Fix Invalid 'BSJB' signature error in DLL file (Unity3D)
Note: This tutorial was
created by xiaobaiyey and written in chinese. This tutorial is poorly
translated from Google Translation but i have fixed some grammar to make it
easier to understand.
How to get the
decrypted DLL , through IDA , GDB or directly decryption.
A new gaming
platform out of the game (game name omitted), try ida dump the
decrypted DLL , (the previous method introduced, as dynamic
debugging, you can find information on the Internet)
What happen if
you load DLL into Reflector,
Invalid 'BSJB'
Signature in the Metadata header. This error, that is, BSJB this
structure there is an error,
I do not
know .net file header structure, specifically refer to the article,
in recent days, will focus on learning under the net file header structure.
http://www.cnblogs.com/dwlsxj/p/PE.html
Specifically I
do not presented direct demonstration operation, will dump the dll file
into CFF Explorer viewMetadata header. structure,
Left
to dump out, the right to the normal structure, you can see on the left signature field
is cleared, understand net pe file header, it will soon be able to
locate BSJB address and fix, Due to the pe file do not
know, manual calculation method looked a long time, Leng Shimo understand how
to calculate,
I do not
analyze, and directly on the tool operation calculation, because we want to
view BSJB structure, need to calculate the BSJB address the
following method of calculation,
Copy the value: 00101054
This is when you
can look and see BSJB structure, the following is not normal,
And normal comparison:
Comparison
found dump out dll BSJB structure just entering the string BSJB erased
it.
This time,
the BSJB hex fill up, you can
00 00 00 00 into 42
53 4A 42 this time, ok drag DLL file into Reflector
Side dishes, the
process is relatively simple, because the online description .net
pe structure of the article header is not much, provided above blog
article analyzes pe header in more detail.
There is,
if Meta Data RVA and the Meta the Data
SIZE be erased, you can use the following methods to repair (see Ice Forum
by = _ =! );
I forgot the
link address.
Navigate to:
1. Nt Headers -> File
Header -> Characteristics -> Uncheck "File is a DLL" -> OK
2. Address Converter -> Search "BSJB"
find offset "000037AC" -> fill
in the "File offest" We
got "Meta Data RVA":
RVA = 000047AC
3. .NET Directory -> Meta
Data RVA -> Fill was the RVA "000047AC"
4. Optional Header -> the
Data in Directories to [X] -> Import Directory the RVA (the Value)
-> get " 00006A40 "
Calculate the Meta the Data SIZE:
Meta Data SIZE = Import
Directory the RVA - the Meta the RVA the Data 0x6A40
0x47AC = 0x2294
Meta Data RVA= 000047AC
Meta Data SIZE = 00002294
|
Tucao the end,
the game now encrypted dll Unity3D basically are not difficult, personal feel
of the game is to do the anti-gdb debugging and ida or fuss in the structure
dll file because dynamic debugging to get the dll is very simple,
On top of a game
dll file structure of the processing done, dump out can not be used directly
for a repair can be used, there will be an article on the net behind the
estimated file header, which make up a few days in this area of knowledge under
Comments
Post a Comment