Category Archives: Reverse Engineering

Decompile Compiled VBS EXE with WinDbg

In this case we are looking  at a 32-bit EXE with WinDbg (x86) from the Windows SDK. This exact process may or may not work depending on how the script was compiled, but the technique will be similar for many … Continue reading

Posted in Reverse Engineering, WinDbg | Tagged | Leave a comment

Case of the Object Is Not Set To An Instance of an Object–.NET Patching

Continuing our series on patching .NET code without source ( https://chentiangemalc.wordpress.com/2015/07/31/case-of-the-black-background-window-net-patching/ ) A .NET application which worked fine on Windows 7, started throwing an exception when opening an image in Windows 10’s default editor. However the images still opened OK. … Continue reading

Posted in .NET, C#, Hacking, IL, MSIL, Patching, Reverse Engineering | Tagged | Leave a comment

Case of the .NET 4.5.2 Setup Can’t Run In Compatibility Mode

When downloading http://www.microsoft.com/en-us/download/confirmation.aspx?id=42643 on Windows 8.1, the installer failed Well the most obvious thing, is the installer for some reason is set into compatibility mode. Clicking EXE and looking at properties shows this is not the case: First I tried … Continue reading

Posted in .NET, API Monitor, Application Compatibility, Debugging, Reverse Engineering, Windows 8.1 | Tagged | 4 Comments

Injecting Debug Tracing in a .NET EXE

Previously with .NET Reflector (http://www.red-gate.com/products/dotnet-development/reflector/guest-post) and Reflexil (http://reflexil.net/) we patched a .NET race condition https://chentiangemalc.wordpress.com/2014/03/20/case-of-the-unknown-error-app-crash-debugging-patching-someone-elses-net-race-condition/ This time I’d come across another app that only broke when a debugger was NOT attached. Using dmp files and analysis with WinDbg I had … Continue reading

Posted in .NET, Patching, Reflexil, Reverse Engineering | Tagged | Leave a comment