求助一个.net程序补丁或修改思路
本帖最后由 iamok 于 2023-8-5 12:37 编辑软件大概情况:
1.一个国产的office辅助插件,主程序是一个dll文件,这里假定就叫a.dll。
2.a.dll使用.net Reactor保护了。我尝试使用de4dot脱壳后,在dnspy里可以看到程序逻辑,但是office无法加载插件运行了
3.通过dnspy查看验证逻辑,关键是加载了一个b.dll中的函数来实现,但是在a.dll里有一段代码会验证b.dll的大小和hash,所以无法通过直接修改b.dll来实现破解
我尝试的方法:
1.写一个c.dll来hook b.dll的输出函数,但是我通过导入表在a.dll中添加c.dll的函数后插件无法加载(失败)
2.直接改a.dll的IL代码,但是用dnspy改完报错报错,替换源文件后无法加载(失败)
3.自己写一个b.dll来实现关键函数结果输出,然后把原来的b.dll改名为d.dll。因为检测hash是调用的公共库“mscorlib.dll”里的方法,所以我可以直接修改这个公共库中的取hash函数,判断文件参数的名字,如果是b.dll就替换文件参数为d.dll,这样读取了原始文件就可以通过hash验证。但是我修改后的“mscorlib.dll”放到了a.dll同目录下并不会被加载,目前看只能替换windows下的原始文件才行。这种方式实在不够优雅。。。。
我的问题:
1.这种.net Reactor保护脱壳修复文章太少了,不知道大佬们有没有好的教程?
2.有没有其他相对优雅的方法进行补丁,或可以自动加载我自己写的c.dll?
不是成品的话,在这里讨论不用指代名称不违规吧?
a会校验自己吗?不校验的话Patch掉对b的校验。修改IL代码也会报错? WinRose 发表于 2023-8-5 14:59
不是成品的话,在这里讨论不用指代名称不违规吧?
a会校验自己吗?不校验的话Patch掉对b的校验。修改IL代 ...
是个国产软件,直接讨论不太好。我主要是想学习一下针对.net程序调试或补丁的技术,只是刚好遇到这个程序就用这个程序来举例。
上面我尝试的第2点说了,直接用dnspy改iL代码会出现保存报错的提示,大概类似如下:
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void <Module>::.cctor()' (0x06000001).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::.ctor()' (0x06000002).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::.cctor()' (0x06000003).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::nJTB8nlyn7D7C3YyYJ()' (0x06000004).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::CPHHKw15Mf8i2NqURK()' (0x06000005).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::.ctor()' (0x06000006).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::.cctor()' (0x06000007).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::QMLn2PYIaKWsrQMBi3()' (0x06000008).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::jJWm1vMs7CjtitfSE4()' (0x06000009).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::o904dfDIktlvb8MK8o()' (0x0600000A).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::li5YlxcUWyRkofGVip()' (0x0600000B).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::AJsj8yhGf1o9gB9MOi()' (0x0600000C).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::.cctor()' (0x0600000D).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::zOKQVBSqj()' (0x0600000E).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::Ak2cMsVki()' (0x0600000F).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'Microsoft.VisualBasic.ApplicationServices.User dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::zb6Brc0Qe()' (0x06000010).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::Owd7GnwZt()' (0x06000011).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::fanyBnkIfAS5Tnx90L()' (0x06000012).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5 dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::ICjZnmS4rvx8ipsBqk()' (0x06000013).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::Equals(System.Object)' (0x06000014).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Int32 dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::GetHashCode()' (0x06000015).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Type dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::maiESkGYBr0()' (0x06000016).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.String dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::ToString()' (0x06000017).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'NsRy8EjQviqZLMp6EL dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::tQKESR9NIfv<NsRy8EjQviqZLMp6EL>(NsRy8EjQviqZLMp6EL)' (0x06000018).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::WJxESjv5XHR<zi40amYHuSZDePBSiM>(zi40amYHuSZDePBSiM&)' (0x06000019).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::.ctor()' (0x0600001A).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::.cctor()' (0x0600001B).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::rgP7rZe6UDt6n1eGhNT8()' (0x0600001C).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::igvEY3e6ILZxmX9kSDE7()' (0x0600001D).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::hFRV3me6qZldqkTfmhuN()' (0x0600001E).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'lV0oOilhxoIBQjUMQ2 dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::CntESaVKMBi()' (0x0600001F).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::.ctor()' (0x06000020).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::.cctor()' (0x06000021).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::oYgLEee6ASpqJqGsc4md()' (0x06000022).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Object dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::kRpNHYe6HnmTdMsqmNct()' (0x06000023).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Resources.ResourceManager Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::zOgP0RcES()' (0x06000024).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Globalization.CultureInfo Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::Hp65Hjvkp()' (0x06000025).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::K2jgIZyXb(System.Globalization.CultureInfo)' (0x06000026).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Drawing.Bitmap Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::lr1kQBFNv()' (0x06000027).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::.cctor()' (0x06000028).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Object Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::YGDxCJB9gjdMO1CpLF(System.Int32)' (0x06000029).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::cyt518CTkpUegkBnGG()' (0x0600002A).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::gQcatsLnAJhLNd28hy()' (0x0600002B).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::iW2AGMUKqsVkJSG9kT()' (0x0600002C).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::ltAktOIXUpFci09AKX()' (0x0600002D).
你把它发上来估计大神们分分钟就搞定了 这个我也没思路,旧版本和新版本注册逻辑不一样了 慕若曦 发表于 2023-8-5 17:14
这个我也没思路,旧版本和新版本注册逻辑不一样了
你这就看出来是什么软件了{:4_258:}{:4_274:}
dnpsy里有个合并程序集的功能,我试过自己写hook的dll合并到a.dll里,然后在构造方法里调用自己的dll,可先加载自己的方法
除非a.dll有vmp那种自校验,一般的anti-tamper也能过 表哥们有勇有智,出手不凡,感觉楼主离成功越来越近了,加油,等楼主好消息。。。{:victory:} 难道是精灵 ? bb工具箱