随笔分类 - 逆向工程
摘要:打开dll的源码,然后attach到那个加载了反射dll的进程上。 就可以调试dll的代码
阅读全文
摘要:DNGuard HVM Unpacker(3.71 trial support and x64 fixed) Gr8 news. Finally got the x64 crash fixed. DNGuard HVM Unpackerwhats new: Dnguarg HVM 3.71 tria
阅读全文
摘要:先打开进程,炉石传说。 然后选择MemoryView 在MemoryViewer界面,Tools菜单,然后选择Dissect PE headers 然后查看mono.dll的信息 0x357A0是新版本的 这个页面还可以打开本地另外备份的mono.dll,然后查看 发现0x3535C 右键选中界面的
阅读全文
摘要:https://blog.csdn.net/icandoit_2014/article/details/78739962 可以看出,此种方法只适用于程序崩溃但没有立即自行退出的情况。倘若程序故障后自行退出,则此方法就难以应用。不过,我们可以在注册表中添加如下信息已确保系统在程序崩溃后自行保存一个du
阅读全文
摘要:https://gslab.qq.com/portal.php?mod=view&aid=194
阅读全文
摘要:If you attach to a process/game that uses mono, you should see a new "Mono" menu item on the Cheat Engine form. This will have an Activate mono featur
阅读全文
摘要:https://www.cnblogs.com/ae6623/archive/2011/04/16/4416874.html https://www.52pojie.cn/thread-828030-1-1.html https://wiki.cheatengine.org/index.php?ti
阅读全文
摘要:https://github.com/dsasmblr/game-hacking Cheat Engine Hacking memory Cheat engine have a feature called Dissect mono that can help hacking game's memo
阅读全文
摘要:[.NET] ConfuserEx脱壳工具打包 ConfuserEx 1.0.0脱壳步骤 Written by 今夕何夕[W.B.L.E. TeAm]1.先用UnconfuserEx把主程序Dump出来;2.使用CodeCracker大牛的ConfuserExStringDecryptor将加密的字
阅读全文
摘要:下载链接 https://sourceforge.net/projects/x64dbg/files/snapshots/ https://github.com/x64dbg/x64dbg/releases 官方文档 http://help.x64dbg.com/en/latest/ 教程 http
阅读全文
摘要:http://www.ollydbg.de/version2.html
阅读全文
摘要:https://codingvision.net/security/c-read-write-another-process-memory Today’s tutorial is about…processes’ memory! In this article I’ll show you how t
阅读全文
摘要:ProcessSharp的构造函数,对应的测试是 https://github.com/lolp1/Process.NET/blob/master/test/Process.NET.Test/Core/ProcessSharpTest.cs /// <summary> /// Initializes
阅读全文
摘要:Free. For everyone. Forever. With an open source decompilation engine https://www.telerik.com/products/decompiler.aspx
阅读全文
摘要:https://www.red-gate.com/dynamic/products/dotnet-development/reflector/download https://github.com/sailro/Reflexil/releases The .NET Assembly Editor h
阅读全文
摘要:What is MemoScope.Net ? It's a tool to analyze .Net process memory: it can dump an application's memory in a file and read it later. The dump file con
阅读全文
摘要:Portable Executable File Format PE Format 微软官方的 What is a .PE file in the .NET framework? [closed] The PE file you are talking about is the "Portable
阅读全文
摘要:请问大神.NET查壳工具都有哪些? 已知的有DotNet Id 除了这个还有别的吗?脱MAXTOCODE发现是双壳。脱掉第一层还有一层,DotNet Id检测没壳了,但是反编译还是加密状态. 用PEiD查壳,用OD脱壳 ScanID算不算? https://hintdesk.com/2007/11/
阅读全文