DisasMSIL and CFF Explorer

Today I wrote a free/open disasm engine for Microsoft’s Intermediate Language (MSIL).

http://ntcore.com/Files/disasmsil.htm

You can use it any context you wish. There are no license restrictions. The only thing I ask you to do is to send me your bug fixes (if any).

I also added the MSIL disasm engine to the CFF Explorer which is now able to disassemble the methods’ code directly from the MetaData tables.

Rebel.NET

Today I’m releasing the Rebel.NET software and its official guide.

Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams. It’s possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.

As I have written the software and the article in this week when during my sickness (fever), I’m expecting bugs and typos. Please report them.

Of course, I’ve tested the Rebel.NET with more advanced .NET assemblies than those presented in the guide.

DynLogger

DynLogger logs all dynamically retrieved functions by reporting the module name and the requested function. It can come very handy when one wants to know a “hidden” function used by an application.

I recycled the code of a bigger project to write this little application. It’s a very small utility, but it might be of use after all. It was tested on XP and Vista, both x86 and x64. It works for .NET application as well. Just start the logging process, the log will be saved after you quit the monitored application.

New MFC 2008

Big news: Microsoft is developing MFC again!

Seems that the huge managed code campain didn’t stop developers from writing MFC applications. So, for the first time in years huge updates have been made to the MFC. The new MFC will soon be available (they’re still in beta) as an update.

I quote from Somasegar’s MSDN blog:

The team is looking at the feedback and finalizing plans for where we should be focusing to move Visual C++ forward. One of the first areas you will see us invest is in native libraries. The team is working on a significant update to the Microsoft Foundation Classes (MFC). We will be delivering this as an update to Visual Studio 2008 in the first half of 2008. We will have a preview of the same sometime around the early part of the new year.

Using this update to MFC, developers will be able to create applications with the “look and feel” of Microsoft’s Office, Internet Explorer and Visual Studio. Some of the specific features include Office 2007 Ribbon bar look, Internet Explorer look with rebars and task panes, Visual Studio look with sophisticated docking functionality, auto hide windows, property grids and the like. You can also enable your users to customize your application through live drag and drop of menu items and toolbar buttons.