请问大神.NET查壳工具都有哪些?
已知的有DotNet Id 除了这个还有别的吗?脱MAXTOCODE发现是双壳。脱掉第一层还有一层,DotNet Id检测没壳了,但是反编译还是加密状态.
用PEiD查壳,用OD脱壳
ScanID算不算?
DotNet Id 再也不支持了
帮忙看看这个.net加密的是什么壳,查不出来
.NET Reactor混淆,用de4dot反混淆
.net软件用ScanId来查
一个用.net写的抢购软件,加壳了
首先确定是.net写的,需要4.0框架,用DotNet Id.exe查壳
然后用de4dot-v3.1.41592.3405 脱不了 然后用dnSpy查看
双壳 themida/WinLicense + NetReactor
脱壳很简单了。关键是Dump.
你的贱手足够快之外,还要有点小窃门。 Dump后,直接De4dot。清爽无比。
[PEtools] 【搬运】Protection ID多功能查壳工具
Protection ID 是一款国外的多功能查壳工具软件,其主要功能就是可以用来扫描程序查看是否加壳以及PE信息、扫描加密光盘等功能。
Protection ID功能-
- -PC游戏应用程序保护检测
- -目前涵盖573项检测,其中包括Win32位/64位程序的文件保护和壳以及.NET、加密狗等
- -扫描加密CD/DVD光盘
- -支持拖放
- -强大的扫描引擎可以检测多个保护
- -支持资源管理器菜单
- -额外的工具扩展
- -完全兼容32位和64位
总结
PEiD
https://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml
PEiD(PE Identifier)是一款著名的查壳工具,其功能强大,几乎可以侦测出所有的壳,其数量已超过470 种PE 文档 的类型和签名。
There are many .Net code protection alternative, that obfuscate the IL codes so that they are not that much exposed to IL disassembler application.
- .Net Reactor
- Themida
- SmartAssembly
- the list is huge . . .
many of the protector modify the Exe (PE Header info), .Net exe contains some extra MetaData that helps disassembler to identify it.
Download this little application it may tell you a little more about the exe.
Download
PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files – its detection rate is higher than that of other similar tools since the app packs more than 600 different signatures in PE files.
PEiD comes with three different scanning methods, each suitable for a distinct purpose. The Normal one scans the user-specified PE file at its Entry Point for all its included signatures. The so-called Deep Mode comes with increased detection ratio since it scans the file's Entry Point containing section, whereas the Hardcore mode scans the entire file for all the documented signatures.
My best guess the assembly you are looking for is Protected by .Net Reactor or Themida
[.NET] ScanId .Net下混淆识别器