More Concepts

Reversing C# binaries

C# written binaries(dll, executables) uses ILA which is very easy to reverse engineer. using dnspy

mscorlib is very important for c# binaries as it contain .net libraries.

Execute DLLs

We can execute dlls directly in windows using a windows binary called rundll32.exe

e.g.

rundll32.exe <dll_name.dll>,<function_name>

We also need to supply function name we want to invoke inside dll. Which can be determined through reverse engineering.

Tracing main function in stripped binary

LogoGitBook
PreviousMalware Delivery by scriptsNextAutomated Analysis

Last updated