Category Archives: Patching

Case of the Network Name That Couldn’t Be Found

Continuing the series on .NET patching from https://chentiangemalc.wordpress.com/2015/09/03/case-of-the-object-is-not-set-to-an-instance-of-an-object-net-patching/ An application when moved from XP to Windows 8.1 started reporting error The network name cannot be found. A dump file was taken at this point with procdump –ma option (http://live.sysinternals.com/procdump.exe ) … Continue reading

Posted in .NET, AppCompat, Patching | Tagged | Leave a comment

Case of the Object Is Not Set To An Instance of an Object–.NET Patching

Continuing our series on patching .NET code without source ( https://chentiangemalc.wordpress.com/2015/07/31/case-of-the-black-background-window-net-patching/ ) A .NET application which worked fine on Windows 7, started throwing an exception when opening an image in Windows 10’s default editor. However the images still opened OK. … Continue reading

Posted in .NET, C#, Hacking, IL, MSIL, Patching, Reverse Engineering | Tagged | Leave a comment

Case of the Black Background Window (.NET Patching)

On Windows XP  a Windows form had a white background, something like this: However on Windows 8 it had a black background like this, making text on the form unreadable:   This is a common AppCompat bug…where the developer instead … Continue reading

Posted in .NET, AppCompat, IL, Patching | Leave a comment

Removing Forced Reboot From An EXE

Had this process I wanted to execute during a number of tasks, this process had a command line argument “—reboot” which forced an immediate reboot. If you tried to run the command without the “–reboot” option you were given an … Continue reading

Posted in IDA, Patching | Tagged | Leave a comment

Experimental Use of 64-bit Dump of 32-bit .NET Process in WinDbg

A .NET dmp file is typically best captured as 32-bit for 32-bit process. On x64 system this could be using the 32-bit task manager (C:\windows\syswow64\taskmgr.exe), WinDbg (x86), or a tool like ProcDump (http://live.sysinternals.com/ProcDump.exe ) However what if a 32-bit .NET … Continue reading

Posted in .NET, 64-bit, Patching, WinDbg | Tagged | 3 Comments

Patching a Null Pointer Access Violation

An application was crashing about 5x a time a day so crash dumps were enabled via registry https://msdn.microsoft.com/en-us/library/windows/desktop/bb787181(v=vs.85).aspx Looking at the dmp files the program always crashed at same point in the program. This dump file has an exception of … Continue reading

Posted in IDA, Patching, WinDbg | Tagged | Leave a comment

Continuing Case of ByRef Corruption–.NET Patching

A new revision of app we previously met here https://chentiangemalc.wordpress.com/2014/05/22/case-of-the-invalid-base-key-error/ was out… The “Invalid Base Key” error had been patched, but now we had another. It looked like another case of variables being unexpectedly modified due to liberal and incorrect … Continue reading

Posted in .NET, Hacking, MSIL, Patching | Tagged | Leave a comment