9. WinDbg
Thông tin và download: http://msdn.microsoft.com/en-us/windows/hardware/hh852365.aspx
WinDbg is debugging tool located in the Tools of the WDK (Windows Development Kit), created by Microsoft, this is one very powerful debugger process, can debug the application in user-mode and kernel-mode. It can also debug the program. NET. However, to use WinDbg requires a lot of experience as well as programming of Reverse Engineering. This tool is not used too common when decompiling programs. NET, I often see it used in the analysis of file operations. Been obfuscated NET as well as learn the mechanism of action of the The packer / protector for. NET. If you have come to the guru / expert - literally "old guard" then here is your indispensable tool. I do not use too much WinDbg to debug should also not be taken to imply that individual, so this section for reference only write + introduced.
windbg
WinDbg
10. The group of small utility (Utilities)
This group of tools is a collection of utility programs to help small to decompile. NET becomes easier, but they are not as programs decompiling programs I have introduced above. The number of tools (from what I know) not too much but they're really useful we can mention:
- MSIL opcode Table: This is one very small program lets you view the basic information of the IL code. This can be considered as a form of cheatsheet, extremely convenient for us to review. There are lots of IL code, each accompanied by the IL code information so important to remember all that difficult. So we badly needs this tool:
-
MSIL OPcode Table
MSIL Opcode Table
- Dotnet Tracer: A small utility but extremely worthwhile, I know, it will load the program. NET, then hook Jit-compiler and will offer extremely useful information, something like:
o The module is loaded
o Information about the method JIT will compile by
o Các exception
o The thread will be run
the ....
This is almost 1 debug the program. NET, so that we know the mechanism of action of the program to be analyzed. To use this tool effectively, you need to have certain experiences. NET and mechanism of action of. NET framework as well as the JIT compiler
dotnet tracer
Dotnet Tracer
- .NET Method Parser
This is a small tool that makes lists, analyze and provide information on the method in a program. NET (offset, name, type, flag, size, ....).
net methods parser
NET Methods Parser
There's also a pretty good tool that I would recommend to you, which is the first open source IDE called SharpDevelop free (info and download: http://www.icsharpcode.net/opensource/sd/ ).Personally I feel uncomfortable when using the Microsoft Visual Studio because it was too heavy (compared to my old machine) and the problem is more related to copyright (of course still have the free Express costs but also heavy and still lacks many features compared to the professional version or the Ultimate creation that M $). So I choose SharpDevelop to create applications. NET, fast medium to medium light., The program's interface is quite intuitive and convenient. Ministry of setup it only came up with ~ 15mb but the installation is completed can code in multiple languages: C #,VB.NET , F # IronPython, .... So I appreciate this IDE,, very handy when you need code of tools, small tool and demo app.
0 Comments:
Post a Comment