|
|
|
|
#1
01-25-2005, 01:15
|
||||
|
||||
|
try also to disassemble using IDA.
There are two basic types of MSIL (miscrosoft intermediate language) disassemblers. ILDASM, Reflector and the like use the Reflection api to disassemble a dot net assembly. IDA does not use the reflection api, instead it examines the bytes of the dot net assembly to disassemble. The distinction between the two methods above is useful because many of the current crop of dot net protectors have the ability to stop disassembly via the reflection api. This is achieved by placing invalid meta data in the CLR (common language runtime) header of the file. This meta data is ignored during the execution of the program so it runs fine." Of course the MSIL you get could be a nightmare..
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪) There are only 10 types of people in the world: Those who understand binary, and those who don't http://www.accessroot.com 
|
|
#2
01-25-2005, 18:00
|
|||
|
|||
|
Another difference is that you can recompile MSIL generated by ILDASM and I didn't succede doing the same with IDA.
I wonder if there is a way to do that... Any suggestion? SystemeD
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
