Decompling .net assembly

Question

Hey i have done a few of decompiling in .net as i am learning c# so it helps me to see codes as it helps a lot. But lately i have come acrossed few program that i know are .net but in reflector show up as non .net assemblies. Here is the example of program named: Proxy Multiply.

I am not trying to do any illegal stuff or something. Just trying to learn. I have tried to google this but i was not able to achieve any good result. Thanks here is the link to image.

De4Dot Error

PEid Screenshot

KF2 · Answer 1 · 2013-03-16T18:47:43.633

I have same problem with dot net reflector before, try JetBrains dotPeek version 1.0 Decompling(this application will show code that obfuscated)

Decompiling .NET 1.0-4.5 assemblies to C#

Support for .dll, .exe, .zip, .vsix, .nupkg, and .winmd files

Quick jump to a type, assembly, symbol, or type member

Effortless navigation to symbol declarations,

implementations, derived and base symbols, and more

Accurate search for symbol usages

with advanced presentation of search results

Overview of inheritance chains

Support for downloading code from source servers

Syntax highlighting

Complete keyboard support

dotPeek is free!

@user2177631:so if this not show code finally you must read IL code:D — KF2, Mar 16 '13 at 18:47

score 1 · Accepted Answer · answered Mar 16 '13 at 18:17

There are many .Net code protection alternative, that obfuscate the IL codes so that they are not that much exposed to IL disassembler application.

.Net Reactor
Themida
SmartAssembly
the list is huge . . .

many of the protector modify the Exe (PE Header info), .Net exe contains some extra MetaData that helps disassembler to identify it.

Download this little application it may tell you a little more about the exe.

Download PEiD 0.95

PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files – its detection rate is higher than that of other similar tools since the app packs more than 600 different signatures in PE files.

PEiD comes with three different scanning methods, each suitable for a distinct purpose. The Normal one scans the user-specified PE file at its Entry Point for all its included signatures. The so-called Deep Mode comes with increased detection ratio since it scans the file's Entry Point containing section, whereas the Hardcore mode scans the entire file for all the documented signatures.

My best guess the assembly you are looking for is Protected by `.Net Reactor` or `Themida`

Hey here is the screenshot of the PEid, i cant make anything out of it. Have a look. http://i47.tinypic.com/dpzs4k.jpg — user2177631, Mar 16 '13 at 18:37
And they thing that i dont get it is how can soo many decompliers can say that its not a .net assemble... — user2177631, Mar 16 '13 at 18:40
what reason u have for that particular exe being coded on .net language? — Parimal Raj, Mar 16 '13 at 19:18
Because its requirement is .net4 ...and i have seen its companion files.... all are coded in .net — user2177631, Mar 16 '13 at 19:52

score 0 · Answer 3 · edited May 23 '17 at 12:04

0

Just because it is .NET doesn't mean that you can just decompile it like that. They probably used ILMerge. That's not to say it's impossible but it will require more work.

See Is it possible to “decompile” a Windows .exe? Or at least view the Assembly?

edited May 23 '17 at 12:04

Community

1
1

answered Mar 16 '13 at 18:14

ryan

6,541
5
43
68

Decompling .net assembly

3 Answers3

My best guess the assembly you are looking for is Protected by .Net Reactor or Themida

My best guess the assembly you are looking for is Protected by `.Net Reactor` or `Themida`