收集有关 .NET 程序集浏览器和反编译器的工具、类库、资料以及TypeRefHasher计算等其它协助工具,方便伙伴们查阅使用
Dump native and .NET assemblies
Simple Assembly Explorer(简称SAE)是一款专业的.Net程序解密分析必备工具,由于国内知道它的不多,所以只有英文版本,没有进行汉化,Simple Assembly Explorer可以为您探索和分析.NET程序集,用来反编译最好不过了。。
Simple Assembly Explorer(简称SAE)是一款专业的.Net程序解密分析必备工具,以为您探索和分析.NET程序集
这是一个用于转储 .NET 打包的应用程序的程序。当然,没有严重的 .NET 保护依赖于包装。事实上,这个软件显示了如何容易解包受保护的屁股。这个 .NET 通用解包是在几个小时内编写的,尽管它非常简单,但它可能变得很有用:否则您必须手动解包,这也很容易。
已上传到本贴附件,可根据所需进行下载
Basic Patching点击下载
Cracking .NET点击下载
Cracking With Kurapica 1点击下载
EntryPoint Method点击下载
Introduction to .NET cracking点击下载
Managed Resorces点击下载
MaxtoCode点击下载
Memory optimization点击下载
PE.NET点击下载
Reactor点击下载
Unpacking CodeVeil 1.2点击下载
Unpacking CodeVeil 1.3点击下载
Unpacking CodeVeil点击下载
在网络上收集的用于学习所用的测试程序
Cracking .NET Components点击下载
Cracking .net for newbies点击下载
Cracking Rebex.FTP Components点击下载
.NET CrackME #1点击下载
Confuser_unpackme_howto点击下载
KeyGening Last KeygenMe by LordCoder点击下载
KeyGeningLordCoderKeygenme点击下载
StrongNameRemover v2.2点击下载
Themida unpacking点击下载
Tutorail-unpack.Exepack.NET.and.make.unpacker.Levis-REPT点击下载
U_DotNetReactorUnpackVideoTutorial点击下载
TypeRefHash (TRH) which is an alternative to the ImpHash that does not work with .NET binaries.
CLI tool to compute the TypeRefHash (TRH) for .NET binaries. *地址https://github.com/GDATASoftwareAG/TypeRefHasher
收集网络上分享的脱壳程序,并在本贴进行备份
## jitDumper_bin点击下载
官方渠道也无法找到,网络备份寻找
Currently - is in a late beta stage It is similar to IL-Spy but this has a focue on edit/attack. GrayWolf was a tool I created to carry out research. The focus is on editing applications to make change quickly.
DotNet Id 1.0.0.3备份下载地址 原发布地址(留存可能你可以打开)
原发布地址(留存可能你可以打开)
https://bitbucket.org/styx2007/mu.dnid/downloads/2.0.5.0_2016.01.26.rar
是一款代码分析软件,在源代码的层次上反编译、分析并概括NET和Windows可执行文件。可以在C#、VB NET、Object Pascal和IL汇编语言之间转换。Xenocode Fox备份下载地址 原发布地址(留存可能你可以打开)
This tools should be used over a .NET assembly. Default options which are set when the program starts should create a working dump.Reactor Decryptor备份下载地址 原发布地址(留存可能你可以打开)
will show only .NET processes under list, all dumps will be saved under dumps
and work like a charm for .NET Reactor.DotNet Dumper备份下载地址 原发布地址(留存可能你可以打开)
DotNet Dumper备份下载地址 原发布地址(留存可能你可以打开)
From:eXetools Post:magic_h2001 Update (2008.12.31): +Code improved for better processing invalid ImageBase,ImageSize and invalid PE. +Some small changes for more Compatibility/Stability. -PSAPI library removed from UIF engine (shit library with many bugs).
https://rghost.net/4704286
iMPROVE .NET Deobfuscator备份下载地址 原发布地址(留存可能你可以打开)
原发布地址(留存可能你可以打开)
Gray Wolf备份下载地址 原发布地址(留存可能你可以打开)
调试 .NET 和 Unity 程序集
编辑 .NET 和 Unity 程序集
光明和黑暗的主题
调试 .NET 和 Unity 程序集
编辑 .NET 和 Unity 程序集
光明和黑暗的主题
使用简单而强大的对象模型分析 .NET 二进制文件,而无需加载程序集即可使用反射。
修改 .NET 二进制文件,添加新元数据结构并更改 IL 代码。
使用简单而强大的对象模型分析 .NET 二进制文件,而无需加载程序集即可使用反射。
修改 .NET 二进制文件,添加新元数据结构并更改 IL 代码。
C:\Windows\Microsoft.NET\Framework\v2.
0.50727
\ilasm.exe
C:\Program Files\Microsoft SDKs\Windows\v7.
0A
\
bin
\ildasm.exe
C:\Windows\Microsoft.NET\Framework\v2.
0.50727
\ilasm.exe
C:\Program Files\Microsoft SDKs\Windows\v7.
0A
\
bin
\ildasm.exe
DotNet
Id
是一款net的查壳工具。DotNet
Id
官方最新版可以查是哪些软件保护加密或混淆处理的:MaxToCode .Net Reactor Rustemsoft Skater Goliath Obfuscator PE Compact Spices Obfuscator Themida Dotfuscator Xenocode Smart Assembly CliSecure Phoenix Protector CodeVeil
DotNet
Id
是一款net的查壳工具。DotNet
Id
官方最新版可以查是哪些软件保护加密或混淆处理的:MaxToCode .Net Reactor Rustemsoft Skater Goliath Obfuscator PE Compact Spices Obfuscator Themida Dotfuscator Xenocode Smart Assembly CliSecure Phoenix Protector CodeVeil
[
2016
/
01
/
26
]
-
2.0
.
5.0
: (by mammon)
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
+
Added sample plugin... (works with both DNiD & PEiD!)
+
Added small console
-
tool to
set
DNiD2 to Explorer's context menu...
+
Added context menu to SecView
-
you can now directly Disassemble
or
read
any
of the section
in
Hex
...
+
Added Debug Assertion on debug build on
all
methods...
*
Fixed so project doesn't copy SharpDisasm to
bin
dir
...
*
Fixed plugins loader code...
*
Changed plugins directory to load
from
;
%
dnid2_dir
%
\plugins\...
Also, pre
-
compiled download:
[
2016
/
01
/
26
]
-
2.0
.
5.0
: (by mammon)
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
+
Added sample plugin... (works with both DNiD & PEiD!)
+
Added small console
-
tool to
set
DNiD2 to Explorer's context menu...
+
Added context menu to SecView
-
you can now directly Disassemble
or
read
any
of the section
in
Hex
...
+
Added Debug Assertion on debug build on
all
methods...
*
Fixed so project doesn't copy SharpDisasm to
bin
dir
...
*
Fixed plugins loader code...
*
Changed plugins directory to load
from
;
%
dnid2_dir
%
\plugins\...
Also, pre
-
compiled download:
What's NEW :
1
-
Reverse engineering oriented which means that only important events will be logged
2
-
much faster than before
3
-
Richer data output
4
-
well
-
hidden
from
common protection techniques
5
-
Finally you can double click
any
method
and
you will be driven to Reflector to see the code
6
-
I may add plugins support later
7
-
You can toggle tracing ON
/
OFF
in
runtime, until you
open
the registration window
for
example
8
-
You can save results to Microsoft excel
*
.xls
file
for
better analysis later
9
-
Double click orange rows to be taken to the loaded module location
in
Windows Explorer
10
-
Double Click the
"Parent Class"
to be taken to the Class that invoked the method
in
reflector
11
-
Double Click the blue row to be taken to the Method that was called
in
Reflector
12
-
VM Compatible
13
-
may require a certain setup on Windows Vista
and
later due to UAC
*
Reflector Support
is
still buggy but it's
not
my fault
*
*
Make sure you loaded the needed assemblies
in
Reflector before using the double clicking feature
*
*
*
Thanks to whoknows
and
0xd4d
for
testing
and
bug reports
What's NEW :
1
-
Reverse engineering oriented which means that only important events will be logged
2
-
much faster than before
3
-
Richer data output
4
-
well
-
hidden
from
common protection techniques
5
-
Finally you can double click
any
method
and
you will be driven to Reflector to see the code
6
-
I may add plugins support later
7
-
You can toggle tracing ON
/
OFF
in
runtime, until you
open
the registration window
for
example
8
-
You can save results to Microsoft excel
*
.xls
file
for
better analysis later
9
-
Double click orange rows to be taken to the loaded module location
in
Windows Explorer
10
-
Double Click the
"Parent Class"
to be taken to the Class that invoked the method
in
reflector
11
-
Double Click the blue row to be taken to the Method that was called
in
Reflector
12
-
VM Compatible
13
-
may require a certain setup on Windows Vista
and
later due to UAC
*
Reflector Support
is
still buggy but it's
not
my fault
*
*
Make sure you loaded the needed assemblies
in
Reflector before using the double clicking feature
*
*
*
Thanks to whoknows
and
0xd4d
for
testing
and
bug reports
iMPROVE .NET it
's a deobfuscator for packers that de4dot can'
t unpack. Current supported packers:
-
DotBundle (only main exe
and
dlls unpacking)
-
ExePack.NET
-
.NetZ .NET Packer
-
Macrobject Obfuscator .NET
2009
-
.netshrink
Thanks to the author of this tool.....
WEB:
1
http:
/
/
sourceforge.net
/
projects
/
improvenetdeobf
/
iMPROVE .NET it
's a deobfuscator for packers that de4dot can'
t unpack. Current supported packers:
-
DotBundle (only main exe
and
dlls unpacking)
-
ExePack.NET
-
.NetZ .NET Packer
-
Macrobject Obfuscator .NET
2009
-
.netshrink
Thanks to the author of this tool.....
WEB:
1
http:
/
/
sourceforge.net
/
projects
/
improvenetdeobf
/
This one
is
the Source code of ConfuserDUmper by cob258 (B@S)
for
dumping applications packed by Confuser
1.9
original version.
This one
is
the Source code of ConfuserDUmper by cob258 (B@S)
for
dumping applications packed by Confuser
1.9
original version.
https:
/
/
github.com
/
levisre
/
ConfuserDumper
https:
/
/
github.com
/
levisre
/
ConfuserDumper
DelegateKiller
for
Confuser
Restore Confuser delegates!
If the assembly
is
signed you will have to remove strong name
or
resign
else
won't work.
DelegateKiller.exe.config should be placed
in
the same directory with DelegateKiller.exe to have Framework
4.0
suport.
Enjoy it.
DelegateKiller
for
Confuser
Restore Confuser delegates!
If the assembly
is
signed you will have to remove strong name
or
resign
else
won't work.
DelegateKiller.exe.config should be placed
in
the same directory with DelegateKiller.exe to have Framework
4.0
suport.
Enjoy it.
1
2
3
调试 .NET 和 Unity 程序集
编辑 .NET 和 Unity 程序集
光明和黑暗的主题
1
2
使用简单而强大的对象模型分析 .NET 二进制文件,而无需加载程序集即可使用反射。
修改 .NET 二进制文件,添加新元数据结构并更改 IL 代码。
1
2
C:\Windows\Microsoft.NET\Framework\v2.
0.50727
\ilasm.exe
C:\Program Files\Microsoft SDKs\Windows\v7.
0A
\
bin
\ildasm.exe
1
DotNet
Id
是一款net的查壳工具。DotNet
Id
官方最新版可以查是哪些软件保护加密或混淆处理的:MaxToCode .Net Reactor Rustemsoft Skater Goliath Obfuscator PE Compact Spices Obfuscator Themida Dotfuscator Xenocode Smart Assembly CliSecure Phoenix Protector CodeVeil
1
2
3
4
5
6
7
8
9
10
11
[
2016
/
01
/
26
]
-
2.0
.
5.0
: (by mammon)
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
+
Added sample plugin... (works with both DNiD & PEiD!)
+
Added small console
-
tool to
set
DNiD2 to Explorer's context menu...
+
Added context menu to SecView
-
you can now directly Disassemble
or
read
any
of the section
in
Hex
...
+
Added Debug Assertion on debug build on
all
methods...
*
Fixed so project doesn't copy SharpDisasm to
bin
dir
...
*
Fixed plugins loader code...
*
Changed plugins directory to load
from
;
%
dnid2_dir
%
\plugins\...
Also, pre
-
compiled download:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
What's NEW :
1
-
Reverse engineering oriented which means that only important events will be logged
2
-
much faster than before
3
-
Richer data output
4
-
well
-
hidden
from
common protection techniques
5
-
Finally you can double click
any
method
and
you will be driven to Reflector to see the code
6
-
I may add plugins support later
7
-
You can toggle tracing ON
/
OFF
in
runtime, until you
open
the registration window
for
example
8
-
You can save results to Microsoft excel
*
.xls
file
for
better analysis later
9
-
Double click orange rows to be taken to the loaded module location
in
Windows Explorer
10
-
Double Click the
"Parent Class"
to be taken to the Class that invoked the method
in
reflector
11
-
Double Click the blue row to be taken to the Method that was called
in
Reflector
12
-
VM Compatible
13
-
may require a certain setup on Windows Vista
and
later due to UAC
*
Reflector Support
is
still buggy but it's
not
my fault
*
*
Make sure you loaded the needed assemblies
in
Reflector before using the double clicking feature
*
*
*
Thanks to whoknows
and
0xd4d
for
testing
and
bug reports
1
2
3
4
5
6
7
8
9
10
iMPROVE .NET it
's a deobfuscator for packers that de4dot can'
t unpack. Current supported packers:
-
DotBundle (only main exe
and
dlls unpacking)
-
ExePack.NET
-
.NetZ .NET Packer
-
Macrobject Obfuscator .NET
2009
-
.netshrink
Thanks to the author of this tool.....
WEB:
1
http:
/
/
sourceforge.net
/
projects
/
improvenetdeobf
/
[注意]APP应用上架合规检测服务,协助应用顺利上架!
最后于 2020-11-30 13:34
被梦幻的彼岸编辑
,原因:
上传的附件: