Results 1 to 5 of 5

Thread: MSIL Dumper

  1. #1
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102

    MSIL Dumper

    This tool uses profiling APIs to dump MSIL on the fly.

    1- Select an executable assembly
    2- Click "Start"
    3- Check the "\Dump" folder in target directory for MSIL code.
    Attached Files Attached Files

  2. #2
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102
    The idea of this tool is to achieve two objects:

    1 - It will dump the body of every Method (Function, Procedure) called by the executable assembly you select, The dumping occurs whenever compiler enters that method, for example if you Click some button and this button calls method "CheckLicense" then you will find a file named "CheckLicense.txt" in the "\Dump" folder.

    2 - It will show you in details the methods being called and also the modules that your application loads so it could be used as a simple tracing utility for .net assemblies.

    I wrote this tool to help me rebuild assemblies protected with JIT hooking technique, those assemblies can't be explored in Reflector because their methods' body is encrypted and only decrypted in runtime when the method is called so you will see no code in reflector, I assumed that I will have access to the encrypted MSIL code of the methods using Profiling APIs, there was a 50% chance of success but it turned out to be only useful against certain protections like the one that LibX coded which depends on System.Reflection.Emit.DynamicMethod to excute protected methods.

    you can find more on LibX protection here
    http://www.reteam.org/board/showthread.php?t=799

    Enjoy
    Last edited by Kurapica; June 12th, 2008 at 15:13.
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  4. #4
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102
    What's NEW ?

    1- fixed a major bug that could cause an overflow while dealing with huge functions
    2- The "Log loading modules" has been fixed and can be disabled now to increase speed.

    To do :

    In next release I will add the ability to dump native compiled code of MSIL functions on the fly. I hope it's worth the effort

    You can get this tool from our portal : http://portal.b-at-s.info/download.php
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  5. #5
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5
    Nice, CRCETL updated.

    Looking forward to that next version too.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. Virtual Section Dumper v1.0 x86
    By NCR in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: February 17th, 2012, 18:58
  2. Imm_OllyDbg PE Dumper 3.03/OllyDbg PE Dumper 3.03
    By JMI in forum Plugins (General)
    Replies: 3
    Last Post: July 21st, 2008, 12:37
  3. HASP Dumper and Emulator
    By asifpervez in forum The Newbie Forum
    Replies: 3
    Last Post: April 6th, 2007, 12:10
  4. New Olly PE Dumper plugin
    By FKMA in forum Plugins (General)
    Replies: 27
    Last Post: May 28th, 2005, 18:23
  5. .NET MSIL Decompiler
    By ZenLoren in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: March 21st, 2001, 00:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •