车辆最近在结项,其中曲折也就我知道吧~~,客户差点因为ABCpdfCE6.dll组件的非开源可能会引起版权之争,不给结项。这坚定了我对.net整个平台技术探索(其实也就是脱壳破解其源代码)。用PE查看其壳,未知壳,OD载人没有C、MFC、VB、JAVA等等特征。
我先讲下汉化吧,汉化前提的条件是其没有加壳或者已经脱壳了。
.net程序是来公司第一次接触的,对VS2005工具没有详细的了解,它的汉化过程开始我也不是很清楚,不管用Passolo还是Sisulizer都找不到资源,无法汉化的。在一次嘉为培训,老师告诉我VS2008有自带的反编译的工具,
首先用Reflector反编译,查看程序的代码。发现该软件未采取任何的保护措施,代码可读性很高。
然后用ildasm.exe反汇编(IL 反汇编程序)。ildasm.exe是微软官方的.Net程序的反汇编程序。随VS一同安装。VS2008中默认路径在X:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\ildasm.exe
用ildasm.exe打开主程序,然后点文件-转储。导出il代码和资源文件。
为了测试导出的正确性,我们打开VS的命令行,进入il文件的目录,输入ilasm /exe /resource=*.res *.il
其中**为你导出的文件名
对导出的il进行汇编,重新生成exe。发现生成的exe运行正常(果然很弱,没有强名称保护)。
Setting environment for using Microsoft Visual Studio 2008 x86 tools.
C:\Program Files\Microsoft Visual Studio 9.0\VC>e:
E:\ >ilasm /exe /resource=Fiddler.res Fiddler.il
Class 27 Methods: 1;
Class 28 Fields: 2; Methods: 3;
Class 29 Fields: 2; Methods: 5;
Class 30 Methods: 2;
Class 31 Fields: 1; Methods: 1;
Class 32 Fields: 223; Methods: 217;
Class 33 Fields: 1; Methods: 2;
Class 34 Fields: 5; Methods: 14;
Class 35 Fields: 3; Methods: 4;
Class 36 Fields: 7; Methods: 8;
Class 37 Fields: 3;
Class 38 Fields: 4; Methods: 3;
Class 39 Fields: 3; Methods: 21;
Class 40 Fields: 10; Methods: 18;
Class 41 Fields: 14;
Class 42 Fields: 13; Methods: 23;
Class 43 Fields: 2; Methods: 7;
Class 44 Methods: 4;
Class 45 Fields: 18; Methods: 10;
Class 46 Fields: 5; Methods: 8;
Class 47 Fields: 6; Methods: 5;
Class 48 Fields: 64; Methods: 20;
Class 49 Methods: 8;
Class 50 Methods: 8;
Class 51 Fields: 15; Methods: 41;
Class 52 Methods: 4;
Class 53 Methods: 5;
Class 54 Methods: 4;
Class 55 Fields: 2; Methods: 3;
Class 56 Fields: 3; Methods: 6;
Class 57 Fields: 6; Methods: 7;
Class 58 Fields: 4; Methods: 5;
Class 59 Fields: 5;
Class 60 Fields: 27; Methods: 9;
Class 61 Fields: 30; Methods: 39;
Class 62 Fields: 21; Methods: 14;
Class 63 Fields: 4; Methods: 6;
Class 64 Methods: 6;
Class 65 Methods: 4;
Class 66 Fields: 23; Methods: 17;
Class 67 Fields: 3; Methods: 15;
Class 68 Fields: 3;
Class 69 Fields: 4; Methods: 10;
Class 70 Methods: 4;
Class 71 Methods: 4;
Class 72 Methods: 4;
Class 73 Fields: 10; Methods: 3;
Class 74 Methods: 4;
Class 75 Methods: 4;
Class 76 Methods: 4;
Class 77 Methods: 4;
Class 78 Fields: 1; Methods: 1;
Class 79 Fields: 2; Methods: 5;
Class 80 Fields: 7; Methods: 23;
Class 81 Fields: 5;
Class 82 Methods: 4;
Class 83 Fields: 2; Methods: 3;
Class 84 Fields: 5; Methods: 6;
Class 85 Fields: 3; Methods: 4;
Class 86 Fields: 1; Methods: 4;
Class 87 Fields: 3; Methods: 5;
Class 88 Fields: 3; Methods: 1;
Class 89 Fields: 4; Methods: 6;
Class 90 Fields: 8; Methods: 6;
Class 91 Fields: 8; Methods: 4;
Class 92 Fields: 1; Methods: 4;
Class 93 Fields: 1; Methods: 6;
Class 94 Methods: 1;
Class 95 Fields: 3; Methods: 7;
Class 96 Methods: 3;
Class 97 Fields: 2; Methods: 1;
Class 98 Fields: 1; Methods: 2;
Class 99 Fields: 1; Methods: 2;
Class 100 Methods: 2;
Class 101 Fields: 7;
Class 102 Fields: 4;
Class 103 Fields: 7;
Class 104 Methods: 5;
Class 105 Methods: 1;
Class 106 Methods: 2;
Class 107 Methods: 1;
Class 108 Fields: 1; Methods: 3;
Class 109 Methods: 2;
Class 110 Fields: 1; Methods: 6;
Class 111 Fields: 7;
Class 112 Fields: 5;
Class 113 Fields: 12;
Class 114 Fields: 8;
Class 115 Fields: 5; Methods: 1;
Class 116 Fields: 5;
Class 117 Fields: 7;
Class 118 Fields: 5;
Class 119 Fields: 7;
Class 120 Fields: 1; Methods: 3;
Class 121 Fields: 3; Methods: 2;
Class 122 Methods: 4;
Class 123 Fields: 3; Methods: 4;
Class 124 Fields: 28;
Class 125 Fields: 12;
Class 126 Fields: 1; Methods: 3;
Class 127 Fields: 4;
Class 128 Methods: 2;
Class 129 Methods: 3;
Class 130 Fields: 10; Methods: 5;
Class 131 Fields: 6;
Class 132 Fields: 3;
Class 133 Fields: 1; Methods: 2;
Class 134 Fields: 2; Methods: 2;
Class 135 Fields: 1; Methods: 2;
Class 136 Fields: 2; Methods: 3;
Class 137 Fields: 4; Methods: 7;
Class 138 Fields: 4; Methods: 7;
Class 139 Methods: 4;
Class 140 Methods: 4;
Class 141 Methods: 4;
Class 142 Fields: 1; Methods: 6;
Class 143 Methods: 3;
Class 144 Fields: 4; Methods: 10;
Class 145 Fields: 1; Methods: 2;
Class 146 Fields: 1; Methods: 2;
Class 147 Methods: 2;
Class 148 Fields: 1; Methods: 4;
Class 149 Fields: 4; Methods: 5;
Class 150 Fields: 1; Methods: 4;
Class 151 Methods: 1;
Class 152 Fields: 1; Methods: 1;
Class 153 Fields: 12;
Class 154 Fields: 2;
Class 155 Fields: 10;
Class 156 Fields: 2; Methods: 6;
Class 157 Fields: 1; Methods: 1;
Class 158
Resolving local member refs: 11512 -> 11512 defs, 0 refs, 0 unresolved
Emitting events and properties:
Global
Class 1
Class 2
Class 3
Class 4
Class 5 Props: 1;
Class 6 Events: 9; Props: 2;
Class 7 Props: 10;
Class 8
Class 9
Class 10
Class 11
Class 12
Class 13 Props: 1;
Class 14 Props: 1;
Class 15 Props: 17;
Class 16
Class 17 Props: 1;
Class 18 Events: 1; Props: 5;
Class 19
Class 20 Props: 19;
Class 21
Class 22 Props: 8;
Class 23 Props: 3;
Class 24 Props: 4;
Class 25 Props: 3;
Class 26 Props: 2;
Class 27
Class 28 Props: 2;
Class 29 Props: 2;
Class 30
Class 31
Class 32
Class 33
Class 34
Class 35 Events: 1;
Class 36
Class 37
Class 38
Class 39 Props: 2;
Class 40 Props: 2;
Class 41
Class 42 Props: 8;
Class 43
Class 44
Class 45 Props: 1;
Class 46 Props: 2;
Class 47
Class 48
Class 49 Props: 4;
Class 50 Props: 4;
Class 51 Events: 3; Props: 2;
Class 52
Class 53
Class 54
Class 55
Class 56 Props: 1;
Class 57 Props: 1;
Class 58
Class 59
Class 60
Class 61
Class 62
Class 63
Class 64
Class 65
Class 66
Class 67 Props: 1;
Class 68
Class 69 Props: 4;
Class 70
Class 71
Class 72
Class 73
Class 74
Class 75
Class 76
Class 77
Class 78
Class 79 Props: 2;
Class 80 Props: 8;
Class 81
Class 82
Class 83
Class 84
Class 85
Class 86
Class 87 Props: 1;
Class 88
Class 89
Class 90 Props: 1;
Class 91 Props: 1;
Class 92 Props: 1;
Class 93 Props: 1;
Class 94
Class 95 Props: 3;
Class 96
Class 97
Class 98 Props: 1;
Class 99
Class 100
Class 101
Class 102
Class 103
Class 104
Class 105
Class 106
Class 107
Class 108
Class 109
Class 110 Props: 1;
Class 111
Class 112
Class 113
Class 114
Class 115
Class 116
Class 117
Class 118
Class 119
Class 120
Class 121
Class 122
Class 123 Props: 1;
Class 124
Class 125
Class 126 Props: 1;
Class 127
Class 128
Class 129
Class 130
Class 131
Class 132
Class 133 Props: 1;
Class 134
Class 135 Props: 1;
Class 136 Props: 2;
Class 137 Props: 3;
Class 138 Props: 3;
Class 139
Class 140
Class 141
Class 142
Class 143
Class 144 Props: 4;
Class 145
Class 146
Class 147
Class 148
Class 149 Props: 4;
Class 150 Props: 1;
Class 151
Class 152
Class 153
Class 154
Class 155
Class 156 Props: 4;
Class 157
Class 158
Method Implementations (total): 7
Resolving local member refs: 0 -> 0 defs, 0 refs, 0 unresolved
Writing PE file
Operation completed successfully
我们汉化的资源就都在.il里面了,在这里我们可以汉化,可以破解等等操作,改完像上面的操作那样编译回去就OK了。破解要结合Reflector和ildasm 使用。
不过这些操作最关键的就是脱壳了,这些exe 、dll经过加壳的这些工具都无效,所以我们必须要脱壳。