Programming languages that operate on a virtual machine often promise safety guards against many unsafe operations. However, virtual machines can have pretty serious bugs. In this post, we explore ...
A problem with .NET Self-Contained Apps and how to pop calculators in dnSpy
How small is the smallest .NET Hello World binary?
Here is a dumb question that you probably never asked yourself: What is the minimal amount of bytes we need to store in a .NET executable to have the CLR print the string"Hello, World!" to the stan...
Breaking Javascript with Python Pickles (Solving brinebid in DEFCON CTF Qualifiers 2023)
On May 27 until May 29, I had the pleasure to join Shellphish in the DEFCON CTF Qualifiers of 2023. I wanted to highlight one of the challenges called brinebid that I ended up working on as well as...
What really is the Entry Point of a .NET Module?
public static void Main(); This is what most people associate with the entry point of a .NET module. However, as it so turns out, this is not the place where it all begins. In this post, we will r...
Injecting Code using Imported Functions into Native PE Files
Patching PE files is easy. Injecting new code that uses functions from external modules, however, is more complicated. In this post, we are implementing a method for rebuilding import directories,...
Confusing .NET Debuggers: Proxy Objects
.NET decompilers and debuggers have become very good at helping reverse engineers figure out the inner workings of a program. However, they also make a lot of assumptions that can be used against t...
Confusing .NET Decompilers: The CallVirt OpCode
In a previous post we dove deep into the inner workings of the call opcode, and used it to confuse decompilers and deobfuscators. We will continue this story by also giving the callvirt opcode some...
Confusing .NET Decompilers: The Call OpCode
The call and callvirt opcodes are arguably two of the most commonly used operations in the Common Intermediate Language (CIL). Yet, they have some interesting properties that are often overlooked. ...
int main();
Hi! I go by the name Washi on the internet. I am a hobbyist programmer and reverse engineer, and I love creating and breaking things. I spend a lot of time thinking about compilers and decompiler...