Very useful, it'll help me for a lot of practical application for real or near real cases. I like your english, it's cute) How did you know all of this stuff? Just reading the docs?
Great and informative video! Thank you! Interested in the dynamic binary instrumentation you have mentioned, any plans to work on a video on that? will you recommend IDA+tools(e.g. triton) or Frida especially for native binaries?
There is no documentation for dnSpy/dnSpyEx unfortunately. The developer has so much to do with developing it and it is almost impossible to cover all its capabilities and features in docs. I am always trying to catch here some cool tricks but for common usage I would recommend to download it and play with it as this tool is really greatly developed and very intuitive to use it should not be so hard 🙂 If you would have some question you really need to know answer for, you can contact me on twitter I will try to help. twitter.com/vinopaljiri
@@DuMpGuYTrIcKsTeR You are very kind. I really appreciate your help. I am going to continue with my studies and when I have questions on the subject I write to you.
6.1.8 is latest one. newer is DnSpyEx and I recommend it for future. Got to tab debug-windows, there should be module breakpoints window and like 3 others windows possible...Other windows (like memory view, stacks etc..) are unfortunately in debug-window option after you start debugging some program (there will show up in the window options) - > after that if you show these windows, next time there will be already preset... Hope this will help you if not reach me here or on twitter.
Quick one pls, I have dnspy 6.1.8 however I don't have the callstack, memory, modules... Windows. Not found in window, debug or view menu. I only have breakpoints, module breakpoint, output and c# interactive. Can you please advise. Finally many thanks for the great videos
You are welcomed. Funny thing just few comments below somebody asked the same thing 😁6.1.8 is latest original dnspy. But there is also newer DnSpyEx (revival) and I recommend it for future trust me. So Go to tab debug-windows, there should be module breakpoints window and like 3 others windows possible...Other windows (like memory view, stacks etc..) are unfortunately in debug-window option after you start debugging some program (there will show up in the window options) - > after that if you choose to show these windows, next time there will be already preset... Hope this will help you if not reach me here or on twitter.
@@DuMpGuYTrIcKsTeR awesome thanks, did what you advised and got sorted. Would humbly request if you do a series of .net malware analysis from beginners to advanced where u can includ this video. I have short cut that uses zsync.exe and xsl config file that does anti debugging techniques before it runs otherwise it sleeps. I did what u suggested till i got it to work to a point where a cmd just loads and stays there and not able to continue because the continue button grayed out and takes long time like this till I terminate it otherwise will stay like this
No you can't do that in dnspy neither in ilspy. But I am using free tool Telerik JustAssembly for that - www.telerik.com/justassembly Another option is to decompile the assembly to project, either in Ilspy or dnspy and use some code/text based diff tool like winmerge etc.
you were talking about evading anti-vm checks with bare metal analysis setup --- could you please give me a quick shot how to make quick setup ?? and minimum required hardware ? and if this the only way to defeat anti-vm except patching manually ??
Well OK, if you want to get low cost bare metal setup you can just buy very fast USB Flash drive or external SSD and install Windows To Go on it and later all tools you need..After that create backup image with tools like FTK Imager.. Smaller the storage will be, faster you will restore backup image after infection..
There are also another approaches to avoid detection.. Yes manual program patching is the best.. But there are also already created scripts modifying VM's Virtualbox, vmware, trying to patch common things which are checked with Malware.. These VM's are later good to use only for like remote debugging etc.. as one of the first condition is to Not having install VMtools.. Like I mean example. Virtualbox additions.
Previous main developer archived the dnspy but right after that new very great developer created a revival version called dnSpyEx. And it's really really great, so many improvements and new features, and the dev is such a cool and smart guy😊 I am using now only the dnSpyEx:github.com/dnSpyEx/dnSpy
@@ginebro1930 Oh many, first of all console version of dnspy is workable now, pushing dependencies to more up to date framework - less bugs, more features... The dev is also making better other repos, dnspy is using... Also updates to ILspy decompiler, dnspy is using, so better decompilation results, also IL view with more info and better results... The best feature that could be available one downloads it from builds ( github.com/dnSpyEx/dnSpy/actions/runs/3777467345 ) and not releases is probably the possibility to see static fields in new window ( twitter.com/vinopaljiri/status/1591879453063479301 )... Thats probably revolution 🙂 But again there are too many changes and you should check the changelog in releases, the dev is fuck*ng awesome 😁
Wondering if you could help me please. I created a simple mod menu using DnSpy but I am unable to change the font size of the words on the menu buttons. Could you tell me what I need to type to do that? Here is a sample of my code } if (GuiFrontend.modmenu1) { GuiFrontend.string1 = "G O D M O D E ON"; GuiFrontend.modmenu1 = false; } else { GuiFrontend.string1 = "G O D M O D E OFF"; GuiFrontend.modmenu1 = true; }
![Powershell and DnSpy tricks in .NET reversing - AgentTesla [Part1]](http://i.ytimg.com/vi/hxaeWyK8gMI/mqdefault.jpg)
Very informative, I am analyzing a malicious .NET binary. This video helped me a lot. Thank you.
This was insanely useful, thank you!
Thanks mate, you introduce lots of functions I have never known.
Thank you 🙏Glad you like it🤗
Very useful, it'll help me for a lot of practical application for real or near real cases. I like your english, it's cute)
How did you know all of this stuff? Just reading the docs?
Awesome video and very helpful. Do you have any references how "Conditional Expression" is used? I would like to know more about this.
Thank you :) No man unfortunately I could not find any so at least I created this intro to it. :) sorry
@@DuMpGuYTrIcKsTeR No problem. Love your videos. Keep it up!
Great and informative video! Thank you! Interested in the dynamic binary instrumentation you have mentioned, any plans to work on a video on that? will you recommend IDA+tools(e.g. triton) or Frida especially for native binaries?
i'm new to work with binary instrumentation ... do you recommend any starting point ?
Thank you for sharing knowledge. Where I can find more information about this tool. On github there is no or at least I have not seen documentation.
There is no documentation for dnSpy/dnSpyEx unfortunately. The developer has so much to do with developing it and it is almost impossible to cover all its capabilities and features in docs. I am always trying to catch here some cool tricks but for common usage I would recommend to download it and play with it as this tool is really greatly developed and very intuitive to use it should not be so hard 🙂 If you would have some question you really need to know answer for, you can contact me on twitter I will try to help. twitter.com/vinopaljiri
@@DuMpGuYTrIcKsTeR You are very kind. I really appreciate your help. I am going to continue with my studies and when I have questions on the subject I write to you.
@@Stack28x3 You are always welcomed 💙
Awesome video, but my version of DNspy is 6.1.8, and I do not have the module breakpoint, memory, or get stacks options in my debug dropdown?
6.1.8 is latest one. newer is DnSpyEx and I recommend it for future. Got to tab debug-windows, there should be module breakpoints window and like 3 others windows possible...Other windows (like memory view, stacks etc..) are unfortunately in debug-window option after you start debugging some program (there will show up in the window options) - > after that if you show these windows, next time there will be already preset... Hope this will help you if not reach me here or on twitter.
@DuMp-GuY TrIcKsTeR thank you for the quick reply. You are correct, I needed to start the debugger befor the other options are available.
Quick one pls, I have dnspy 6.1.8 however I don't have the callstack, memory, modules... Windows. Not found in window, debug or view menu.
I only have breakpoints, module breakpoint, output and c# interactive.
Can you please advise.
Finally many thanks for the great videos
You are welcomed. Funny thing just few comments below somebody asked the same thing 😁6.1.8 is latest original dnspy. But there is also newer DnSpyEx (revival) and I recommend it for future trust me. So Go to tab debug-windows, there should be module breakpoints window and like 3 others windows possible...Other windows (like memory view, stacks etc..) are unfortunately in debug-window option after you start debugging some program (there will show up in the window options) - > after that if you choose to show these windows, next time there will be already preset... Hope this will help you if not reach me here or on twitter.
@@DuMpGuYTrIcKsTeR awesome thanks, did what you advised and got sorted.
Would humbly request if you do a series of .net malware analysis from beginners to advanced where u can includ this video.
I have short cut that uses zsync.exe and xsl config file that does anti debugging techniques before it runs otherwise it sleeps. I did what u suggested till i got it to work to a point where a cmd just loads and stays there and not able to continue because the continue button grayed out and takes long time like this till I terminate it otherwise will stay like this
Thanks a lot for the video. :)
Wowww .... thank you very much
Good stuff man!
Perfect ! Thanks !
Can you compare/diff two assemblies with dnspy? haven't found a way to do that yet.
No you can't do that in dnspy neither in ilspy. But I am using free tool Telerik JustAssembly for that - www.telerik.com/justassembly
Another option is to decompile the assembly to project, either in Ilspy or dnspy and use some code/text based diff tool like winmerge etc.
@@DuMpGuYTrIcKsTeR cheers man, I appreciate the fast answer.
Hi,dude!I like your videos,can you tell some resourses to study cause it is so difficult to find smth on such topics
you were talking about evading anti-vm checks with bare metal analysis setup --- could you please give me a quick shot how to make quick setup ?? and minimum required hardware ? and if this the only way to defeat anti-vm except patching manually ??
Well OK, if you want to get low cost bare metal setup you can just buy very fast USB Flash drive or external SSD and install Windows To Go on it and later all tools you need..After that create backup image with tools like FTK Imager.. Smaller the storage will be, faster you will restore backup image after infection..
There are also another approaches to avoid detection.. Yes manual program patching is the best.. But there are also already created scripts modifying VM's Virtualbox, vmware, trying to patch common things which are checked with Malware.. These VM's are later good to use only for like remote debugging etc.. as one of the first condition is to Not having install VMtools.. Like I mean example. Virtualbox additions.
nice video, can you explain in a more detailed way how to reverse unity games (if that makes sennse)
thanks!
is it possible to change a boolean thats set as false to true using only the IL thing, I can't use edit method since it wont find my libraries
helo, i need help to broke a limite time usage in one software. can you help me?
Tnx🙏🙏
My dll file only has PE folder, can you help me how to fix it?
This means your DLL is native DLL, not .NET assembly class DLL
How can I write $FUNCTION to a file?
There is only 360p option, is it only for me or is there a mistake?
Sorry the HD is still processing, it will be ready in a moment :D
@@DuMpGuYTrIcKsTeR Looking forward to watch :D
what do you mean VMProtect
help me to crack a cheat panel
Who in the maintenance of Dnspy?
Maintenance of original dnspy is archived with last version of 6.1.8 and now is moved to here as dnSpyEx:github.com/dnSpyEx/dnSpy
I've seen some post on reddit mentioning that Dnspy is now abandoned, is it true? such a shame
Previous main developer archived the dnspy but right after that new very great developer created a revival version called dnSpyEx. And it's really really great, so many improvements and new features, and the dev is such a cool and smart guy😊 I am using now only the dnSpyEx:github.com/dnSpyEx/dnSpy
@@DuMpGuYTrIcKsTeR Oh, great news!! thanks for sharing, what new feature did you liked more?
@@ginebro1930 Oh many, first of all console version of dnspy is workable now, pushing dependencies to more up to date framework - less bugs, more features... The dev is also making better other repos, dnspy is using... Also updates to ILspy decompiler, dnspy is using, so better decompilation results, also IL view with more info and better results... The best feature that could be available one downloads it from builds ( github.com/dnSpyEx/dnSpy/actions/runs/3777467345 ) and not releases is probably the possibility to see static fields in new window ( twitter.com/vinopaljiri/status/1591879453063479301 )... Thats probably revolution 🙂 But again there are too many changes and you should check the changelog in releases, the dev is fuck*ng awesome 😁
Wondering if you could help me please. I created a simple mod menu using DnSpy but I am unable to change the font size of the words on the menu buttons. Could you tell me what I need to type to do that?
Here is a sample of my code
}
if (GuiFrontend.modmenu1)
{
GuiFrontend.string1 = "G O D M O D E ON";
GuiFrontend.modmenu1 = false;
}
else
{
GuiFrontend.string1 = "G O D M O D E OFF";
GuiFrontend.modmenu1 = true;
}