret
}
这个a似乎混淆的不完善,Reflector能看到部分代码
/* private scope */ static string a(string A_0, int A_1)
{
// This item is obfuscated and can not be translated.
int num1;
char[] chArray = A_0.ToCharArray();
int num = 0x7ccb4eef + A_1;
if (0 < 1)
{
goto Label_0047;
}
do
{
int num2;
char ch1 = chArray[num2];
byte num3 = (byte) ((ch1 & '\x00ff') ^ num++);
byte num4 = (byte) ((ch1 >> 8) ^ num++);
num4 = num3;
num3 = num4;
chArray[num2] = (char) ((num4 << 8) | num3);
num1 = (num2 = 0) + 1;
}
while (num1 < chArray.Length);
return string.Intern(new string(chArray));
}
如何下手呢?
赞赏
他的文章
- [求助]询问反射调用的方法? 3123
- OD如何调试带参数的DLL? 5776
- vs.net写的命令行程序有办法破解吗? 3822
- 老王那里人气不好,借光问一下 3405
- 请各位给个思路 3608
看原图
赞赏
雪币:
留言: