.

What the next step for I to break my code.

<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Sat Feb 11, 2012 6:03 pm

What the next step for I to break my code.

Hello all.
I build a soft in vb.net. I use xenocode for protect. My soft conecte the server in my server for login.

Now, I  try to pentest my program.

The xenocode was easy to breack. I dump with PETools.
But the .exe created, no function, show an error 0xc000007b.

But in IDA my code is very clean to read, that is a first problem.

I can to continue to investigate my code. Do I need dump dlls? This error can to refer my dlls?

I dont know what my step.  In ollydbg my dumpedfile not open.

In IDA, when dumped file open, debugging option not appear, not enable.

Thanks for your attentin.
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Sun Feb 12, 2012 2:49 pm

Re: What the next step for I to break my code.

I founded that I need open my dumped.exe in ILDASM.exe and fix de PE Headrs. How Can I to make This?

In ILDASM not have editor...
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Feb 12, 2012 3:33 pm

Re: What the next step for I to break my code.

You can change the PE headers with LordPE. (Or OllyDbg ver. 2.X)
I'm an InterN0T'er
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Sun Feb 12, 2012 3:40 pm

Re: What the next step for I to break my code.

Opa, thanks.
My program have 20mb size and my dump.exe have only 37kb...
Is it normal?
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sun Feb 12, 2012 3:58 pm

Re: What the next step for I to break my code.

No idea, depends on what your program is and what dump.exe contains. It sounds quite extreme it's as large as 20mb, did you write it all in Visual Basic .Net?  ;D

Anyway, I can't tell if it's normal or not, as dump.exe could contain only a part of the entire program. The PE header if I'm not mistaken, is only 1KB. So I wonder what dump.exe contains. But you should investigate that yourself on your own  :)
I'm an InterN0T'er
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Wed Feb 15, 2012 7:39 pm

Re: What the next step for I to break my code.

Good night all.
I did not get to break this code.
My dumped file is clean to read in IDA but the debbuging not function.

I thing that I need found the entreypoint, but I not found.

In attachement, fallow my original exe save in IDA, and my dumped exe.

I dont want this files breaks, unpack...I to learn how I can to do.
If anybody to obtain this code correct, please, tell me the steps How Can I do too.

Sorry my english...
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Wed Feb 22, 2012 12:16 pm

Re: What the next step for I to break my code.

Tests:
-Ildasm, not possible because error CLR.
-Reflector give error "is not a .NET module"
-Xenocode Solution function only postbuild 2006, and my .exe use postbuild 2009.
-I dump with the LordPE, any error, but the dumped.exe not run.
When I open the Dumped.exe I can see that the code is C#.net.

Sugestions?
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Wed Feb 22, 2012 6:43 pm

Re: What the next step for I to break my code.

I found in dumped.exe the exact code where I can hack.
if ((CSServer.LogonState == CSServer.ServerStatus.ok) | (CSServer.LogonState == CSServer.ServerStatus.OKed))
start program
else
close
I need only to make run my dumped.exe...
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Thu Feb 23, 2012 6:57 am

Re: What the next step for I to break my code.

I didn't manage to create an runnig .exe. The error 0x00007b always happens. But in other foruns I see that other people have the same problem. Exctly problem.
-I dont see any dll in folders, but qhen I use petools I can see many dlls that my exe is using in this time. I try dump this dlls. In Reflector I can Reader this dll, but when I try to import in Visual Studio, I receive an error that say not valid assembly or com...

My doubt is:
In this time, I can to read the code, undertanding all steps, I can to read the dll...so I can undertanding how my program function. Only I cant generate an exe correct, functioning...

But I need? If I can debug the original exe and change directly in assembly...
Is possible? In olly no...When debbugging, read many dlls, and terminate the debug, so run the exe...This happens because the xenocode run my exe in Virtual Mode...

Any sugestion?
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Thu Feb 23, 2012 11:33 am

Re: What the next step for I to break my code.

Wy I seach in my pc for dlls showed in petools and not found but I can dump this dlls for any folder?
How this dlls can to  hide?  Xenocode make this?

I need dump more 3 dlls, that not showed in petools. I think this only appear if the program load this. As my program first need to login, so any dlls only loaded if my login is correct , so my exe can go on for the next steps loading the other dlls.

Is this correct?
Where is this dlls?
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Fri Feb 24, 2012 5:51 am

Re: What the next step for I to break my code.

I instal my program in VM. Use InstallWatch for look all files installed in my pc. In Added Files, I can see that the specific folder was instaled many files, but in explorer this same folder is empty.

I configure my explore to show all hided files and system hided files, but continue empty...

How I can access this hided files?
<<

bisewski

Newbie
Newbie

Posts: 11

Joined: Sat Feb 11, 2012 5:44 pm

Post Fri Feb 24, 2012 7:04 am

Re: What the next step for I to break my code.

assim fica foda, não tem uma alma disposta....

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software