How to Edit Any .NET Program If You Don’t Have The Source Code

Background

In this article we discuss the ultimate edge in .NET reverse engineering. How can you easily edit / update / modify any .NET assembly (that’s the exe or dll file) when you don’t have the source code for that; all you need is the file itself. In this article I’ll start with a WinForms sample to keep things simple and because probably it’s old unsupported software that you’d want to reverse engineer and tweak. Then for the sake of completeness I’ll show a small WPF sample for comparison. Console applications and Class Libraries are much more easier to modify since they usually only have code files, and few other embedded files which can be easily edited externally as will be shown below..

The idea of this article started when my brother asked me to modify a program that he purchased but was no longer supported by its company. So I’m stuck in the task of repairing an old buggy software that I don’t even have the source code for.

I started looking on the internet and of course my first resource was the famous Red Gate .NET Reflector. One problem with it was that it could only show you the code but you can’t modify it, so I had to look further for an add in that would do the job for me. All the sources out there but when I got the job done I thought of putting together an article for those who might want to follow a step by step guide to get them started. My original task was to modify an embedded Crystal Report inside the exe. So I had to save it externally in a file then modify it using Crystal Reports Designer, and finally put it back in. This was completely a piece of cake using the tools discussed in this article.

Disclaimer

Do not use knowledge in this article to do crack, hack or otherwise do any illegal activities. This article is for educational purposes only and you alone are held responsible for what you’ll do with this knowledge. This article assumes that the reader at least is an intermediate developer in C#/VB .NET with some experience. A good knowledge of MSIL is a plus but not required since you’ll be editing the code directly in C#/VB.NET depending on the language you choose in Reflector. All code samples here are in C# though.

Tools

Like I mentioned we’ll be using mainly reflector, but also there are a couple of other handy tools and add ins on the way:

  1. Reflector, which unfortunately was free, but Red Gate decided to discontinue the free version -last one was 6.8- and made a new version 7 that you have to buy. Fortunately if you still have the last free version you’re allowed to use it and upgrade up to version 6.8 but if you’re a fresh customer they simply say -buzz off!!!-. Here is a great article on how to obtain a fresh new 6.8 free version of Reflector. If this doesn’t work anymore for some reason you’ll just have to search on the internet I’m sure someone shared it somewhere.
  1. Some Reflector Add-ins that will enhance the performance of this magnificent tool and allow us to actually edit in the .NET assemblies. I’ve listed more add-ins than I actually used in this article as a bonus :)-
    1. Reflexil: This is the most important one that allows you to edit in the MSIL and insert new statements, then save the patched file.
    1. CodeSearch: Neat add-in that allows you to search through the code
    1. FileGenerator: Allows you to dump all the code of the assembly into files.
    1. Deblector: Allows you to actually debug the assembly but instead of seeing MSIL you can relate that to the actual source code
  1. Other tools I used beside Reflector and its add-ins:
    1. ObjectSpy: Spy++ sucks in .NET. This handy tool actually does a marvelous job -but only in WinForms. It doesn’t work in WPF as far as I know-. When you use it it gives you the visual tree of objects and you can easily know the names of the controls on the current screen
    1. Resourcer: Handy tool to edit .resources files that you can’t edit even in Visual Studio!! Other Win32 resource tools -like Resource Hacker- won’t be able to edit .NET resources files.

The Sample

I’ve prepared a very simple application. One form with two text boxes and a button. When you click the button it shows the values in the text boxes in a message.  The task is to modify it to do the following:

  1.  Validation: If the textboxes are empty a different message.
  2. Modify user interface: Add two labels to the left of each text box.
  3. Change the title /caption of the form by modifying the resources files

Steps

So to start we open it in Reflector. Right click on the assembly’s name and select Export. This will export the files in the assembly and format them as a C# project ready to be opened in visual studio.

When you open the project in Visual Studio you might be prompted to upgrade the project. Don’t worry, this is normal. Just click finish and have your project upgraded. There shouldn’t be any errors, but you’ll notice that your project structure is of course a bit different than the standard project tree you might be used to.

Running the solution works right out of the box, but opening the form in designer mode didn’t work initially. All I had to do was to modify the code in this line from

To

Silly isn’t it?! Anyway, now the designer works perfectly and we have our project with its source ready to be modified easily. To accomplish our tasks:

 

  1. Modify Form1.cs button click handler to look like this:

  1. Open the form in designer mode and add your labels. Notice that after editing in design mode an resx file will be created, but you’ll have to delete it since your resources are already in Disassemblee.Form1.resources file. You’ll have to delete on of them.
  2. Open the resources file (Disassemblee.Properties.Resources.resources) in Resourcer and change the value like the screenshot, then save the file

Finally build the project and the output should look like this

Now you can see the labels, the new caption and the validation message. Sweet!

WPF

The WPF application was quite different. After exporting the files all references were missing from the file and the project structure is of course different from what you’d expect in a WPF solution. If you build the solution right away you’ll have some errors, so you have to add the references highlighted in red in the following screenshot. After that you add missing using statements in your code files and it should run smoothly.

So where did the XAML go? After compiling your project XAML is actually converted to BAML -Microsoft and its acronyms, eh?!- which is Binary Application Markup Language-. It’s stored in the resource file WPFDisassemblee.g.resources. Using Resourcer here won’t be of much help instead, in Reflector you can Save this file by right clicking on it and selecting Save As. The problem is that BAML is in binary and currently I don’t know if there is an editor / converter available for it. if I find anything I’ll update this section with it.

Conclusion

This was just a quick sample of what you can do with Reflector with its add-ins, along with Resourcer and ObjectSpy. I haven’t used ObjectSpy but I strongly encourage you to play with it and see what it can show you. Its main use is to identify the visual structure so that if you’re in a big solution or perhaps you didn’t get the chance to full export it to Visual Studio for some reason you can quickly identify the spot where you want to modify using ObjectSpy, then in reflector you can always edit the code in MSIL using reflexil as shown in the screenshot

Once you finish right click on the assembly and choose Reflexil, then Save as

To export an embedded file  like a resources file or an embedded report as in my case, just click on it and open Reflexil. There are two options for save as and open from file. Simply save it to a file, edit it and then load the modified version.

P.S.

Since you have the will to read past the conclusion I’ll give you a bonus. It’s very beneficial for you to try to look at how the compiler optimizes your code after compiling your solution. For example The original code for the btnShow_Click event was like this

But only this got past the compile since the rest is rubbish

Unused variables and useless condition were completely ripped off. Nice!

Final Thought

If it’s in .NET, it’s almost always open source ;) Obfuscation is an option, but I believe its reliability is questionable.

  • Matt Zenick

    i cant get the designer to open at all!! can someone please help? email me at matt.zenick11@gmail.com if you can help