flat assembler
Message board for the users of flat assembler.

Index > Windows > .Net Assembly Protector

Author
Thread Post new topic Reply to topic
nullvalue



Joined: 25 Jul 2008
Posts: 1
nullvalue 25 Jul 2008, 03:59
My goal is to create an application that protects .Net Assemblies from "Reflection".

Everyone knows how easy it is to reflect someone's .Net Code straight out of their binaries, sure they can make it a wee bit harder with obfuscation, but if you work at it, its not that hard to get what you want.

A few ideas I had to accomplish this tall task:

#1: Create a Native Executable as a wrapper for your .Net Executable.
One big problem with that, the CODE SECTION of the PE structure is different from a Native executable (Check out the attachments for more info)

#2: I read somewhere a long time ago, where this guy created a thread, upon creation he suspends the thread, then replaced the whole allocated memory for this thread with an image of another executable, then resumes the thread and it ran the new executable. Now I never saw an example of this so I am not even sure its possible nevertheless I thought that if its even possible it could be viable for our scenario.

#3: For the past couple of days i have been looking for source where you can load an executable in memory than execute it, and theres some talk about it, mostly "how you would if you could" kind of posts. This would probably be the easiest method if you could do it.


Are any of my ideas feasible, or should i take another road.

Please any comments or suggestions would be appreciated.

Some Info on the subject matter:


Description:
Download
Filename: dotNET PE.pdf
Filesize: 41.45 KB
Downloaded: 254 Time(s)

Description:
Download
Filename: Managed Resources.pdf
Filesize: 127.55 KB
Downloaded: 421 Time(s)

Description:
Download
Filename: dotnetformat.txt
Filesize: 181.95 KB
Downloaded: 259 Time(s)

Post 25 Jul 2008, 03:59
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 25 Jul 2008, 12:08
.NET is a bit of bitch. If you mess with it in memory, .net runtime will refuse to load. So writing a protector for it is pretty hard. Most you can do easily is some sort of EXE wrapper/packer, that just unpacks it to memory and lets it go.
Post 25 Jul 2008, 12:08
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 25 Jul 2008, 22:09
I thought I read something about built-in signing/encryption of DotNET EXE with an RSA like key? Is that just to verify who the source is, or can it be used for hiding stuff, too?

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 25 Jul 2008, 22:09
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.