我正在尝试解码似乎是简单的 C# 二进制序列化到磁盘的内容:
- https://github.com/malaterre/MMCPrivate/raw/master/sample1.raw
- https://github.com/malaterre/MMCPrivate/raw/master/sample2.raw
我无权访问生成此二进制 blob 的原始 DLL,因此除非我拥有所有 C# 结构的完整定义,否则我无法理解如何处理此文件。如果我可以访问原始 DLL,我可以对 C# 二进制文件进行逆向工程以找到结构,那么在这种情况下我应该怎么做?
代码:
using System;
using System.IO;
using System.Collections;
using System.Runtime.Serialization.Formatters.Binary;
using System.Runtime.Serialization;
public class Dump
{
[STAThread]
static void Main()
{
Deserialize();
}
static void Deserialize()
{
// Declare the hashtable reference.
Hashtable addresses = null;
// Open the file containing the data that you want to deserialize.
FileStream fs = new FileStream("input.dat", FileMode.Open);
try
{
BinaryFormatter formatter = new BinaryFormatter();
// Deserialize the hashtable from the file and
// assign the reference to the local variable.
addresses = (Hashtable) formatter.Deserialize(fs);
}
catch (SerializationException e)
{
Console.WriteLine("Failed to deserialize. Reason: " + e.Message);
throw;
}
finally
{
fs.Close();
}
// To prove that the table deserialized correctly,
// display the key/value pairs.
foreach (DictionaryEntry de in addresses)
{
Console.WriteLine("{0} lives at {1}.", de.Key, de.Value);
}
}
}
造成:
$ mono ./Dump.exe
Failed to deserialize. Reason: Unable to find assembly 'ApplicationObjects, Version=1.0.4073.26998, Culture=neutral, PublicKeyToken=null'.
Unhandled Exception:
System.Runtime.Serialization.SerializationException: Unable to find assembly 'ApplicationObjects, Version=1.0.4073.26998, Culture=neutral, PublicKeyToken=null'.
参考: