Results 1 to 14 of 14

Thread: .NET Internals and Native Compiling

  1. #1
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19

    .NET Internals and Native Compiling

    http://ntcore.com/Files/netint_native.htm

    Strictly speaking it means converting the MSIL code of a .NET assembly to native machine code and then removing the MSIL code from that assembly, making it impossible to decompile it in a straightforward way. The only existing tool to native compile .NET assemblies is the Salamander.NET linker which relies on native images to do its job. The "native images" (which in this article I called "Native Framework Deployment") technique is quite distant from .NET internals: one doesn't need a good knowledge of .NET internals to implement it. But, as the topic is, I might say, quite popular, I'm going to show to the reader how to write his Native Framework Deployment tool if he wishes to. However, the article will go further than that by introducing Native Injection, which means nothing else than taking the JIT's place. Even though this is not useful for commercial protections (or whatever), it's a good way to play with JIT internals. I'm also going to introduce Native Decompiling, which is the result of an understanding of .NET internals. I'm also trying to address another topic: .NET Virtual Machine Protections.

    I hope you'll enjoy this.

    P.S. As always, if you notice typos, please report them.

  2. #2
    Registered User
    Join Date
    Aug 2005
    Location
    Italy
    Posts
    133
    Blog Entries
    31
    Another work conducted with Surgical Precision, great work Daniel

    The way of .NET taming has started, hope to see new great ideas that could come out from the paper!

    Regards,
    Evilcry

    http://evilcry.netsons.org (Repository)
    http://evilcodecave.blogspot.com
    http://evilcodecave.wordpress.com

  3. #3
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Finally. Now only to find some time to read it GJ!

  4. #4
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks evil! Yes, well I'm curious if the framework's next version will address the problem.

    rendari: take your time. The article seems longer than it is.

  5. #5
    Excellent work again Daniel
    Keep up the good work
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  6. #6
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks GEEK. Well maybe this article is less interesting since it handles less common cases than the first article. But who knows, maybe it'll turn more useful in a year or so. I don't really know. I prefer this article to the first one, but it could be that in a practical sense it is less interesting.

    I'm just glad that I'm through with all this .NET stuff.

  7. #7
    soft123123
    Guest
    the best article about .NET internals i'v ever read. thanks very much Daniel.

    hope this series can go on, topic is endless.

    and hope the new verion CFF, which support .rebel file, can come out soon.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks soft123123. Well, actually the protections talk is ended as there are no other protections. There was one thing which I was still interested writing: an article about the garbage collector.

    But I don't think that is urgent.

    The new CFF will support 100% the rebel.net format and its manipulation. Problem is that the new CFF is going to be rewritten from scratch. So, maybe I'll release a first version of the new CFF Explorer just for the rebel.net format.

    The rewriting of the CFF is necessary as I am stuck with the MFC classes and can't write a better gui with them.

    Today, for instance, I'm trying to find images for the new toolbars. Very boring, but necessary..

  9. #9
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Ground-breaking high quality stuff as usual Daniel, you da man. And we're of course all looking forward to the upcoming CFF Explorer releases too.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  10. #10
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks dELTA! Well, if there are no other corrections, I'll send the article to codeproject...

  11. #11
    very good!!! tnx to you Daniel I'll start playing with .NET

  12. #12
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    It's very good that talented reversers such as deroko start playing with .NET. And it's also good that others start to build on top of my work, because I am frankly tired of .NET stuff. The IT field is going through a period of transformations right now in my opinion and it's interesting to follow the stream and not just explore only one topic.

    deroko: I'm glad you appreciated the article.

  13. #13
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Hi Daniel,
    i'm really pleased to announce the release of a NetAsm on CodePlex (http://www.codeplex.com/netasm). This library enables to JIT inject native code into a .NET application.

    I would like to thank you for your article on NET Internals and Native Compiling. NetAsm was inspired from your work and it wouldn’t have been possible without this brilliant article!

    Alexandre
    Seems a very nice project. Wanted to signal it here. I'm glad someone manages to build tools around this concept.
    Last edited by Daniel Pistelli; July 25th, 2008 at 11:37.

  14. #14
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Nice tool, thanks for the heads-up Daniel.

    CRCETL:
    http://www.woodmann.com/collaborative/tools/index.php/NetAsm
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. Part 3: Optimizing and Compiling
    By OpenRCE_RolfRolles in forum Blogs Forum
    Replies: 2
    Last Post: August 8th, 2008, 17:39
  2. Compiling FlexLm sdk
    By _Sigma in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: March 25th, 2007, 19:05
  3. Remotesoft's Salamander 1.1.6.0 (Native Compiling)
    By Ntoskrnl in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: May 23rd, 2006, 06:15
  4. Compiling code in memory
    By nathan in forum Advanced Reversing and Programming
    Replies: 15
    Last Post: May 15th, 2006, 13:23
  5. Compiling errors
    By Anonymous in forum Plugins (General)
    Replies: 3
    Last Post: November 19th, 2002, 08:50

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •