我想对我的中国制造的激光雕刻机附带的软件进行逆向工程。不幸的是，硬件根本无法与其他软件一起使用......原始软件有严重的错误，加载了恶意软件（特别是 Strictor 特洛伊木马），并且供应商拒绝为该程序提供支持。我想得到这个程序的原始代码，以便我可以删除木马，调试软件，然后让该死的东西工作。我为这东西支付了 400 多美元，坦率地说，我对软件完全是垃圾的事实感到非常生气。（很确定它自 win2k 以来就没有更新过......）它表现得好像是由某个高中生作为高级项目或其他东西编写的......受到严重限制和严重窃听。

因此，查看该程序不断输出的错误文件，我 100% 确定主程序是在 .net 中制作的（不确定是 VB、VC、VC++ 等）。它用“windows.form.button ...”说明错误，除此之外，他们需要安装.net框架才能使用它。这让我想到可能是VB？然而，在尝试了 VBDecompilerLite 之后，它表示该程序是使用未知编译器编译的……所以我在这里不知所措。

我曾尝试使用 DeDe、ResourceHacker、Universal Extractor、7Zip 提取等从 exe 中提取代码 - 所有这些都会产生一个不可读的 0b 文件“[0~]”，或者错误提示无法提取文件。

如果有人知道我接下来可以尝试什么，请告诉我。我无法上传文件供人们测试，因为 - 如上所述 - 它包含恶意软件。我正在一台脱离通常网络的 PC 上反编译该程序，因此那里没有互联网/网络访问权限。

病毒扫描结果：

Scanner         |   Malware Variant             |   AV updated
---------------------------------------------------------------
ALYac               Gen:Variant.Strictor.99340      20160115
Ad-Aware            Gen:Variant.Strictor.99340      20160115
Arcabit             Trojan.Strictor.D1840C          20160115
Avast               Win32:Malware-gen               20160115
BitDefender         Gen:Variant.Strictor.99340      20160115
Emsisoft            Gen:Variant.Strictor.99340 (B)  20160115
F-Secure            Gen:Variant.Strictor.99340      20160115
GData               Gen:Variant.Strictor.99340      20160115
MicroWorld-eScan    Gen:Variant.Strictor.99340      20160115
Qihoo-360           QVM19.1.Malware.Gen             20160115
Rising              PE:Malware.RDM.18!5.18 [F]      20160114 

请帮我！

这是程序给我的原始错误（如果有帮助）：

> See the end of this message for details on invoking  just-in-time
> (JIT) debugging instead of this dialog box.
> 
> ************** Exception Text ************** System.ArgumentException: Parameter is not valid.    at System.Drawing.Bitmap.LockBits(Rectangle
> rect, ImageLockMode flags, PixelFormat format, BitmapData bitmapData) 
> at System.Drawing.Bitmap.LockBits(Rectangle rect, ImageLockMode flags,
> PixelFormat format)    at xj2.Form1.Gray2(Bitmap srcBitmap, Boolean
> reverse)    at xj2.Form1.button3_Click(Object sender, EventArgs e)   
> at System.Windows.Forms.Control.OnClick(EventArgs e)    at
> System.Windows.Forms.Button.OnClick(EventArgs e)    at
> System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)    at
> System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons
> button, Int32 clicks)    at
> System.Windows.Forms.Control.WndProc(Message& m)    at
> System.Windows.Forms.ButtonBase.WndProc(Message& m)    at
> System.Windows.Forms.Button.WndProc(Message& m)    at
> System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
> at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message&
> m)    at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32
> msg, IntPtr wparam, IntPtr lparam)
> 
> 
> ************** Loaded Assemblies ************** mscorlib
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3643 (GDR.050727-3600)
>     CodeBase: file:///C:/windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
> ---------------------------------------- BoxedAppSDK_AppDomainManager
>     Assembly Version: 1.0.0.0
>     Win32 Version: 1.0.0.0
>     CodeBase: file:///C:/windows/assembly/GAC/BoxedAppSDK_AppDomainManager/1.0.0.0__ef07ce3257ee81c1/BoxedAppSDK_AppDomainManager.dll
> ---------------------------------------- xj2
>     Assembly Version: 1.0.0.0
>     Win32 Version: 1.0.0.0
>     CodeBase: file:///C:/Documents%20and%20Settings/Owner/デスクトップ/1.exe
> ---------------------------------------- System.Windows.Forms
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3645 (GDR.050727-3600)
>     CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
> ---------------------------------------- System
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3644 (GDR.050727-3600)
>     CodeBase: file:///C:/windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
> ---------------------------------------- System.Drawing
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3644 (GDR.050727-3600)
>     CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
> ---------------------------------------- Accessibility
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
>     CodeBase: file:///C:/windows/assembly/GAC_MSIL/Accessibility/2.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
> ---------------------------------------- xj2.resources
>     Assembly Version: 1.0.0.0
>     Win32 Version: 1.0.0.0
>     CodeBase: file:///C:/Documents%20and%20Settings/Owner/デスクトップ/en/xj2.resources.DLL
> ---------------------------------------- System.Configuration
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3053 (netfxsp.050727-3000)
>     CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
> ---------------------------------------- System.Xml
>     Assembly Version: 2.0.0.0
>     Win32 Version: 2.0.50727.3082 (QFE.050727-3000)
>     CodeBase: file:///C:/windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
> ----------------------------------------
> 
> ************** JIT Debugging ************** To enable just-in-time (JIT) debugging, the .config file for this application or computer
> (machine.config) must have the jitDebugging value set in the
> system.windows.forms section. The application must also be compiled
> with debugging enabled.
> 
> For example:
> 
> <configuration>
>     <system.windows.forms jitDebugging="true" /> </configuration>
> 
> When JIT debugging is enabled, any unhandled exception will be sent to
> the JIT debugger registered on the computer rather than be handled by
> this dialog box.