-
-
[分享].NET 反编译程序集_2020年11月30日更新:V1.2
-
发表于: 2020-11-1 12:36
-
收集有关 .NET 程序集浏览器和反编译器的工具、类库、资料以及TypeRefHasher计算等其它协助工具,方便伙伴们查阅使用
Dump native and .NET assemblies
Simple Assembly Explorer(简称SAE)是一款专业的.Net程序解密分析必备工具,由于国内知道它的不多,所以只有英文版本,没有进行汉化,Simple Assembly Explorer可以为您探索和分析.NET程序集,用来反编译最好不过了。。
Simple Assembly Explorer(简称SAE)是一款专业的.Net程序解密分析必备工具,以为您探索和分析.NET程序集
这是一个用于转储 .NET 打包的应用程序的程序。当然,没有严重的 .NET 保护依赖于包装。事实上,这个软件显示了如何容易解包受保护的屁股。这个 .NET 通用解包是在几个小时内编写的,尽管它非常简单,但它可能变得很有用:否则您必须手动解包,这也很容易。
已上传到本贴附件,可根据所需进行下载
Basic Patching
点击下载
Cracking .NET
点击下载
Cracking With Kurapica 1
点击下载
EntryPoint Method
点击下载
Introduction to .NET cracking
点击下载
Managed Resorces
点击下载
MaxtoCode
点击下载
Memory optimization
点击下载
PE.NET
点击下载
Reactor
点击下载
Unpacking CodeVeil 1.2
点击下载
Unpacking CodeVeil 1.3
点击下载
Unpacking CodeVeil
点击下载
在网络上收集的用于学习所用的测试程序
Cracking .NET Components
点击下载
Cracking .net for newbies
点击下载
Cracking Rebex.FTP Components
点击下载
.NET CrackME #1
点击下载
Confuser_unpackme_howto
点击下载
KeyGening Last KeygenMe by LordCoder
点击下载
KeyGeningLordCoderKeygenme
点击下载
StrongNameRemover v2.2
点击下载
Themida unpacking
点击下载
Tutorail-unpack.Exepack.NET.and.make.unpacker.Levis-REPT
点击下载
U_DotNetReactorUnpackVideoTutorial
点击下载
TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries.
CLI tool to compute the TypeRefHash (TRH) for .NET binaries.
*地址
https://github.com/GDATASoftwareAG/TypeRefHasher
收集网络上分享的脱壳程序,并在本贴进行备份
##
jitDumper_bin
点击下载
官方渠道也无法找到,网络备份寻找
Currently - is in a late beta stage It is similar to IL-Spy but this has a focue on edit/attack.
GrayWolf was a tool I created to carry out research. The focus is on editing applications to make change quickly.
DotNet Id 1.0.0.3备份下载地址
原发布地址(留存可能你可以打开)
https://bitbucket.org/styx2007/mu.dnid/downloads/2.0.5.0_2016.01.26.rar
是一款代码分析软件,在源代码的层次上反编译、分析并概括NET和Windows可执行文件。可以在C#、VB NET、Object Pascal和IL汇编语言之间转换。
Xenocode Fox备份下载地址
原发布地址(留存可能你可以打开)
This tools should be used over a .NET assembly.
Default options which are set when the program starts should create a working dump.
Reactor Decryptor备份下载地址
原发布地址(留存可能你可以打开)
will show only .NET processes under list,
all dumps will be saved under dumps
and work like a charm for .NET Reactor.
DotNet Dumper备份下载地址
原发布地址(留存可能你可以打开)
DotNet Dumper备份下载地址
原发布地址(留存可能你可以打开)
From:eXetools
Post:magic_h2001
Update (2008.12.31):
+Code improved for better processing invalid ImageBase,ImageSize and invalid PE.
+Some small changes for more Compatibility/Stability.
-PSAPI library removed from UIF engine (shit library with many bugs).
iMPROVE .NET Deobfuscator备份下载地址
原发布地址(留存可能你可以打开)
Gray Wolf备份下载地址
原发布地址(留存可能你可以打开)
- 简介
- 开源
- dnSpy
- MegaDumper
- ILSpy
- Dotnet IL Editor
- Simple Assembly Explorer
- Cecil
- Reflexil
- de4dot
- BitDiffer
- 商业
- .Net Reflector
- VB Decompiler
- ReSharper
- ntcore
- decompiler
- Telerik JustDecompile
- ilasm & ildasm
- CodeReflect
- 资料
- 网络文章
- 本地资料
- 视频教程
- 演练程序
- TypeRefHash
- TypeRefHasher
- 脱壳
- 备份
- Gray Wolf
- DotNet Id 1.0.0.3
- DNiD by Rue
- Xenocode Fox
- Reactor Decryptor
- DotNet Dumper
- Kurapica dotNET Tracer
- Universal Import Fixer
- iMPROVE .NET Deobfuscator
- ConfuserDumper
- ConfuserDelegateKiller
调试 .NET 和 Unity 程序集编辑 .NET 和 Unity 程序集光明和黑暗的主题调试 .NET 和 Unity 程序集编辑 .NET 和 Unity 程序集光明和黑暗的主题使用简单而强大的对象模型分析 .NET 二进制文件,而无需加载程序集即可使用反射。修改 .NET 二进制文件,添加新元数据结构并更改 IL 代码。使用简单而强大的对象模型分析 .NET 二进制文件,而无需加载程序集即可使用反射。修改 .NET 二进制文件,添加新元数据结构并更改 IL 代码。C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\ildasm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\ildasm.exe
DotNet Id是一款net的查壳工具。DotNet Id官方最新版可以查是哪些软件保护加密或混淆处理的:MaxToCode .Net Reactor Rustemsoft Skater Goliath Obfuscator PE Compact Spices Obfuscator Themida Dotfuscator Xenocode Smart Assembly CliSecure Phoenix Protector CodeVeil
DotNet Id是一款net的查壳工具。DotNet Id官方最新版可以查是哪些软件保护加密或混淆处理的:MaxToCode .Net Reactor Rustemsoft Skater Goliath Obfuscator PE Compact Spices Obfuscator Themida Dotfuscator Xenocode Smart Assembly CliSecure Phoenix Protector CodeVeil
[2016/01/26] - 2.0.5.0: (by mammon)
=======================
+Added sample plugin... (works with both DNiD & PEiD!)
+Added small console-tool to set DNiD2 to Explorer's context menu...
+Added context menu to SecView - you can now directly Disassemble or
read any of the section in Hex...
+Added Debug Assertion on debug build on all methods...
*Fixed so project doesn't copy SharpDisasm to bin dir...
*Fixed plugins loader code...
*Changed plugins directory to load from; %dnid2_dir%\plugins\...
Also, pre-compiled download:
[2016/01/26] - 2.0.5.0: (by mammon)
=======================
+Added sample plugin... (works with both DNiD & PEiD!)
+Added small console-tool to set DNiD2 to Explorer's context menu...
+Added context menu to SecView - you can now directly Disassemble or
read any of the section in Hex...
+Added Debug Assertion on debug build on all methods...
*Fixed so project doesn't copy SharpDisasm to bin dir...
*Fixed plugins loader code...
*Changed plugins directory to load from; %dnid2_dir%\plugins\...
Also, pre-compiled download:
What's NEW :1 - Reverse engineering oriented which means that only important events will be logged
2 - much faster than before
3 - Richer data output
4 - well-hidden from common protection techniques
5 - Finally you can double click any method and you will be driven to Reflector to see the code
6 - I may add plugins support later
7 - You can toggle tracing ON/OFF in runtime, until you open the registration window for example
8 - You can save results to Microsoft excel *.xls file for better analysis later
9 - Double click orange rows to be taken to the loaded module location in Windows Explorer
10 - Double Click the "Parent Class" to be taken to the Class that invoked the method in reflector
11 - Double Click the blue row to be taken to the Method that was called in Reflector
12 - VM Compatible
13 - may require a certain setup on Windows Vista and later due to UAC
* Reflector Support is still buggy but it's not my fault
** Make sure you loaded the needed assemblies in Reflector before using the double clicking feature
*** Thanks to whoknows and 0xd4d for testing and bug reports
What's NEW :1 - Reverse engineering oriented which means that only important events will be logged
2 - much faster than before
3 - Richer data output
4 - well-hidden from common protection techniques
5 - Finally you can double click any method and you will be driven to Reflector to see the code
6 - I may add plugins support later
7 - You can toggle tracing ON/OFF in runtime, until you open the registration window for example
8 - You can save results to Microsoft excel *.xls file for better analysis later
9 - Double click orange rows to be taken to the loaded module location in Windows Explorer
10 - Double Click the "Parent Class" to be taken to the Class that invoked the method in reflector
11 - Double Click the blue row to be taken to the Method that was called in Reflector
12 - VM Compatible
13 - may require a certain setup on Windows Vista and later due to UAC
* Reflector Support is still buggy but it's not my fault
** Make sure you loaded the needed assemblies in Reflector before using the double clicking feature
*** Thanks to whoknows and 0xd4d for testing and bug reports
iMPROVE .NET it's a deobfuscator for packers that de4dot can't unpack. Current supported packers:
-DotBundle (only main exe and dlls unpacking)
-ExePack.NET
-.NetZ .NET Packer
-Macrobject Obfuscator .NET 2009
-.netshrink
Thanks to the author of this tool.....WEB:1http://sourceforge.net/projects/improvenetdeobf/
iMPROVE .NET it's a deobfuscator for packers that de4dot can't unpack. Current supported packers:
-DotBundle (only main exe and dlls unpacking)
-ExePack.NET
-.NetZ .NET Packer
-Macrobject Obfuscator .NET 2009
-.netshrink
Thanks to the author of this tool.....WEB:1http://sourceforge.net/projects/improvenetdeobf/
This one is the Source code of ConfuserDUmper by cob258 (B@S) for dumping applications packed by Confuser 1.9 original version.
This one is the Source code of ConfuserDUmper by cob258 (B@S) for dumping applications packed by Confuser 1.9 original version.
https://github.com/levisre/ConfuserDumper
https://github.com/levisre/ConfuserDumper
DelegateKiller for Confuser
Restore Confuser delegates!If the assembly is signed you will have to remove strong name or resign else won't work.
DelegateKiller.exe.config should be placed in the same directory with DelegateKiller.exe to have Framework 4.0 suport.
Enjoy it.DelegateKiller for Confuser
Restore Confuser delegates!If the assembly is signed you will have to remove strong name or resign else won't work.
DelegateKiller.exe.config should be placed in the same directory with DelegateKiller.exe to have Framework 4.0 suport.
Enjoy it.|
1
2
3
|
调试 .NET 和 Unity 程序集编辑 .NET 和 Unity 程序集光明和黑暗的主题 |
|
1
2
|
使用简单而强大的对象模型分析 .NET 二进制文件,而无需加载程序集即可使用反射。修改 .NET 二进制文件,添加新元数据结构并更改 IL 代码。 |
|
1
2
|
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\ildasm.exe
|
1 |
DotNet Id是一款net的查壳工具。DotNet Id官方最新版可以查是哪些软件保护加密或混淆处理的:MaxToCode .Net Reactor Rustemsoft Skater Goliath Obfuscator PE Compact Spices Obfuscator Themida Dotfuscator Xenocode Smart Assembly CliSecure Phoenix Protector CodeVeil
|
|
1
2
3
4
5
6
7
8
9
10
11
|
[2016/01/26] - 2.0.5.0: (by mammon)
=======================
+Added sample plugin... (works with both DNiD & PEiD!)
+Added small console-tool to set DNiD2 to Explorer's context menu...
+Added context menu to SecView - you can now directly Disassemble or
read any of the section in Hex...
+Added Debug Assertion on debug build on all methods...
*Fixed so project doesn't copy SharpDisasm to bin dir...
*Fixed plugins loader code...
*Changed plugins directory to load from; %dnid2_dir%\plugins\...
Also, pre-compiled download:
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
What's NEW :1 - Reverse engineering oriented which means that only important events will be logged
2 - much faster than before
3 - Richer data output
4 - well-hidden from common protection techniques
5 - Finally you can double click any method and you will be driven to Reflector to see the code
6 - I may add plugins support later
7 - You can toggle tracing ON/OFF in runtime, until you open the registration window for example
8 - You can save results to Microsoft excel *.xls file for better analysis later
9 - Double click orange rows to be taken to the loaded module location in Windows Explorer
10 - Double Click the "Parent Class" to be taken to the Class that invoked the method in reflector
11 - Double Click the blue row to be taken to the Method that was called in Reflector
12 - VM Compatible
13 - may require a certain setup on Windows Vista and later due to UAC
* Reflector Support is still buggy but it's not my fault
** Make sure you loaded the needed assemblies in Reflector before using the double clicking feature
*** Thanks to whoknows and 0xd4d for testing and bug reports
|
|
1
2
3
4
5
6
7
8
9
10
|
iMPROVE .NET it's a deobfuscator for packers that de4dot can't unpack. Current supported packers:
-DotBundle (only main exe and dlls unpacking)
-ExePack.NET
-.NetZ .NET Packer
-Macrobject Obfuscator .NET 2009
-.netshrink
Thanks to the author of this tool.....WEB:1http://sourceforge.net/projects/improvenetdeobf/
|
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
感谢分享
 收藏 备用
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
