2

Let's say i released the application below.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace WindowsFormsApplication2
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            MessageBox.Show("Hello World!","Message Box");
        }
    }
}

Now here is my questions:

  1. How to find the function of button which is responsible to show message box after pressing the button with ollydbg?
  2. How to disable the button click ?

Notes:this must be done with ollydbg only. Assume that i don't have access to the code.

A step-by-step example would be greatly appreciated.

user3725506
  • 155
  • 1
  • 1
  • 7
  • 1
    Ollydbg is probably a somewhat difficult choice for managed code because of the JIT compilation. Why do you want to do this? Why not some other tool, such as .NET Reflector with the VS plugin or WinDBG with SOS.dll? What do you expect to be able to accomplish by finding it? – Dark Falcon Jun 10 '14 at 18:50
  • i'm working on a game client and i want to disable a button which is on it. i'm trying to simplify the button click lines with this application so after i find it on the application it will be kinda easier to find on client! – user3725506 Jun 10 '14 at 19:57
  • 1
    Olly isn't going to help you do that. The code in the executable is IL code, but all that Olly works with is native code. You might find the function and you might even change it, but since ll you found was the JIT native code, no permanent change will be made. – Dark Falcon Jun 10 '14 at 20:02
  • so what do u suggest to me to work on ? – user3725506 Jun 10 '14 at 20:38
  • I suggest you follow the advice in the answers below. – Dark Falcon Jun 11 '14 at 16:43
  • @user3725506 Patch the MSIL instead of the JIT compiled native code. [Check this question too.](http://stackoverflow.com/questions/24391305/cracking-c-sharp-application-with-ollydebug/24391998#24391998) – Dominik Antal Jun 30 '14 at 09:04

2 Answers2

1

Using Olly or IDA is a lot of work for nothing.

Use .NET Reflector for decompilation(there is 14-day trial) and download Reflexil plugin to be able to modify code.

Finding the place should not be too hard since you have decompiled sourcecode.

If you cannot find the place you can try one of these:

  • Connect reflector to Visual studio

  • Export source code and just run it from Visual studio

If code is obfuscated I cannot help you there, you just must start playing with it till you defeat obfuscation

With Reflexil addon you can simply delete/modify the function

Mildar
  • 23
  • 3
0

Why not use IDA? You can "easily" nop out the function.

enter image description here

David
  • 73
  • 1
  • 3
  • 10
  • it seems can manage a simple application but i'm not sure that this IDA gonna manage a game client ! i picked ollydbg cause it can manage all lines on the game client. – user3725506 Jun 10 '14 at 19:58
  • It can, you looking for IDA not for OllyDBG. – David Jun 10 '14 at 20:18
  • @user3725506 By managing you mean that you can interract with the code runtime? That's called dynamic (olly) vs static debugging (IDA). – Dominik Antal Jun 30 '14 at 09:05