求助一个.net程序补丁或修改思路

iamok · 发表于 2023-8-5 12:34:40

本帖最后由 iamok 于 2023-8-5 12:37 编辑

软件大概情况：
1.一个国产的office辅助插件，主程序是一个dll文件，这里假定就叫a.dll。
2.a.dll使用.net Reactor保护了。我尝试使用de4dot脱壳后，在dnspy里可以看到程序逻辑，但是office无法加载插件运行了
3.通过dnspy查看验证逻辑，关键是加载了一个b.dll中的函数来实现，但是在a.dll里有一段代码会验证b.dll的大小和hash，所以无法通过直接修改b.dll来实现破解

我尝试的方法：
1.写一个c.dll来hook b.dll的输出函数，但是我通过导入表在a.dll中添加c.dll的函数后插件无法加载（失败）
2.直接改a.dll的IL代码，但是用dnspy改完报错报错，替换源文件后无法加载（失败）
3.自己写一个b.dll来实现关键函数结果输出，然后把原来的b.dll改名为d.dll。因为检测hash是调用的公共库“mscorlib.dll”里的方法，所以我可以直接修改这个公共库中的取hash函数，判断文件参数的名字，如果是b.dll就替换文件参数为d.dll，这样读取了原始文件就可以通过hash验证。但是我修改后的“mscorlib.dll”放到了a.dll同目录下并不会被加载，目前看只能替换windows下的原始文件才行。这种方式实在不够优雅。。。。

我的问题：
1.这种.net Reactor保护脱壳修复文章太少了，不知道大佬们有没有好的教程？
2.有没有其他相对优雅的方法进行补丁，或可以自动加载我自己写的c.dll？

WinRose · 发表于 2023-8-5 14:59:11

不是成品的话，在这里讨论不用指代名称不违规吧？
a会校验自己吗？不校验的话Patch掉对b的校验。修改IL代码也会报错？

iamok · 发表于 2023-8-5 15:22:31

WinRose 发表于 2023-8-5 14:59
不是成品的话，在这里讨论不用指代名称不违规吧？
a会校验自己吗？不校验的话Patch掉对b的校验。修改IL代 ...

是个国产软件，直接讨论不太好。我主要是想学习一下针对.net程序调试或补丁的技术，只是刚好遇到这个程序就用这个程序来举例。
上面我尝试的第2点说了，直接用dnspy改iL代码会出现保存报错的提示，大概类似如下：

[ColdFusion] 纯文本查看 复制代码

Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void <Module>::.cctor()' (0x06000001).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::.ctor()' (0x06000002).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::.cctor()' (0x06000003).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::nJTB8nlyn7D7C3YyYJ()' (0x06000004).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw::CPHHKw15Mf8i2NqURK()' (0x06000005).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::.ctor()' (0x06000006).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::.cctor()' (0x06000007).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::QMLn2PYIaKWsrQMBi3()' (0x06000008).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::jJWm1vMs7CjtitfSE4()' (0x06000009).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::o904dfDIktlvb8MK8o()' (0x0600000A).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::li5YlxcUWyRkofGVip()' (0x0600000B).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt::AJsj8yhGf1o9gB9MOi()' (0x0600000C).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::.cctor()' (0x0600000D).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'pNGL1JKvtgXADAbh8a.vuM2lUSfkRvGLSn2bt dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::zOKQVBSqj()' (0x0600000E).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'mYC79IqrtOmYQqRF2c.U4jY7s6cxtTYKQhdcw dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::Ak2cMsVki()' (0x0600000F).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'Microsoft.VisualBasic.ApplicationServices.User dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::zb6Brc0Qe()' (0x06000010).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::Owd7GnwZt()' (0x06000011).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::fanyBnkIfAS5Tnx90L()' (0x06000012).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5 dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5::ICjZnmS4rvx8ipsBqk()' (0x06000013).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::Equals(System.Object)' (0x06000014).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Int32 dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::GetHashCode()' (0x06000015).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Type dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::maiESkGYBr0()' (0x06000016).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.String dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::ToString()' (0x06000017).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'NsRy8EjQviqZLMp6EL dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::tQKESR9NIfv<NsRy8EjQviqZLMp6EL>(NsRy8EjQviqZLMp6EL)' (0x06000018).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::WJxESjv5XHR<zi40amYHuSZDePBSiM>(zi40amYHuSZDePBSiM&)' (0x06000019).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::.ctor()' (0x0600001A).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::.cctor()' (0x0600001B).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::rgP7rZe6UDt6n1eGhNT8()' (0x0600001C).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::igvEY3e6ILZxmX9kSDE7()' (0x0600001D).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/DSYIfa3kcvEr8sM6gy::hFRV3me6qZldqkTfmhuN()' (0x0600001E).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'lV0oOilhxoIBQjUMQ2 dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::CntESaVKMBi()' (0x0600001F).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::.ctor()' (0x06000020).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::.cctor()' (0x06000021).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::oYgLEee6ASpqJqGsc4md()' (0x06000022).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Object dbjQksdF9F2CmOok2n.OG2W0RMyISWJc5TIQ5/veNxJsbDhTTJAeUnLc`1::kRpNHYe6HnmTdMsqmNct()' (0x06000023).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Resources.ResourceManager Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::zOgP0RcES()' (0x06000024).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Globalization.CultureInfo Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::Hp65Hjvkp()' (0x06000025).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::K2jgIZyXb(System.Globalization.CultureInfo)' (0x06000026).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Drawing.Bitmap Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::lr1kQBFNv()' (0x06000027).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::.cctor()' (0x06000028).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Object Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::YGDxCJB9gjdMO1CpLF(System.Int32)' (0x06000029).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Boolean Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::cyt518CTkpUegkBnGG()' (0x0600002A).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::gQcatsLnAJhLNd28hy()' (0x0600002B).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::iW2AGMUKqsVkJSG9kT()' (0x0600002C).
Instruction operand is null. Error occurred after metadata event BeginWriteMethodBodies during writing method 'System.Void Hex5RZiNEQh1EKOY9B.ibCuxm8Wjo95NePMAI::ltAktOIXUpFci09AKX()' (0x0600002D).

lsmgys · 发表于 2023-8-5 16:43:40

你把它发上来估计大神们分分钟就搞定了

慕若曦 · 发表于 2023-8-5 17:14:57

这个我也没思路，旧版本和新版本注册逻辑不一样了

iamok · 发表于 2023-8-5 17:23:07

慕若曦发表于 2023-8-5 17:14
这个我也没思路，旧版本和新版本注册逻辑不一样了

你这就看出来是什么软件了

chinasmu · 发表于 2023-8-5 17:31:48

dnpsy里有个合并程序集的功能，我试过自己写hook的dll合并到a.dll里，然后在构造方法里调用自己的dll，可先加载自己的方法
除非a.dll有vmp那种自校验，一般的anti-tamper也能过

3yu3 · 发表于 2023-8-5 19:15:38

表哥们有勇有智，出手不凡，感觉楼主离成功越来越近了，加油，等楼主好消息。。。

yyww · 发表于 2023-8-5 19:27:53

难道是精灵？

czb203 · 发表于 2023-8-6 00:53:05

bb工具箱

		自动登录	找回密码
密码			加入我们

[求助] 求助一个.net程序补丁或修改思路

点评

点评

点评