Results 1 to 12 of 12

Thread: De-compilation of .NET applications

  1. #1
    Senior Members' Member Matt1eD's Avatar
    Join Date
    Feb 2005
    Location
    London
    Posts
    2,462
    Thanks
    0
    Thanked
    0 times in 0 posts
    • Matt1eD's system
      • Motherboard:
      • MSI K9N6SGM-V GeForce 6100
      • CPU:
      • Athlon 64 LE-1620 2.41GHz
      • Memory:
      • 2 GB DDR2
      • Storage:
      • 1.25 TB
      • Graphics card(s):
      • Onboard
      • PSU:
      • eBuyer Extra Value 500W!
      • Operating System:
      • XP Pro

    De-compilation of .NET applications

    How is this done?

  2. #2
    Agent of the System ikonia's Avatar
    Join Date
    May 2004
    Location
    South West UK (Bath)
    Posts
    3,736
    Thanks
    39
    Thanked
    75 times in 56 posts
    de-compilers.

    Why do you want to do this, as I suspect you'll not get clean results.
    It is Inevitable.....


  3. #3
    str
    str is offline
    Member
    Join Date
    Apr 2005
    Posts
    137
    Thanks
    1
    Thanked
    5 times in 4 posts

  4. #4
    Senior Member
    Join Date
    Jan 2005
    Location
    Manchester
    Posts
    2,899
    Thanks
    67
    Thanked
    180 times in 135 posts
    • Butcher's system
      • Motherboard:
      • MSI Z97 Gaming 3
      • CPU:
      • i7-4790K
      • Memory:
      • 8 GB Corsair 1866 MHz
      • Storage:
      • 120GB SSD, 240GB SSD, 2TB HDD
      • Graphics card(s):
      • MSI GTX 970
      • PSU:
      • Antec 650W
      • Case:
      • Big Black Cube!
      • Operating System:
      • Windows 7
    Seems slightly misinformed. For instance it says that disassembly is a hard problem - it's not. Assembly is just a 1-to-1 mapping with actual opcodes, making disassembly trivial.
    On the other hand decompilation is hard, and rarely gives satisfactory results.

  5. #5
    Senior Members' Member Matt1eD's Avatar
    Join Date
    Feb 2005
    Location
    London
    Posts
    2,462
    Thanks
    0
    Thanked
    0 times in 0 posts
    • Matt1eD's system
      • Motherboard:
      • MSI K9N6SGM-V GeForce 6100
      • CPU:
      • Athlon 64 LE-1620 2.41GHz
      • Memory:
      • 2 GB DDR2
      • Storage:
      • 1.25 TB
      • Graphics card(s):
      • Onboard
      • PSU:
      • eBuyer Extra Value 500W!
      • Operating System:
      • XP Pro
    I did a bit of googling after posting this (I'm not planning to illegally decompile but can those programs that muck up the look of the classes e.t.c. successfully stop de-compiling/reverse engineering)? I've since found a few apps.

    Cheers
    Matt1eD

    P.S. Is it me or is that site really slow?

  6. #6
    Senior Member
    Join Date
    Jan 2005
    Location
    Manchester
    Posts
    2,899
    Thanks
    67
    Thanked
    180 times in 135 posts
    • Butcher's system
      • Motherboard:
      • MSI Z97 Gaming 3
      • CPU:
      • i7-4790K
      • Memory:
      • 8 GB Corsair 1866 MHz
      • Storage:
      • 120GB SSD, 240GB SSD, 2TB HDD
      • Graphics card(s):
      • MSI GTX 970
      • PSU:
      • Antec 650W
      • Case:
      • Big Black Cube!
      • Operating System:
      • Windows 7
    Depends what language you are trying to decompile. .NET is not restricted to a single language.
    You won't be able to get variable names and such, and constructs like classes are often lost when decompiling.

  7. #7
    str
    str is offline
    Member
    Join Date
    Apr 2005
    Posts
    137
    Thanks
    1
    Thanked
    5 times in 4 posts
    Quote Originally Posted by Butcher
    Seems slightly misinformed. For instance it says that disassembly is a hard problem - it's not. Assembly is just a 1-to-1 mapping with actual opcodes, making disassembly trivial.
    On the other hand decompilation is hard, and rarely gives satisfactory results.
    Disassemblers use very complex methods to produce useful assembler listings. I used a few of them when disassembling various USB drivers to figure out why my USBHz driver wasn't able to do it's magic on XP. The assembler output provided did not match up between the various disassemblers although it did appear to be functionally the same.

  8. #8
    Senior Member
    Join Date
    Jul 2003
    Location
    ZA ✈ UK
    Posts
    622
    Thanks
    0
    Thanked
    0 times in 0 posts
    Disassembly of machine code programs (Ie. where most of the program is in assembly code specific to a CPU platform) and disassembly of .NET programs (Which are in MSIL [Microsoft Intermediate Language], a CPU platform independent pseudo-code) are two completely different concepts.

    Because .NET programs are in MSIL, they can be "decompiled" back to human-readable code, with all classes, methods, properties and fields intact (Including their names, if obfuscation has not been applied [More on that later]. Local variable names, however, are lost). This is partly because .NET employs metadata which preserves all of this information, which is used for, among other things, reflection. Also, without this information, .NET would be unable to properly implement its security and garbage collection systems.

    As for a decompilation program, I know of two - Reflector and Anakrino. Neither program is perfect, but Reflector is far more complete than Anakrino which, last time I checked, was little more than a beta version. Even so, Reflector isn't perfect (Some generated VB.NET code, if recompiled, will raise exceptions, specifically with regard to arrays), but even so, I use it on a near-daily basis. It is invaluable for finding out how .NET's system classes go about their inner workings.

    As for preventing decompilation, it can't be done. As an alternative, several "obfuscation" programs have sprung up. These basically go through your compiled .NET program, renaming all classes, methods and properties to, usually, single-character names which are also as ambiguous as possible (Which does have the nice side-effect of making the program smaller). This makes it much more difficult to understand what a program is doing, which is already difficult enough without comments. For an example of this kind of obfuscation, have Reflector decompile itself (Yes, it's written in .NET) - it's very difficult to understand what it's doing. But then, that's the point.


    Edit: A little more info on Reflector and Anakrino - both are freeware. Anakrino, last I checked, only generates C# code, while Reflector can display the raw MSIL opcodes, as well as C#, VB.NET or Delphi.NET generated code.
    Last edited by eldren; 24-04-2005 at 12:48 AM.

  9. #9
    Senior Members' Member Matt1eD's Avatar
    Join Date
    Feb 2005
    Location
    London
    Posts
    2,462
    Thanks
    0
    Thanked
    0 times in 0 posts
    • Matt1eD's system
      • Motherboard:
      • MSI K9N6SGM-V GeForce 6100
      • CPU:
      • Athlon 64 LE-1620 2.41GHz
      • Memory:
      • 2 GB DDR2
      • Storage:
      • 1.25 TB
      • Graphics card(s):
      • Onboard
      • PSU:
      • eBuyer Extra Value 500W!
      • Operating System:
      • XP Pro
    Cheers eldren - has helped. Is it this? http://www.aisto.com/roeder/dotnet/ or Denis Bauer's version which the link is dead to!

    Anyone tried this?

    http://www.brouhaha.com/~eric/software/mocha/

  10. #10
    Senior Member
    Join Date
    Jul 2003
    Location
    ZA ✈ UK
    Posts
    622
    Thanks
    0
    Thanked
    0 times in 0 posts
    The first link is correct. The first "Reflector" in my post is a link to the same page.
    The second link is to a Java decompiler - don't think that's quite what you're looking for, unless you're looking for decompilers for platforms other than .NET.

  11. #11
    Senior Member
    Join Date
    Jan 2005
    Location
    Manchester
    Posts
    2,899
    Thanks
    67
    Thanked
    180 times in 135 posts
    • Butcher's system
      • Motherboard:
      • MSI Z97 Gaming 3
      • CPU:
      • i7-4790K
      • Memory:
      • 8 GB Corsair 1866 MHz
      • Storage:
      • 120GB SSD, 240GB SSD, 2TB HDD
      • Graphics card(s):
      • MSI GTX 970
      • PSU:
      • Antec 650W
      • Case:
      • Big Black Cube!
      • Operating System:
      • Windows 7
    Quote Originally Posted by str
    Disassemblers use very complex methods to produce useful assembler listings. I used a few of them when disassembling various USB drivers to figure out why my USBHz driver wasn't able to do it's magic on XP. The assembler output provided did not match up between the various disassemblers although it did appear to be functionally the same.
    Well just getting the raw opcodes is easy. The hard(er) part in assemblers is trying to work out function calls and other constructs within it. I guess you could call that disassembly, though to me it's more trying to interpret the disassembled code.
    BTW - ida is the god of all disassemblers.

  12. #12
    Senior Members' Member Matt1eD's Avatar
    Join Date
    Feb 2005
    Location
    London
    Posts
    2,462
    Thanks
    0
    Thanked
    0 times in 0 posts
    • Matt1eD's system
      • Motherboard:
      • MSI K9N6SGM-V GeForce 6100
      • CPU:
      • Athlon 64 LE-1620 2.41GHz
      • Memory:
      • 2 GB DDR2
      • Storage:
      • 1.25 TB
      • Graphics card(s):
      • Onboard
      • PSU:
      • eBuyer Extra Value 500W!
      • Operating System:
      • XP Pro
    Quote Originally Posted by eldren
    The first link is correct. The first "Reflector" in my post is a link to the same page.
    The second link is to a Java decompiler - don't think that's quite what you're looking for, unless you're looking for decompilers for platforms other than .NET.
    There's a link!

    indeedy; I'm more BASIC; then will move to Java and possibly C#

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. creating a compilation cd
    By Pirate Pete in forum Help! Quick Relief From Tech Headaches
    Replies: 2
    Last Post: 13-03-2005, 01:06 AM
  2. sony clie tj35 applications, video players etc
    By starbuck in forum PC Hardware and Components
    Replies: 1
    Last Post: 09-10-2004, 05:06 PM
  3. .net , MMS SMS Mobile Phone Programming
    By MarkJohnson in forum Software
    Replies: 0
    Last Post: 01-06-2004, 12:45 PM
  4. USA/Canada ONLY: Free VB .NET 2003 Standard Edition
    By Atomic in forum Retail Therapy and Bargains
    Replies: 2
    Last Post: 31-05-2004, 08:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •