flat assembler
Message board for the users of flat assembler.

Index > Windows > .Net Assembly Protector

Author
Thread Post new topic Reply to topic
nullvalue



Joined: 25 Jul 2008
Posts: 1
nullvalue
My goal is to create an application that protects .Net Assemblies from "Reflection".

Everyone knows how easy it is to reflect someone's .Net Code straight out of their binaries, sure they can make it a wee bit harder with obfuscation, but if you work at it, its not that hard to get what you want.

A few ideas I had to accomplish this tall task:

#1: Create a Native Executable as a wrapper for your .Net Executable.
One big problem with that, the CODE SECTION of the PE structure is different from a Native executable (Check out the attachments for more info)

#2: I read somewhere a long time ago, where this guy created a thread, upon creation he suspends the thread, then replaced the whole allocated memory for this thread with an image of another executable, then resumes the thread and it ran the new executable. Now I never saw an example of this so I am not even sure its possible nevertheless I thought that if its even possible it could be viable for our scenario.

#3: For the past couple of days i have been looking for source where you can load an executable in memory than execute it, and theres some talk about it, mostly "how you would if you could" kind of posts. This would probably be the easiest method if you could do it.


Are any of my ideas feasible, or should i take another road.

Please any comments or suggestions would be appreciated.

Some Info on the subject matter:


Description:
Download
Filename: dotNET PE.pdf
Filesize: 41.45 KB
Downloaded: 52 Time(s)

Description:
Download
Filename: Managed Resources.pdf
Filesize: 127.55 KB
Downloaded: 77 Time(s)

Description:
Download
Filename: dotnetformat.txt
Filesize: 181.95 KB
Downloaded: 58 Time(s)

Post 25 Jul 2008, 03:59
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
.NET is a bit of bitch. If you mess with it in memory, .net runtime will refuse to load. So writing a protector for it is pretty hard. Most you can do easily is some sort of EXE wrapper/packer, that just unpacks it to memory and lets it go.
Post 25 Jul 2008, 12:08
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2887
Location: [RSP+8*5]
bitRAKE
I thought I read something about built-in signing/encryption of DotNET EXE with an RSA like key? Is that just to verify who the source is, or can it be used for hiding stuff, too?

_________________
¯\(°_o)/¯ unlicense.org
Post 25 Jul 2008, 22:09
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.