Reverse Engineering [Video] Hiding .NET IL code from DnSpy with R2R Stomping


Thread author
Staff Member
Apr 9, 2020

We create a .NET executable that hides code from decompilation and debugging with DnSpy by using a technique called R2R Stomping. Afterwards we explore how to analyse such samples and what effect it has on antivirus detection.

00:00 Introduction
00:43 What is R2R Stomping
02:13 Compiling an R2R binary
04:17 Stomping the code
07:50 Verify that it works - debugging .NET Core
10:00 How to recognize R2R binaries
12:14 Determine if a file is stomped
13:49 Compiling singlefile executables
14:35 Analysing singlefile executables
17:09 Implications on antivirus detections and analysis verdicts


Level 28
Top Poster
Feb 7, 2023
Further to the fantastic video, there is a nice article from Check Point as well on R2R stomping.


About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.