Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

dnSpy v5.0 releases: .NET assembly editor, decompiler, and debugger


dnSpy is a tool to reverse engineer .NET assemblies. It includes a decompiler, a debugger and an assembly editor (and more) and can be easily extended by writing your own extension. It uses dnlib to read and write assemblies so it can handle obfuscated assemblies (eg. malware) without crashing.

  • Open Source (GPLv3) and Free Forever (:TM:)
  • Assembly Editor
    • Use C# or Visual Basic to edit any method, property and event
    • Code editor has IntelliSense (code completion, signature help, quick info)
    • Whole classes can be added to assemblies by adding C# and Visual Basic code
    • Edit all metadata of types (classes), methods, properties, events, fields
    • Add, remove, rename any type (class), method, property, event, field
    • Edit, add, remove .NET resources and save them to disk
    • The IL editor allows editing method bodies at the IL level: IL instructions, locals, exception handlers
  • Debugger
    • Debug any .NET assembly, no source code required
    • Set breakpoints in any assembly, including framework assemblies, assemblies in the GAC and assemblies existing only in memory
    • Memory window
    • Output window
    • Attach to process
    • Locals window
      • raw contents of locals (eg. decrypted byte arrays) can be saved to disk
    • Call Stack window
    • Threads window
    • Modules window
      • Modules (eg. decrypted in-memory modules) can be saved to disk
    • Exception Settings
    • Can debug dynamic assemblies
    • Debugging CoreCLR assemblies is supported
  • Decompile to C#, Visual Basic, IL
  • Themes: blue, dark, light (and high contrast)
  • Supports smaller screens (eg. laptops)
    • Line height can be optimized for smaller screens
      • Blank and non-alphanumeric lines are 75% the normal height
      • No extra spacing between lines (saves 1 vertical pixel per line)
    • Menu and toolbar share the same line
    • Full screen mode (Shift+Alt+Enter) saves some vertical pixels
  • High DPI support and per-monitor DPI-aware
  • Translated to several languages
  • Highly extensible
    • Write your own extensions and add your own features
    • All major features are already extensions (assembly editor, debugger, decompiler)
  • Multiple tabs and tab groups
    • Your screen is too big? Don’t cut it in half, add another vertical tab group and read two classes at once!
    • The tabs and positions within the text editors are saved when you close dnSpy and restored at startup so you can continue where you left off
  • Search assemblies
    • Search for types (classes), methods, properties, events, fields
    • Search for strings or numbers in code
  • Assembly analyzer
    • Find usages of types (classes), methods, properties, events, fields
  • BAML to XAML decompiler
  • Fast
  • Highlighted references, keywords
    • References under the caret are highlighted to make it easier to see all uses of the reference in the code
    • Tab, Shift+Tab, Ctrl+Shift+Up, Ctrl+Shift+Down moves to the next or previous reference
    • Alt+Down and Alt+Up moves to the next or previous definition (type (class), method, property, event, field)
  • Structure visualizer
    • Vertical guide lines shown between start and end of code blocks
    • Different colors are used for different blocks, eg. loop, conditional, method, etc
  • dnlib is used to read and write assemblies so it can handle obfuscated code (eg. malware) without crashing
  • Go to commands:
    • Entry point
    • Assembly static initialization method (<Module>..cctor)
    • Any metadata token
    • Any metadata row
  • Syntax highlighted tooltips with XML doc comments when hovering over a type (class), method, property, event, field
  • Methods, properties and events are decompiled in source code order or a custom user-defined order
    • Source code order means that related methods are usually next to each other, just like the programmer wanted
  • Background images can be shown in the text editor
  • Export to project decompiles all selected assemblies and creates a Visual Studio solution
    • Multiple assemblies can be exported at the same time
    • Creates a Visual Studio solution (supports VS2005 – VS-latest) and project files
    • Supports WinForms and WPF classes (creates a code-behind .cs/.vb file and a WinForms .resx / WPF .xaml file)
    • Converts .NET resources to .resx files
  • Open from GAC
  • Command line decompiler
    • Supports Windows, Linux and Mac
    • Syntax highlights output to the screen
  • Scripting with C# REPL
    • Call public dnSpy methods from scripts
    • Script the debugger and other extensions
  • Hex editor
  • Method tokens and addresses are shown in comments and can be clicked to go to the raw metadata or IL bytes
  • Metadata editor
  • Collapse Assembly Explorer nodes command to quickly collapse unused nodes
  • And more…

Copyright (C) 0xd4d

Source: https://github.com/0xd4d/

Updated: September 22, 2018 — 3:37 pm

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar