Geek Answers Handbook

What is a .exe file stub?

I am learning how to obfuscate my assembly and use .NET Reactor for this purpose. One option is "Create your own instance of the x86 EXE file" , which I don’t understand its purpose. I import the assembly (for example, a .exe file) and output the obfuscated.exe file, which is approximately the same size. If I checked "Create my own x86 file header" , the program outputs a .exe file that is much smaller in size (for example, .exe is compressed ..)

I do not understand what it means. And in the documentation, he points out:

.NET Reactor is able to generate its own x86 EXE file for your expression. Thus, it is not possible to directly open a protected application in the decompiler. The decompiler recognizes your protected application as a native EXE file.

Why do I want to generate .exe from a file that is already .exe?

+4
source share
2 answers

Although your question was some time ago, I thought I would answer:

Have you ever used a tool like Reflector , ILSpy or dotPeek ? These tools can be used to generate a source from a managed assembly. If you use this own x86 stub, these tools should tell you: "Unable to open an unmanaged dll" (or something similar) - according to the developer.

+1
source

All executables have a single entry point (in C, this is the MAIN function).

For Dot Net applications, there is a standard structure for code and files β€” to ensure there is an appropriate structure β€” to search for various objects, such as resources.

You can analyze / destroy such an application.

DOT NET REACTOR can replace regular source code with proprietary code, so uncompilers believe that its own executable is independent of the DOT NET Framework and has a proprietary file structure for different objects. So they can’t even make out something.

This feature is why I use Reactor. However, in earlier versions (<4.7) files were created that were launched by AVAST virus or trojans.

0
source

More articles:


All Articles