Managed Code with Licensing does not always mean Software Protection. R3JlSGFjayAyMDEyIC0gMXN0IFBhbmljaw0KVGhhbmtzIFBoaWwgZm9yIHRoZSB0ZW1wbGF0ZQ==
|
|
- Lester Harold Rogers
- 5 years ago
- Views:
Transcription
1 Managed Code with Licensing does not always mean Software Protection R3JlSGFjayAyMDEyIC0gMXN0IFBhbmljaw0KVGhhbmtzIFBoaWwgZm9yIHRoZSB0ZW1wbGF0ZQ==
2 OVERVIEW
3 OVERVIEW Console static void WriteLine() JITCompiler static void WriteLine(string) JITCompiler Managed EXE static void Main() { Console.WriteLine( Hello ); Console.WriteLine( Goodbye ); } MSCore.dll JITCompiler function { 1. In the assembly that implements the type (Console), look up the method (WriteLine) being called in the metadata. 2. From the metadata, get the IL for this method. 3. Allocate a block of memory. 4. Compile the IL into native CPU instructions; the native code is saved in the memory allocated in step Modify the method s entry in the Type s table so that it now points to the memory block allocated in step Jump to the native code contained inside the memory block. } Native CPU Instructions Drawing Source : CLR via C# (Jeffrey Richter)
4 OVERVIEW Console static void WriteLine() JITCompiler static void WriteLine(string) Native Managed EXE static void Main() { Console.WriteLine( Hello ); Console.WriteLine( Goodbye ); } MSCore.dll JITCompiler function { 1. In the assembly that implements the type (Console), look up the method (WriteLine) being called in the metadata. 2. From the metadata, get the IL for this method. 3. Allocate a block of memory. 4. Compile the IL into native CPU instructions; the native code is saved in the memory allocated in step Modify the method s entry in the Type s table so that it now points to the memory block allocated in step Jump to the native code contained inside the memory block. } Native CPU Instructions Drawing Source : CLR via C# (Jeffrey Richter)
5 OVERVIEW C# C#C# Resource Resource Resource csc.exe /t:module Stringer.cs csc.exe /addmodule:stringer.netmodule/t:module Client.cs Assembly PE/COFF Header CLR Header.netmodule CLR Data MetaData IL Code.netmodule.netmodule.netmodule Resource Resource Sections natives (.data,.rdata,.reloc,.rsrc,.text) al.exe Client.netmodule Stringer.netmodule/main:MainClientApp.Main /out:myassembly.exe/target:exe
6 C# Assembly Structure Playing with an Assembly is like playing with Russian dolls Icon Source:
7 HexdecimalView HelloWorld.exe
8 OVERVIEW CLR HEADER SECTION HEADER # of Sections * 40 bytes.text /.reloc/.rsrc Virtual Size / Virtual Address / Raw Size / Raw Address OPTIONAL HEADER? Bytes This one is a gold mine. 0x80 NT HEADER + FILE HEADER PE00 24 bytes Machine : Intel 386 / EFI Byte Code Characteristics : Executable, DLL, System File, 32 bit word machine. MS DOS Stub Program 64 bytes 0x00 MZ MS DOS Header e_lfanew 64 bytes
9 Optional Header.NET Directory Debug Directory Export Directory.NET MetaData Directory RVA.NET MetaData Directory Size Import Directory Section Headers [x] OPTIONAL HEADER Data Directories Debug Information Type : CodeView / COFF / Fixup/ CLSID # of entries Import Directory RVA Export Directory RVA Debug Directory RVA.NET MetaData Directory RVA PE32 PE64 Header Subsystem : Windows Console / Windows GUI / EFI BootDriver/ EFI Application DllCharacteristics: Dll can move, NX Compatible, using SEH
10 .NET Directory MetaData Header Signature (BSJB) Major / Minor Version Reserved Version Length Version String Flags Number Of Streams MZ - Mark Zbikowski BSJB - Brian Harry, Susan Radke-Sproull, Jason Zander, and Bill Evans Resources Strong Name Signature.NET Directory ManagedNativeHeader RVA ExportAddressTableJump RVA StrongNameSignature RVA Resources RVA MetaData RVA Flags EntryPointToken IL only, IL Library, 32 bit required, Strong Name Signed Eg. 0x (More details later)
11 .NET MetaDataHeader / Stream #Blob #GUID Contains all the assembly metadata #~ MetaData Stream #~ #Strings #US #GUID #Blob MetaData Header Signature (BSJB) Major / Minor Version Reserved Version Length Version String Flags Number Of Streams Namespace, type and member names are stored String directly used in the program ( Hello world ) Stores GUIDs used throughout the assembly Heap for storing pure binary data method signature, generic instantiations
12 .NET Assembly Metadata AssemblyRef Assembly CustomAttribute MemberRef Param Method TypeDef TypeRef Module Tables Header Major / Minor Version HeapOffsetSizes. Mask Valid Mask Sorted Each row references an external assembly It stores information about the current assembly It indexes a constructor method the owner of that constructor method is the Type of the Custom Attribute. Each row represents an imported method Each row represents a method s param Each row represents a method in a specific class Each row represents a class in the current assembly Each row represents an imported class, its namespace and the assembly which contain it Represents the current Assembly Tells if the #String / #Guid/ #Blob are > 2^16 (Word / DWordfor an index) Bit field of table types: 0x Module / 01 TypeRef/ 02 TypeDef/ 04 -Field/ 06 MethodDef 08 Param/ 09 -InterfaceImpl/ 10 MemberRef/ 11 Constant Bit set means available Bit field of table types: 0x FA00
13 .NET Example using System;. namespace HelloWorld { class Program { static void PrintHelloWolrd() { Console.Out.WriteLine("Hello World..."); } Stored in the TypeDef Stored in the Method table static void PrintHelloWolrd2() { Console.Out.WriteLine("Hello World2..."); } Stored in the #US MetaData Streams TypeRef Table } } static void Main(string[] args) { Program.PrintHelloWolrd(); } MemberRef table Param table
14 .NET Example 1. Each table is a structured byte stream 2. Easy to compute its size 3. Header (Tiny or Fat) Tiny : No Exception, Max stack 8, no local variable (1 byte) Fat: Signature, Code Size, Stack Size (14 bytes) 0xD0, 0x20, 0x00, 0x00, 0x00, 0x00, 0x91, 0x00, 0x43, 0x00, 0x0A, 0x00, 0x01, 0x00 RVA 4 Bytes 0xD Points to the IL Code (More to come) Impl Flags 2 Bytes 0x0000 Click here Flags 2 Bytes 0x9100 Click here Name 2 Bytes 0x4300 Index in String Stream (#String) Signature 2 Bytes 0x0A00 Index in Blob Stream (#Blob) Param List 2 Bytes 0x0001 Index in the Parameter Table
15 Method DefTable Method #1 ( ) MethodName: PrintHelloWolrd( ) Flags : [Private] [Static] [HideBySig] [ReuseSlot] ( ) RVA : 0x000020d0 ImplFlags: [IL] [Managed] ( ) CallCnvntn: [DEFAULT] ReturnType: Void No arguments. Signature : Method #2 ( ) MethodName: PrintHelloWolrd2 ( ) Flags : [Private] [Static] [HideBySig] [ReuseSlot] ( ) RVA : 0x000020e3 ImplFlags: [IL] [Managed] ( ) CallCnvntn: [DEFAULT] ReturnType: Void No arguments. Signature : Method #3 ( ) [ENTRYPOINT] MethodName: Main ( ) Flags : [Private] [Static] [HideBySig] [ReuseSlot] ( ) RVA : 0x000020f6 ImplFlags: [IL] [Managed] ( ) CallCnvntn: [DEFAULT] ReturnType: Void 1 Arguments Argument #1: SZArray String Signature : d 0e 1 Parameters (1) ParamToken: ( ) Name : args flags: [none] ( )
16 IL Code (HelloWorld.exe) 2 Method Table 1 PrintHelloWorld 2 PrintHelloWorld2 3 Main 4 -.ctor 1 PE Header EntryPointToken : 0x x20D0 Flags (Static, Private ) ImplFlags(IL, managed ) Signature Parameter List 3 4 Opcode Instruction 00 nop call 0x nop 2A ret
17 Opcode Opcode Instruction 00 nop call 0x nop 2A ret Format Assembly Format Description 28 < T > call methoddesc Call the method described by methoddesc. The call instruction calls the method indicated by the method descriptor passed with the instruction. The method descriptorisametadatatokenthatindicatesthemethodtocallandthenumber,type,andorderoftheargumentsthat havebeenplacedonthestacktobepassedtothatmethodaswellasthecallingconventiontobeused Easy to patch, we can change the metadata token in order to invoke another method, can be done with an hexadecimal editor. Eg. Convert 0x to 0x PrintHelloWorld to PrintHelloWorld2
18 Easy You said. class Program { static void Main(string[] args) { new PrintLib().PrintHelloWolrd(); } } Table Relation Opcode Instruction 00 nop A newobj0xa A call 0x0A nop 2A ret Icon Source: YouneedtomanipulatethemetadataandnotonlytheILcode What stobedone: 1. AddanentryintheTypeRef 2. AddanentryintheMemberRef 3. ModifytheILCodeofthemainmethod All operations will impact the binary and for sure the PE Header(Section size, directory, RVA )
19 Live Attack Managed EXE static void Main() { Console.WriteLine( Hello ); Console.WriteLine( Goodbye ); } Console static void WriteLine() JITCompiler static void WriteLine(string) JITCompiler MSCore.dll JITCompiler function { 1. In the assembly that implements the type (Console), look up the method (WriteLine) being called in the metadata. 2. From the metadata, get the IL for this method. 3. Allocate a block of memory. 4. Compile the IL into native CPU instructions; the native code is saved in the memory allocated in step Modify the method s entry in the Type s table so that it now points to the memory block allocated in step Jump to the native code contained inside the memory block. } Opcode Instruction 00 nop 17 ldc.i4.1 0A stloc.0 06 ldloc.0 2A ret Native CPU Instructions Icon Source:
20 Live Attack Example public Boolean IsValidPassword(String encryptedpassword) { if (encryptedpassword.equals("ironfzup0rbdw7heucgurg==", StringComparison.InvariantCultureIgnoreCase) == true) { return true; } } return false;.method public hidebysig instance bool IsValidPassword(string encryptedpassword) cil managed // SIG: E { // Method begins at RVA 0x2050 // Code size 31 (0x1f).maxstack 3.locals init ([0] bool CS$1$0000, [1] bool CS$4$0001) IL_0000: /* 00 */ nop IL_0001: /* 03 */ ldarg.1 IL_0002: /* 72 (70) */ ldstr "IRoNFZup0RbDw7heucGuRg==" IL_0007: /* 19 */ ldc.i4.3 IL_0008: /* 6F (0A) */ callvirt instance bool [mscorlib]system.string::equals(string, valuetype [mscorlib]system.stringcomparison) IL_000d: /* 16 */ ldc.i4.0 IL_000e: /* FE01 */ ceq IL_0010: /* 0B */ stloc.1 IL_0011: /* 07 */ ldloc.1 IL_0012: /* 2D 05 */ brtrue.s IL_0019 IL_0014: /* 00 */ nop IL_0015: /* 17 */ ldc.i4.1 IL_0016: /* 0A */ stloc.0 IL_0017: /* 2B 04 */ br.s IL_001d IL_0019: /* 16 */ ldc.i4.0 IL_001a: /* 0A */ stloc.0 IL_001b: /* 2B 00 */ br.s IL_001d IL_001d: /* 06 */ ldloc.0 IL_001e: /* 2A */ ret } // end of method Program::IsValidPassword Opcode Instruction 00 nop 17 ldc.i4.1 0A stloc.0 06 ldloc.0 2A ret
21 Protected Code Obfuscation : In software development, obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. public bool(string) { return.equals(.(195), StringComparison.InvariantCultureIgnoreCase); } VS Icon Source: WhatIhaveseen. Unicode(eg. Vs IsValidPassword) String Encryption(Inject a code for String Decoding Capture via a Library) PE Header Modification (Invalid number of data directories in NT Header!!! or SuppressIldasmAttribute or Multiple#GUID heaps)
22 Avoid bad practice Donotthink.Withthismysoftwareissecured Hashed(MD5, SHA, ) or Algorithm for public-key cryptography(rsa ) Secure transport(https) Obfuscation is my security Weakness arenotintheusageofsuchgoodelementsbuthowyouuseit!!!! Eg.AvoidSimpleTypes ILCodeattack Returnbool eg.checkpassword,isvalidpassword. ReturnString eg.gethash,getencryptedpassword. Eg. Structure Types Inject Assembly with the same signature Return a structure with some authorization Secure{ Int: SessionCount; Int: MaxPlugin; }.
23 Check this out Links Roslyn Project: Microsoft: Books Expert.NET 2.0 IL Assembler- Author: Serge LIDIN CLRviaC#-AuthorJeffreyRichter Tools Microsoft: ILDASM ILSpy: CFF: Reflector: Icon Source: Reflexil: Cecil: DigitalBodyGuard:
24 Questions Icon Source: Tell me and I'll forget; show me and I may remember; involve me and I'll understand.
25 Method ImplFlags Back
26 Method Flags Back
27 String (String Stream) Back
28 Table Relations TypeSpec Table ModuleRef Table TypeRef Table MethodImpl Table TypeDef Table MemberRef Table Method Table Param Table MethodSpec Table Constant Table FieldMarshal Table Back Drawing Source :.NET 2.0 IL Assembler (Serge Lidin) Metadata tables related to method definition and referencing
COPYRIGHTED MATERIAL. Part I The C# Ecosystem. ChapTEr 1: The C# Environment. ChapTEr 2: Writing a First Program
Part I The C# Ecosystem ChapTEr 1: The C# Environment ChapTEr 2: Writing a First Program ChapTEr 3: Program and Code File Structure COPYRIGHTED MATERIAL 1The C# Environment What s in This ChapTEr IL and
More informationBuilding, Packaging, Deploying, and Administering Applications and Types
C02621632.fm Page 33 Thursday, January 12, 2006 3:50 PM Chapter 2 Building, Packaging, Deploying, and Administering Applications and Types In this chapter:.net Framework Deployment Goals......................................
More informationModule Overview. CLR Initialization
CLR Initialization Module Overview CLR Initialization Getting to Main Method PE Layout & CLR Headers Process Initialization & EE Shim EE Startup CLR Artifacts & Loader Heaps The Managed Object Common Slow
More informationNew programming language introduced by Microsoft contained in its.net technology Uses many of the best features of C++, Java, Visual Basic, and other
C#.NET? New programming language introduced by Microsoft contained in its.net technology Uses many of the best features of C++, Java, Visual Basic, and other OO languages. Small learning curve from either
More informationProgram Analysis 2.0. Thomas Ball Microsoft Research
Program Analysis 2.0 Thomas Ball Microsoft Research Program Analysis 1.0 (1999-200?) 1. Legacy focus 2. The static analysis genie 3. Scale via aggressive abstraction 4. The genie out of the bottle false
More informationC++\CLI. Jim Fawcett CSE687-OnLine Object Oriented Design Summer 2017
C++\CLI Jim Fawcett CSE687-OnLine Object Oriented Design Summer 2017 Comparison of Object Models Standard C++ Object Model All objects share a rich memory model: Static, stack, and heap Rich object life-time
More informationChapter 1: A First Program Using C#
Chapter 1: A First Program Using C# Programming Computer program A set of instructions that tells a computer what to do Also called software Software comes in two broad categories System software Application
More informationChapter 1 Getting Started
Chapter 1 Getting Started The C# class Just like all object oriented programming languages, C# supports the concept of a class. A class is a little like a data structure in that it aggregates different
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationPES INSTITUTE OF TECHNOLOGY
Seventh Semester B.E. IA Test-I, 2014 USN 1 P E I S PES INSTITUTE OF TECHNOLOGY C# solution set for T1 Answer any 5 of the Following Questions 1) What is.net? With a neat diagram explain the important
More informationvtuplanet.com C#Programming with.net C# Programming With.NET (06CS/IS761)
C# Programming With.NET (06CS/IS761) Chapter wise questions and Answers appeared in previous years: UNIT I: 1 Philosophy of the.net What are the building blocks of.net platform? Give the relationship between.net
More informationDAD Lab. 1 Introduc7on to C#
DAD 2017-18 Lab. 1 Introduc7on to C# Summary 1..NET Framework Architecture 2. C# Language Syntax C# vs. Java vs C++ 3. IDE: MS Visual Studio Tools Console and WinForm Applica7ons 1..NET Framework Introduc7on
More informationCIL Programming: Under the Hood of.net JASON BOCK
CIL Programming: Under the Hood of.net JASON BOCK CIL Programming: Under the Hood of.net Copyright 2002 by Jason Bock All rights reserved. No part of this work may be reproduced or transmitted in any form
More informationPE File Browser. by Software Verify
PE File Browser by Software Verify Copyright Software Verify Limited (c) 2017 PE File Browser PE File contents inspector by Software Verification Welcome to the PE File Browser software tool. PE File Browser
More informationPESIT Bangalore South Campus Hosur road, 1km before Electronic City, Bengaluru -100 Department of Computer Science And Engineering
INTERNAL ASSESSMENT TEST 1 Date : 19 08 2015 Max Marks : 50 Subject & Code : C# Programming and.net & 10CS761 Section : VII CSE A & C Name of faculty : Mrs. Shubha Raj K B Time : 11.30 to 1PM 1. a What
More informationVisual Studio.NET.NET Framework. Web Services Web Forms Windows Forms. Data and XML classes. Framework Base Classes. Common Language Runtime
Intro C# Intro C# 1 Microsoft's.NET platform and Framework.NET Enterprise Servers Visual Studio.NET.NET Framework.NET Building Block Services Operating system on servers, desktop, and devices Web Services
More informationIntroduction to.net. What is.net?
Introduction to.net What is.net? Microsoft s vision of the future of applications in the Internet age Increased robustness over classic Windows apps New programming platform Built for the web.net is a
More informationA CLR Back-end for a FLOSS Eiffel
Final Year Project Final Report A thesis submitted in part fulfilment of the degree of BSc. (Hons.) in Computer Science with the supervision of Dr. Joseph Kiniry and moderated by Dr. Michael Walsh. School
More informationShort Notes of CS201
#includes: Short Notes of CS201 The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with < and > if the file is a system
More informationPART I. LINQ Essentials. CHAPTER 1 Introducing LINQ CHAPTER 2 Using LINQ to Objects CHAPTER 3 Handling LINQ to SQL with Visual Studio
PART I LINQ Essentials CHAPTER 1 Introducing LINQ CHAPTER 2 Using LINQ to Objects CHAPTER 3 Handling LINQ to SQL with Visual Studio CHAPTER 1 Introducing LINQ 4 P a r t I : L I N Q E s s e n t i a l s
More informationSelf-contained CLI Assemblies
Self-contained CLI Assemblies Bernhard Rabe Haso-Plattner-Institute, University of Potsdam P.O. Box 90 04 60 14440 Potsdam, Germany bernhard.rabe@hpi.uni-potsdam.de ABSTRACT High-level programming languages
More informationCS201 - Introduction to Programming Glossary By
CS201 - Introduction to Programming Glossary By #include : The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with
More informationINTERNAL ASSESSMENT TEST 1 ANSWER KEY
INTERNAL ASSESSMENT TEST 1 ANSWER KEY Subject & Code: C# Programming and.net-101s761 Name of the faculty: Ms. Pragya Q.No Questions 1 a) What is an assembly? Explain each component of an assembly. Answers:-
More informationException handling: from ICode to CIL
Exception handling: from ICode to CIL c Miguel Garcia, LAMP, École Polytechnique Fédérale de Lausanne (EPFL) http://lamp.epfl.ch/~magarcia May 9 th, 2010 Contents 1 Static semantics of Exception Handling
More informationModule 2: Introduction to a Managed Execution Environment
Module 2: Introduction to a Managed Execution Environment Contents Overview 1 Writing a.net Application 2 Compiling and Running a.net Application 11 Lab 2: Building a Simple.NET Application 29 Review 32
More informationVirtual Machine Tutorial
Virtual Machine Tutorial CSA2201 Compiler Techniques Gordon Mangion Virtual Machine A software implementation of a computing environment in which an operating system or program can be installed and run.
More informationStatic Analysis I PAOLO PALUMBO, F-SECURE CORPORATION
Static Analysis I PAOLO PALUMBO, F-SECURE CORPORATION Representing Data Binary numbers 1 0 1 1 NIBBLE 0xB 1 0 1 1 1 1 0 1 0xBD 1 0 1 1 1 1 0 1 0 0 1 1 1 0 0 1 BYTE WORD 0xBD 0x39 Endianness c9 33 41 03
More informationC#.Net. Course Contents. Course contents VT BizTalk. No exam, but laborations
, 1 C#.Net VT 2009 Course Contents C# 6 hp approx. BizTalk 1,5 hp approx. No exam, but laborations Course contents Architecture Visual Studio Syntax Classes Forms Class Libraries Inheritance Other C# essentials
More informationUNIT-1 The Philosophy of.net
1 UNIT-1 The Philosophy of.net Understanding the Previous State of Affairs Life As a C/Win32 API Programmer: Developing software for the Windows family of operating systems involved using the C programming
More informationIntroduction to Java. Handout-1d. cs402 - Spring
Introduction to Java Handout-1d cs402 - Spring 2003 1 Methods (i) Method is the OOP name for function Must be declared always within a class optaccessqualifier returntype methodname ( optargumentlist )
More informationDLL Injection A DA M F U R M A N EK KON TA MF URMANEK. PL HT T P :/ /BLOG. A DAMF URM ANEK.PL
DLL Injection ADAM FURMANEK KONTAKT@ADAMFURMANEK.PL HT TP://BLOG.ADAMFURMANEK.PL Agenda What and Why Preliminaries How + Demos Summary 5/9/2018 5:24:18 PM ADAM FURMANEK DLL INJECTION 2 What and Why 5/9/2018
More informationObject Oriented Programming: In this course we began an introduction to programming from an object-oriented approach.
CMSC 131: Chapter 28 Final Review: What you learned this semester The Big Picture Object Oriented Programming: In this course we began an introduction to programming from an object-oriented approach. Java
More informationCS 231 Data Structures and Algorithms, Fall 2016
CS 231 Data Structures and Algorithms, Fall 2016 Dr. Bruce A. Maxwell Department of Computer Science Colby College Course Description Focuses on the common structures used to store data and the standard
More informationPortable Executable format, TitaniumCore report and packers. Katja Pericin
Portable Executable format, TitaniumCore report and packers Katja Pericin Portable Executable format 3/21/2018 2 Introduction file? operating system abstraction for a data container segment(s) of physical
More informationProf. Dr. Hanspeter Mössenböck Institute for System Software Johannes Kepler University Linz
Overview of.net Prof. Dr. Hanspeter Mössenböck Institute for System Software Johannes Kepler University Linz University of Linz, Institute for System Software, 2004 published under the Microsoft Curriculum
More informationThe X86 Assembly Language Instruction Nop Means
The X86 Assembly Language Instruction Nop Means As little as 1 CPU cycle is "wasted" to execute a NOP instruction (the exact and other "assembly tricks", as explained also in this thread on Programmers.
More informationChapter 12 Microsoft Assemblies. Software Architecture Microsoft Assemblies 1
Chapter 12 Microsoft Assemblies 1 Process Phases Discussed in This Chapter Requirements Analysis Design Framework Architecture Detailed Design Key: x = main emphasis x = secondary emphasis Implementation
More informationMiguel de Icaza. VP Developer Platform Novell, Inc.
Miguel de Icaza VP Developer Platform Novell, Inc. Just released! Server Client Third Party ASP.NET Gtk# Windows.Forms Apache and FastCGI Gdk# Mono.Cairo System.Data SQL Server Cocoa# Pango# Infrastructure
More informationLecture 1 - Introduction (Class Notes)
Lecture 1 - Introduction (Class Notes) Outline: How does a computer work? Very brief! What is programming? The evolution of programming languages Generations of programming languages Compiled vs. Interpreted
More informationCS266 Software Reverse Engineering (SRE) Reversing and Patching Wintel Machine Code
CS266 Software Reverse Engineering (SRE) Reversing and Patching Wintel Machine Code Teodoro (Ted) Cipresso, teodoro.cipresso@sjsu.edu Department of Computer Science San José State University Spring 2015
More informationMaster Thesis 60 credits
UNIVERSITY OF OSLO Department of informatics Analysis of Obfuscated CIL code Master Thesis 60 credits Linn Marie Frydenberg 1st August 2006 - 1 - Preface This master thesis is the result of one year s
More informationLearn C# Errata. 3-9 The Nullable Types The Assignment Operators
1 The following pages show errors from the original edition, published in July 2008, corrected in red. Future editions of this book will be printed with these corrections. We apologize for any inconvenience
More informationUNPACK YOUR TROUBLES:.NET PACKER TRICKS AND COUNTERMEASURES. Marcin Hartung ESET, Poland
UNPACK YOUR TROUBLES:.NET PACKER TRICKS AND COUNTERMEASURES Marcin Hartung ESET, Poland Marcin Hartung hartung@eset.pl Eset Poland UNPACK YOUR TROUBLES:.NET PACKER TRICKS AND COUNTERMEASURES At Eset: programmer
More informationAutomatic Code Features Extraction Using Bio-inspired Algorithms
Automatic Code Features Extraction Using Bio-inspired Algorithms EICAR 2013 Ciprian Oprișa, George Cabău and Adrian Coleșa Bitdefender, Technical University of Cluj-Napoca November 18, 2013 Agenda 1 Introduction
More informationCSE P 501 Compilers. Java Implementation JVMs, JITs &c Hal Perkins Winter /11/ Hal Perkins & UW CSE V-1
CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Winter 2008 3/11/2008 2002-08 Hal Perkins & UW CSE V-1 Agenda Java virtual machine architecture.class files Class loading Execution engines
More informationDC69 C# &.NET DEC 2015
Q.2 a. Briefly explain the advantage of framework base classes in.net. (5).NET supplies a library of base classes that we can use to implement applications quickly. We can use them by simply instantiating
More informationImplementing an ADT with a Class
Implementing an ADT with a Class the header file contains the class definition the source code file normally contains the class s method definitions when using Visual C++ 2012, the source code and the
More informationMIPS Procedure Calls. Lecture 6 CS301
MIPS Procedure Calls Lecture 6 CS301 Function Call Steps Place parameters in accessible location Transfer control to function Acquire storage for procedure variables Perform calculations in function Place
More informationAnnouncements. Class 7: Intro to SRC Simulator Procedure Calls HLL -> Assembly. Agenda. SRC Procedure Calls. SRC Memory Layout. High Level Program
Fall 2006 CS333: Computer Architecture University of Virginia Computer Science Michele Co Announcements Class 7: Intro to SRC Simulator Procedure Calls HLL -> Assembly Homework #2 Due next Wednesday, Sept.
More informationLecture 14. System Integrity Services Obfuscation
Lecture 14 System Integrity Services Obfuscation OS independent integrity checking Observation Majority of critical server vulnerabilities are memory based Modern anti-virus software must scan memory Modern
More informationFlare- On 4: Challenge 6 Solution payload.dll
Flare- On 4: Challenge 6 Solution payload.dll Challenge Author: Jon Erickson (@2130706433) In this challenge, users were given a 64bit Windows DLL. The point of this challenge was to illustrate a trick
More informationObject-oriented mutation applied in Common Intermediate Language programs originated from C#
Object-oriented mutation applied in Common Intermediate Language programs originated from C# Anna Derezińska, Karol Kowalski Institute of Computer Science Warsaw University of Technology www.ii.pw.edu.pl/~adr/
More informationOutline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring
Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,
More informationInterview Questions of C++
Interview Questions of C++ Q-1 What is the full form of OOPS? Ans: Object Oriented Programming System. Q-2 What is a class? Ans: Class is a blue print which reflects the entities attributes and actions.
More informationThe Microsoft.NET Framework
Microsoft Visual Studio 2005/2008 and the.net Framework The Microsoft.NET Framework The Common Language Runtime Common Language Specification Programming Languages C#, Visual Basic, C++, lots of others
More informationC# Programming for Developers Course Labs Contents
C# Programming for Developers Course Labs Contents C# Programming for Developers...1 Course Labs Contents...1 Introduction to C#...3 Aims...3 Your First C# Program...3 C# The Basics...5 The Aims...5 Declaring
More informationLec 3. Compilers, Debugging, Hello World, and Variables
Lec 3 Compilers, Debugging, Hello World, and Variables Announcements First book reading due tonight at midnight Complete 80% of all activities to get 100% HW1 due Saturday at midnight Lab hours posted
More informationChapter 4 Defining Classes I
Chapter 4 Defining Classes I This chapter introduces the idea that students can create their own classes and therefore their own objects. Introduced is the idea of methods and instance variables as the
More informationComputer Components. Software{ User Programs. Operating System. Hardware
Computer Components Software{ User Programs Operating System Hardware What are Programs? Programs provide instructions for computers Similar to giving directions to a person who is trying to get from point
More informationCS 550 Operating Systems Spring Process I
CS 550 Operating Systems Spring 2018 Process I 1 Process Informal definition: A process is a program in execution. Process is not the same as a program. Program is a passive entity stored in the disk Process
More informationReversing.NET. Part III Advanced Patching
Reversing.NET Part III Advanced Patching By Kwazy Webbit [RETeam] November, 2005 Introduction The time has come to leave the baby steps behind and get busy with some more complicated (and thus realistic)
More informationAgenda. CSE P 501 Compilers. Java Implementation Overview. JVM Architecture. JVM Runtime Data Areas (1) JVM Data Types. CSE P 501 Su04 T-1
Agenda CSE P 501 Compilers Java Implementation JVMs, JITs &c Hal Perkins Summer 2004 Java virtual machine architecture.class files Class loading Execution engines Interpreters & JITs various strategies
More informationC# Syllabus. MS.NET Framework Introduction
C# Syllabus MS.NET Framework Introduction The.NET Framework - an Overview Framework Components Framework Versions Types of Applications which can be developed using MS.NET MS.NET Base Class Library MS.NET
More informationAssemblies. necessary and sufficient to make that file self describing. This unit is called Assembly.
Assemblies Any.NET application written by a developer may be a component that is designed to provide some service to other applications or itself a main application. In both cases when that.net application
More informationClasses and Objects 3/28/2017. How can multiple methods within a Java class read and write the same variable?
Peer Instruction 8 Classes and Objects How can multiple methods within a Java class read and write the same variable? A. Allow one method to reference a local variable of the other B. Declare a variable
More informationUNIT I INTRODUCTION TO C#
UNIT I INTRODUCTION TO C# Syllabus: Introducing C#, Understanding.NET, Overview of C#, Literals, Variables, Data Types, Operators, Expressions, Branching, Looping, Methods, Arrays, Strings, Structures,
More informationEEE-425 Programming Languages (2013) 1
2 Computer programming: creating a sequence of instructions to enable the computer to do something Programmers do not use machine language when creating computer programs. Instead, programmers tend to
More informationChapter 6 Introduction to Defining Classes
Introduction to Defining Classes Fundamentals of Java: AP Computer Science Essentials, 4th Edition 1 Objectives Design and implement a simple class from user requirements. Organize a program in terms of
More informationECE 471 Embedded Systems Lecture 4
ECE 471 Embedded Systems Lecture 4 Vince Weaver http://www.eece.maine.edu/ vweaver vincent.weaver@maine.edu 12 September 2013 Announcements HW#1 will be posted later today For next class, at least skim
More informationMicrosoft..NET Framework. Overview
Microsoft.NET Framework Overview .NET Enterprise Vision Users Any device, Any place, Any time XML Web Services Scheduling Authentication Integrate business applications and processes Notification Back
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.
More informationContents. 2 Undocumented PECOFF
2 Undocumented PECOFF Contents Overview... 3 Introduction... 4 Malformations... 4 DOS & PE Header... 4 Self-destructing PE header... 5 Dual PE header... 5 Writable PE header... 6 Section number limits...
More informationGraph-Based Semantics of the.net Intermediate Language
University of Twente Faculty of Electrical Engineering, Mathematics & Computer Science Formal Methods and Tools Graph-Based Semantics of the.net Intermediate Language by N.B.H. Sombekke May, 2007 Graduation
More informationJava Internals. Frank Yellin Tim Lindholm JavaSoft
Java Internals Frank Yellin Tim Lindholm JavaSoft About This Talk The JavaSoft implementation of the Java Virtual Machine (JDK 1.0.2) Some companies have tweaked our implementation Alternative implementations
More informationIL Assembler Today and Tomorrow. Serge Lidin (Microsoft)
IL Assembler Today and Tomorrow Serge Lidin (Microsoft) Agenda IL Assembler Technology Overview Unique positioning of IL Assembler Compilers Employing IL Assembler Build Environments Employing IL Assembler
More informationECE 498 Linux Assembly Language Lecture 1
ECE 498 Linux Assembly Language Lecture 1 Vince Weaver http://www.eece.maine.edu/ vweaver vincent.weaver@maine.edu 13 November 2012 Assembly Language: What s it good for? Understanding at a low-level what
More informationChapter 12: How to Create and Use Classes
CIS 260 C# Chapter 12: How to Create and Use Classes 1. An Introduction to Classes 1.1. How classes can be used to structure an application A class is a template to define objects with their properties
More informationIntroduction to Java
Introduction to Java Module 1: Getting started, Java Basics 22/01/2010 Prepared by Chris Panayiotou for EPL 233 1 Lab Objectives o Objective: Learn how to write, compile and execute HelloWorld.java Learn
More informationCS453 CLASSES, VARIABLES, ASSIGNMENTS
CS453 CLASSES, VARIABLES, ASSIGNMENTS CS453 Lecture Code Generation for Classes 1 PA6 new in MeggyJava member / instance variables local variables assignments let s go check out the new MeggyJava grammar
More informationLecture 2, September 4
Lecture 2, September 4 Intro to C/C++ Instructor: Prashant Shenoy, TA: Shashi Singh 1 Introduction C++ is an object-oriented language and is one of the most frequently used languages for development due
More informationCS2141 Software Development using C/C++ C++ Basics
CS2141 Software Development using C/C++ C++ Basics Integers Basic Types Can be short, long, or just plain int C++ does not define the size of them other than short
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationMemory, Data, & Addressing I
Memory, Data, & Addressing I CSE 351 Autumn 2017 Instructor: Justin Hsia Teaching Assistants: Lucas Wotton Michael Zhang Parker DeWilde Ryan Wong Sam Gehman Sam Wolfson Savanna Yee Vinny Palaniappan http://xkcd.com/953/
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationSerge Lidin..NET IL Assembler
Serge Lidin.NET IL Assembler .NET IL Assembler Copyright 2014 by Serge Lidin This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned,
More informationOverview of C++ Support in TI Compiler Tools July 2008
Overview of C++ Support in TI Compiler Tools July 2008 1 Table of Contents 1 Table of Contents... 1 2 Introduction... 1 3 Support for the Language... 1 4 Embedded C++... 1 5 Some Comments on Efficiency...
More informationObject Oriented Programming in C#
Introduction to Object Oriented Programming in C# Class and Object 1 You will be able to: Objectives 1. Write a simple class definition in C#. 2. Control access to the methods and data in a class. 3. Create
More informationLab 1: First Steps in C++ - Eclipse
Lab 1: First Steps in C++ - Eclipse Step Zero: Select workspace 1. Upon launching eclipse, we are ask to chose a workspace: 2. We select a new workspace directory (e.g., C:\Courses ): 3. We accept the
More informationUNIT I An overview of Programming models Programmers Perspective
UNIT I An overview of Programming models Programmers Perspective 1. C/Win32 API Programmer It is complex C is short/abrupt language Manual Memory Management, Ugly Pointer arithmetic, ugly syntactic constructs
More informationM4.1-R4: APPLICATION OF.NET TECHNOLOGY
M4.1-R4: APPLICATION OF.NET TECHNOLOGY NOTE: 1. There are TWO PARTS in this Module/Paper. PART ONE contains FOUR questions and PART TWO contains FIVE questions. 2. PART ONE is to be answered in the OMR
More informationHardware: Logical View
Hardware: Logical View CPU Memory Bus Disks Net USB Etc. 1 Hardware: Physical View USB I/O controller Storage connections CPU Memory 2 Hardware: 351 View (version 0) instructions? Memory CPU data CPU executes
More informationT Reverse Engineering Malware: Static Analysis I
T-110.6220 Reverse Engineering Malware: Static Analysis I Antti Tikkanen, F-Secure Corporation Protecting the irreplaceable f-secure.com Representing Data 2 Binary Numbers 1 0 1 1 Nibble B 1 0 1 1 1 1
More informationComputers and Programming Section 450. Lab #1 C# Basic. Student ID Name Signature
Lab #1 C# Basic Sheet s Owner Student ID Name Signature Group partner 1. Identifier Naming Rules in C# A name must consist of only letters (A Z,a z), digits (0 9), or underscores ( ) The first character
More information.NET CLR Framework. Unmanaged Hosts - Assembly Access
Unmanaged Hosts - Assembly Access ptrex 8/08/2017 WHAT : is.net Common Language Runtime (CLR) Framework The Common Language Runtime (CLR) is a an Execution Environment. Common Language Runtime (CLR)'s
More informationAppendix G: Writing Managed C++ Code for the.net Framework
Appendix G: Writing Managed C++ Code for the.net Framework What Is.NET?.NET is a powerful object-oriented computing platform designed by Microsoft. In addition to providing traditional software development
More informationFunction Overloading
Function Overloading C++ supports writing more than one function with the same name but different argument lists How does the compiler know which one the programmer is calling? They have different signatures
More informationUnit 4: Classes and Objects Notes
Unit 4: Classes and Objects Notes AP CS A Another Data Type. So far, we have used two types of primitive variables: ints and doubles. Another data type is the boolean data type. Variables of type boolean
More informationthe gamedesigninitiative at cornell university Lecture 6 C++: Basics
Lecture 6 C++: Basics So You Think You Know C++ Most of you are experienced Java programmers Both in 2110 and several upper-level courses If you saw C++, was likely in a systems course Java was based on
More informationBuilding non-windows applications (programs that only output to the command line and contain no GUI components).
C# and.net (1) Acknowledgements and copyrights: these slides are a result of combination of notes and slides with contributions from: Michael Kiffer, Arthur Bernstein, Philip Lewis, Hanspeter Mφssenbφck,
More informationMicrosoft Symbol and Type Information
ii Formats Specification for Windows Tool Interface Standards (TIS) Table of Contents 1. Symbol and Type Information... 1 1.1. Logical Segments...1 1.2. Lexical Scope Linkage...1 1.3. Numeric Leaves...2
More information