一个行网后台进不去的解决方法修改il重编

发布时间：2025-12-10 11:31:52 浏览次数：11

一个行网后台进不去的解决方法

- 事由
- 首先下载反编译工具进行反编译 dnSpy
- 反编译找出问题代码
- 解决方法就是把上面第二步分析的代码修改绕过认证
- 通过微软的反编译工具编辑指令
- 编辑il文件
- 重新编译
- 替换dll文件

事由

某个行业网站在登录过程显示请调整服务器设置，以保证网站的正常运行，网站负责人找开发商，结果开发商人都找不到了，没有解决方案，网站也成为死站，辛苦这么多年结果可知。

那么为什么进不去呢，是因为进入管理后台必须去开发商的网站认证一下，开发商认证网站倒了，所以就管理后台就进不去，这个就恶心了。破解的方法也就是让它不通过开发商网站认证，绕开它，通过反编译dll生成il代码，然后修改il把认证的代码删除，重新编译生成dll，然后替换。

首先下载反编译工具进行反编译 dnSpy

下载地址：Latest release: https://github.com/0xd4d/dnSpy/releases
D:\tools\dnSpy-netcore-win64

反编译找出问题代码

根据URL大致判断地址

按钮点击代码

protected void btnlogin_Click(object sender, EventArgs e){if (this.txtVerifyCode.Text != UserManageAdmin.VerifyCode){base.Response.Write("<script>alert('校验码错误!')</script>");this.txtVerifyCode.Text = "";}else{int num = 0;***UserManageAdminInfo byName = UserManageAdmin.GetByName(this.TbxUserName.Text.Trim(),HttpContext.Current.Request.Url.AbsoluteUri, out num);***if (num != 0){base.Response.Write("<script>alert('请调整服务器设置，以保证网站的正常运行')</script>");UserManageAdmin.SetVerifyCode();}else if (byName == null){base.Response.Write("<script>alert('无此用户!')</script>");UserManageAdmin.SetVerifyCode();}else if (SecurityUtility.Encrypt("", this.TbxPassword.Text) != byName.ManagerPassWord){base.Response.Write("<script>alert('用户密码不正确!')</script>");UserManageAdmin.SetVerifyCode();}else{UserManageAdmin.Login(byName);byName.LoginCount++;byName.LoginIP = base.Request.UserHostAddress;byName.LastLoginDate = DateTime.Now;UserManageAdmin.Update(byName);base.Response.Redirect(UrlUtility.GetBaseURL() + "/admin/index.htm");}}}

看看得到用户信息 UserManageAdmin.GetByName，看看这个代码怎样的。

public static UserManageAdminInfo GetByName(string AdminName, string UserUrl, out int ErrorInt){ErrorInt = 0;IUserManageAdmin userManageAdmin = UserManageAdmin.Create();UserManageAdminInfo userManageAdminInfo = null;SmartsiteVerify smartsiteVerify = new SmartsiteVerify();UserManageAdminInfo result;if (smartsiteVerify.UserMasterLogin(UserUrl.ToLower())){userManageAdminInfo = userManageAdmin.GetByName(AdminName);result = userManageAdminInfo;}else{ErrorInt = -1;result = userManageAdminInfo;}return result;}

原来要验证smartsiteVerify.UserMasterLogin，看看这是怎样的

namespace TradeSite.UserMaster{// Token: 0x02000002 RID: 2public class SmartsiteVerify{// Token: 0x06000001 RID: 1 RVA: 0x000020D0 File Offset: 0x000010D0public bool UserMasterLogin(string strUrl){Site5verify site5verify = new Site5verify();string text = this.DecryptGuid(ConfigurationSettings.AppSettings["Guid"]);string rnumber = "";bool result;if (text == ""){result = false;}else{string mainoneSmartsite = this.EncryptGuid(this.xmlPublicKey, text);try{string b = site5verify.**VerifyMainone**(mainoneSmartsite, out rnumber);if (text != b){return false;}if (!site5verify.Validatepath(strUrl, text, rnumber)){return false;}}catch{return false;}result = true;}return result;}

验证函数 VerifyMainone 是怎样的呢，原来通过webserivce 调研远程服务认证。

// Token: 0x06000012 RID: 18 RVA: 0x0000243C File Offset: 0x0000143C[SoapDocumentMethod("http://tempuri.org/VerifyMainone", RequestNamespace = "http://tempuri.org/", ResponseNamespace = "http://tempuri.org/", Use = SoapBindingUse.Literal, ParameterStyle = SoapParameterStyle.Wrapped)]public string VerifyMainone(string MainoneSmartsite, out string RNumber){object[] array = base.Invoke("VerifyMainone", new object[]{MainoneSmartsite});RNumber = (string)array[1];return (string)array[0];}

解决方法就是把上面第二步分析的代码修改绕过认证

修改成

通过微软的反编译工具编辑指令

“C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe”

然后转储为 il和res文件

或者执行命令行：“C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools\ildasm.exe” TradeSite.UserManage.Component.dll /output: TradeSite.UserManage.Component.il

编辑il文件

.method public hidebysig static class TradeSite.UserManage.Model.UserManageAdminInfo
GetByName(string AdminName,
string UserUrl,
[out] int32& ErrorInt) cil managed
{
// 代码大小 61 (0x3d)
.maxstack 2
.locals init (class TradeSite.UserManage.IDAL.IUserManageAdmin V_0,
class TradeSite.UserManage.Model.UserManageAdminInfo V_1,
class [TradeSite.UserMaster]TradeSite.UserMaster.SmartsiteVerify V_2,
class TradeSite.UserManage.Model.UserManageAdminInfo V_3,
bool V_4)
IL_0000: nop
IL_0001: ldarg.2
IL_0002: ldc.i4.0
IL_0003: stind.i4
IL_0004: call class TradeSite.UserManage.IDAL.IUserManageAdmin TradeSite.UserManage.DALFactory.UserManageAdmin::Create()
IL_0009: stloc.0
IL_000a: ldnull
IL_000b: stloc.1
IL_000c: newobj instance void [TradeSite.UserMaster]TradeSite.UserMaster.SmartsiteVerify::.ctor()
IL_0011: stloc.2
IL_0012: ldloc.2
IL_0013: ldarg.1
IL_0014: callvirt instance string [mscorlib]System.String::ToLower()
IL_0019: callvirt instance bool [TradeSite.UserMaster]TradeSite.UserMaster.SmartsiteVerify::UserMasterLogin(string)
IL_001e: ldc.i4.0
IL_001f: ceq
IL_0021: stloc.s V_4
IL_0023: ldloc.s V_4
IL_0025: brtrue.s IL_0034
IL_0027: nop
IL_0028: ldloc.0
IL_0029: ldarg.0
IL_002a: callvirt instance class TradeSite.UserManage.Model.UserManageAdminInfo TradeSite.UserManage.IDAL.IUserManageAdmin::GetByName(string)
IL_002f: stloc.1
IL_0030: ldloc.1
IL_0031: stloc.3
IL_0032: br.s IL_003b
IL_0034: ldarg.2
IL_0035: ldc.i4.m1
IL_0036: stind.i4
IL_0037: ldloc.1
IL_0038: stloc.3
IL_0039: br.s IL_003b
IL_003b: ldloc.3
IL_003c: ret
} // end of method UserManageAdmin::GetByName

找到相关代码并修改成如下

重新编译

Framework64,注意.net 版本
“C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ilasm.exe” /dll /resource=TradeSite.UserManage.Component.res TradeSite.UserManage.Component.il /output:TradeSite.UserManage.Component.dll

替换dll文件

幸运的是TradeSite.UserManage.Component.dll 没有强签，强签了也没有什么办法了。

上一篇：怎样让电脑速度变快下一篇：什么是淘宝交易关闭

综合百科

一个行网后台进不去的解决方法修改il重编