Reverse Engineering [Video] Hiding .NET IL code from DnSpy with R2R Stomping

struppigel

struppigel

Moderator
Thread author
Verified
Staff Member
Well-known
Apr 9, 2020
656


We create a .NET executable that hides code from decompilation and debugging with DnSpy by using a technique called R2R Stomping. Afterwards we explore how to analyse such samples and what effect it has on antivirus detection.

00:00 Introduction
00:43 What is R2R Stomping
02:13 Compiling an R2R binary
04:17 Stomping the code
07:50 Verify that it works - debugging .NET Core
10:00 How to recognize R2R binaries
12:14 Determine if a file is stomped
13:49 Compiling singlefile executables
14:35 Analysing singlefile executables
17:09 Implications on antivirus detections and analysis verdicts
 
  • +Reputation
  • Applause
  • Like
Reactions: silversurfer, simmerskool, Gandalf_The_Grey and 5 others
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,739
Further to the fantastic video, there is a nice article from Check Point as well on R2R stomping.

research.checkpoint.com

R2R stomping – are you ready to run? - Check Point Research

Research by: Jiri Vinopal Highlights Abstract What if we told you that the reality you perceive with your very own eyes is not always what it seems? That the .NET code you witness executing within your beloved managed debugger, such as dnSpy/dnSpyEx, may not necessarily be the same code that...
research.checkpoint.com research.checkpoint.com
 
  • Like
Reactions: silversurfer, struppigel, simmerskool and 2 others

Similar threads

J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,845
Windows Malware Removal Help & Support
nasdaq
nasdaq
jmoreno12
    • Like
  • Locked
Infected with plankjock.com trojan
Replies
4
Views
4,027
Windows Malware Removal Help & Support
nasdaq
nasdaq
M
    • Like
    • Applause
    • Wow
Advice Request Kaspersky and Cloud Privacy
Replies
125
Views
26,630
Kaspersky
MacDefender
M

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top