Reverse Engineering [Video] Hiding .NET IL code from DnSpy with R2R Stomping

struppigel

struppigel

Super Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
667


We create a .NET executable that hides code from decompilation and debugging with DnSpy by using a technique called R2R Stomping. Afterwards we explore how to analyse such samples and what effect it has on antivirus detection.

00:00 Introduction
00:43 What is R2R Stomping
02:13 Compiling an R2R binary
04:17 Stomping the code
07:50 Verify that it works - debugging .NET Core
10:00 How to recognize R2R binaries
12:14 Determine if a file is stomped
13:49 Compiling singlefile executables
14:35 Analysing singlefile executables
17:09 Implications on antivirus detections and analysis verdicts
 
  • +Reputation
  • Applause
  • Like
Reactions: silversurfer, simmerskool, Gandalf_The_Grey and 5 others
Trident

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Further to the fantastic video, there is a nice article from Check Point as well on R2R stomping.

research.checkpoint.com

R2R stomping – are you ready to run? - Check Point Research

Research by: Jiri Vinopal Highlights Abstract What if we told you that the reality you perceive with your very own eyes is not always what it seems? That the .NET code you witness executing within your beloved managed debugger, such as dnSpy/dnSpyEx, may not necessarily be the same code that...
research.checkpoint.com research.checkpoint.com
 
  • Like
Reactions: silversurfer, struppigel, simmerskool and 2 others

Similar threads

C
Solved Can't remove a nasty strain of malware/adware
Replies
9
Views
3,869
Windows Malware Removal Help & Support
Cooperdale
C
2Blunt Marley
  • Locked
Solved Com Surrogate is killing my cpu all the time
Replies
6
Views
6,184
Windows Malware Removal Help & Support
TwinHeadedEagle
TwinHeadedEagle
W
    • Like
Malware Analysis #2 - PE Imports (static analysis)
Replies
8
Views
9,563
Malware Analysis
sh3rl0ckh
sh3rl0ckh

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top