Find Value of Decompiled Variable - c#

I'm a programmer with pretty basic abilities, and I located a suspicious looking file on a friend's computer. I emailed it to myself and opened it with the .NET reflector, just for fun on the off chance it worked. It did, and the code looks like it was initially written in C#/VB. The program looks to my untrained eye like a pretty basic stealer, grabbing all sorts of passwords from their standard directories. I also finally found what I was looking for; where all of this data is emailed to. I got it in my head that I could disable this email address and help others who have lost important data by contacting them. However, the email address and its password are stored as variables; Me.Information. What I really need is to find that variable, Me.Information. The program itself is simply enormous, filled with code that I barely understand in context. It's utterly unscrambled as far as I can see. No obfuscation. I've been searching in my free time for quite a while now, any pros out there who could lend a hand would be very much appreciated!
Thanks.

Export it to a project, and open it in some IDE (like visual studio). To address your concern about accidentally running the program, you can actually disable those run configurations in the project settings, so you have no chance of running/building it.
Hope this helps!

if you found the code section that sends the email out, you could just replace it with a messagebox that displays the address, rather than sending something to it. be careful though, dont wanna make a mistake and give away your passwords.
also, you can open up some .net files in notepad and see the strings. often times they will be easily readable... something like:
address = "me#somewhere.net"
(in code)
might be visible in notepad, although it may look like this:
m e # s o m e w h e r e . n e t
(im not sure if they are actually 'spaces' but they do tend to display looking like spaces)
it could take awhile to search for all instances of "#" though, and it wont work unless they assigned it in a simple manner like my example... they may have constructed it to make it less visible

Related

Certificate Transparency Logs for C#

Currently working on a certificate transparency logs. My goal is to read each log just like what CertStream - (Open the fire hose button) did, my boss wants to create another one that is written in C#. Just a simple code to parse the logs can really help me. Not necessarily as fancy as CertStream does its stuff.
These are the following links/APIs that I've read:
(API's from Google or related)
https://ct.googleapis.com/pilot/ct/v1/get-sth
https://ct.googleapis.com/logs/argon2020/ct/v1/get-entries?start=20200201&end=20200205
https://www.rfc-editor.org/rfc/rfc6962
Valuable info:
https://certstream.calidog.io/
https://stackoverflow.com/questions/59772797/cant-parse-precertificate-from-certificate-transparency-log
For the code I started,
byte[] byte_LeafInput = Convert.FromBase64String(leaf_input);
byte[] byte_extradata = Convert.FromBase64String(extra_data);
string strLeafInput = Encoding.UTF8.GetString(byte_LeafInput);
string strExtraData = Encoding.UTF8.GetString(byte_extradata);
But it only shows some gibberish data with few readable words.
Any codes or libraries that can help me with that? Upon searching, I found so many codes written in different languages like Python, Go, etc., but based on what I understand in their code, they are also using libraries which is not available in NuGet. X509Certificate might be useful but I don't know how to use it in this case.
Any lead would really be appreciated. Thank you.
Upon searching for a long time. My boss advised me to get the logs and parse it through Python and save that in a text file or csv. After that, my program in C# can use all functions to analyze the information in the created text file. I guess using the current wheel is more efficient than creating one. :)

made changes, compiled and regret

I made today few changes by ctrl+h to all the solution.
When I understood my mistakes I tried to undo it with ctrl-Z but the results were awful.
The question is : How can I reload the last compiled project before I had done this stupid move.
Lets say I want the solution as it was at yesterday.
Thanks for your help,
Eliran.
you can try decompiling the old binary with tools like dotPeek. But in general that is the reason why you use a source control system.
You cannot. Once saved, the changes are irreversible. That's the point of backups. There are tools to decompile your .NET executable, but as not all sourcecode is actually compiled into the executable (for example formatting and comments are not), you will never get your original code back.
You may want to look into source control software like Git, Subversion or Team Foundation Server to handle this problem properly next time.

Find out on what place on a harddisk a program / file is installed

Let's say I have a file: test.txt and I save it on my harddisk.
Is there a way to determine on what (physical) spot the file is saved on the hard disk?
For example on vector 12 on track 10 of the hard disk.
I don't know if I got the terminology right of the above, but I hope you get what I mean.
I want to write of program wheer the user can point to a file and the program will find out where the file is on the HDD. Something like the old defrag (it's Windows ;) ) where it shows what parts of the disk is in use.
What is this called and can it be achieved? (I'm not looking for code (although exmaples are ok ofc), but rather whether it is possible)
P.S. The client will be Windows 7 (so think NTFS if it matters).
I'm pretty sure that doing that sort of low-level disk i/o in managed code is going to be...difficult, at best. Here's somebody that's done something like it:
http://codebrainz.ca/index.php/2010/05/23/low-level-disk-io-in-managed-net/
Anything you write to do something like this has to be hardware-dependent: unless you know what hardware you're talking to, you've got no idea how it physically stores data (e.g., a USB memory stick has neither platters, tracks nor sectors, nor does it spin. Yet, for all intents and purposes, it appears to be a disk).
Normally, you'd write some sort of device driver to accomplish this. This link
http://en.wikibooks.org/wiki/Windows_Programming/Device_Driver_Introduction
might help.
In Jeffrey Wall's WebLog you will find Defrag API C# wrappers. His GetFileMap method sems to come close to what you need.
It is possible from C++, so with a little interoping, you should be fine.
Look up FSCTL_GET_RETRIEVAL_POINTERS in the MSDN to get you started.

C# Program Settings and Localizing

So I'm starting my first actual Program in C# now, and just before I dig into the actual functions, I'm asking myself about localization of a Program.
I thought, a .resx is nice for the language-variables to store. But how can I get that into the settings? I see there is a .settings file, where I can assign Settings for the program, but how can I add my language.resx to these settings, so if there are several installed the user can select which language to use?
Furthermore, I'm designin the program using the winform designer - how can I tell a control to use a string of the resourcce as a text rather than type it in by hand?
I'm sure there are a bunch of tutorials out there concerning my issues, but 2 hours of searching haven't got me anywhere, so if anyone has some suggestions for me, I'd be very thankful =)
This seems to be similar to question 1142802, so maybe that is a good place to start.
ed:
It depends on the control a bit I guess, but for a menu you could create a method that defines it's contents.
You'd then be able to do something like menuItem1.Text = string.Item1Text.

Windows clipboard CRLF/LF passing wrong for one user

We have a pair of applications. One is written in C# and uses something like:
string s = "alpha\r\nbeta\r\ngamma\r\ndelta";
// Actually there's wrapper code here to make sure this works.
System.Windows.Forms.Clipboard.SetDataObject(s, true);
To put a list of items onto the clipboard. Another application (in WinBatch) then picks up the list using a ClipGet() function. (We use the clipboard functions to give people the option of editing the list in notepad or something, without having to actually cut-and-paste every time.)
In this particular environment, we have many users on one system via Citrix. Many using these pairs of programs.
Just one user is having the problem where the line delimiters in the text are getting switched from CRLF to LF somewhere between the SetDataObject() and the CLipGet(). I could explain this in a mixed Unix/Windows environment, but there is no Unix here. No unix-y utilities anywhere near this system either. Other users on the same server, no problems at all. It's like something in Windows/Citrix is being "helpful" when we really don't want it, but just for this one guy.
Ideas?
Have you tried clearing their profile on Citrix? That seems to be the solution to many many user specific Citrix problems.
Does Environment.NewLine behave differently on Citrix environments? If so, it may give you a good option that works for all users instead of \r\n.

Categories

Resources