Skip to content

snaphat/auto-medic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits

example

example

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

automedic.cs

automedic.cs

 
 

Repository files navigation

auto-medic

De4dot based patching toolkit for .net binary modification.

Rationale

  • Why not just use dnlib for patching directly?
    • Most assemblies are obfuscated and packed in practice.
    • Using dnlib or Mono.Cecil directly on these will, in most cases, result in a broken Assembly that will not run.
  • What does this do differently from using de4dot or dnlib?
    • dnlib is a library that allows for programmatically patching an assembly.
    • de4dot is CLI program to deobfuscate and unpack assemblies.
    • auto-medic provides scaffolding to simplify and combines both processes so that an assembly can be deobfucated and programmatically patched in a single-step.
  • What are the tangible benefits to utilizing auto-medic?
    • A streamlined patch process.
    • No need to run de4dot independently before patching.
    • Less boiler-plate code to utilize dnlib for patching.
    • A resultant self-contained single-executable patch-program for a target assembly.

Dependencies

  • csc.exe must be in your path.
  • ILRepack.exe must be in your path.
  • de4dotp.exe must be in your path.

Setup

  • Create a patched version of de4dot called de4dotp.exe by following the instructions here and add the directory it is in to your path.
  • Install Build Tools for Visual Studio and add the directory csc.exe is in to your path.
  • Install ILRepack and add the directory ILRepack.exe is in to your path. I just extract the executable from the nupkg directly.

Example

  • automedic.cs
    • Base toolkit.
    • This is utilized to streamline user-code that needs to be written to patch an executable.
  • example/auto-medic.cs
    • Example user code utilizing the base toolkit.
    • Compiled into Auto-Medic.exe.
  • example/sample.cs
    • An example target application to patch.
    • Compiled into a.exe.
    • Returns A equal 0! pre-patch.
    • Should return A equal 1! post-patch.
  • example/make.bat
    • Example build and run script.
    • Compiles a.exe and Auto-Medic.exe.
    • Runs a.exe pre-patch.
    • Patches a.exe using Auto-Doc.exe.
    • Runs a.exe post-patch.

Usage

  • Include automedic.cs into a project.
  • Adapt example/auto-medic.cs for real-world usage.
    • It should be pretty simple in practice.
    • Each modifier is called for all methods in the assembly.
    • Multiple code patches can be applied via additional calls to AutoMedic.modifiers.Add() with different modifiers.
    • The checksum is computed by adding all modifier return values.
    • Any .net assembly can be targeted.
  • Make sure to use ILRepack.exe to pack de4dotp.exe with your executable after compilation. Otherwise, it won't work. See example/make.bat for details.
  • In a real world use-cases, one might use dnSpy or .net Reflector to reverse-engineer the target .net assembly, and then utilize this toolkit to create and apply patches to an assembly's bytecode.

About

De4dot based patching toolkit for .net binary modification.

Topics

reverse-engineering hacking patcher hacking-tool patching hacking-framework hacking-tools hacking-toolkit

Resources

Readme

License

Unlicense license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages