Leaderboard

Here is unpacked folder, all tools included. https://limewire.com/d/PWsfv#C32mVemS40 https://fileroy.com/2WVGr1E9zkx7/file https://zippyshare.day/YPGm89uDHMSpeoC/file Final unpacked exe is called drr_msil_Slayed2cleaned_.exe

NETReactorSlayer-6.4.0.0_Fixed9.rar: https://workupload.com/file/9FgKGVGdEEY I completely restored NETReactorSlayer-6.4.0.0\NETReactorSlayer.Core\Helper\EncryptedResource.cs and just add trial Decrypter_v5. I've added ControlFlowReactor.cs for the new control flow and I've changed MethodDecrypter.cs to call it from "public void Run(IContext context)" in each Module.cctor method called.

Basically it works like this,your input gets hased and compared to stored hashed thats inside crackme. Stored hash is : 97328946466865e882e741277903962e7f1ca9cbb4e71948d740bbd38f702f3c <- crackmes hash. To patch application put bp on MessageBoxW and check the call stack. The address in my case is the second one on the call stack: 097044E3 - 8B CE - mov ecx,esi From this address scroll up and you will see : 097044A7 - 74 10 - je 097044B9 097044A9 - C6 05 744ED005 01 - mov byte ptr [05D04E74],01 { (0),1 } 097044B0 - 8B CE - mov ecx,esi 097044B2 - E8 CDE96500 - call 09D62E84 097044B7 - EB 2A - jmp 097044E3 097044B9 - C6 05 744ED005 00 - mov byte ptr [05D04E74],00 { (0),0 } Patch the first one 097044A7 - 74 10 - je 097044B9 to jne 097044B9 and that should be it.

you really want then open a new challenge of unpack me. Will try to do it. Like a proper way.

Ok will prove it what will i get?

its not trial , its dng hvm enterprise 4.94 [ it can be run for 3 days ] , unpack it here x86 and x64 bit , Unpackme_64bit_3_days_time.zip UnpackMe_3_Days.zip

I've just fixed NETReactorSlayer to work with this protection: NETReactorSlayer-6.4.0.0_Fixed1: https://workupload.com/file/EU2AEkDCjSz Please test it and let me know;

i am not asking about how did u dump jit code , saying about , can u little bit brief about => how did you Load assembly and RunModuleConstructor or load assembly from different Domain, this part => var asm = Assembly.LoadFrom(Filename); RuntimeHelpers.RunModuleConstructor(asm .ManifestModule.ModuleHandle);

@CodeExplorer Hello master, I followed your instructions for the new version of this application, but the code doesn't fully open and the executable still doesn't work. Could you please review it again? Your knowledge regarding this version of Reactor is very valuable to me. https://gofile.io/d/c1jG6d

It was interesting 😅 UnpackMe.Dumped.exe UnpackMe.Unpacked.exe

@Teddy Rogers It is seen to be wider and smoother. Many thanks. Regards. sean.

@everyone Can you please write step by step guide tutorials if you solve these kind of problems, so other people get helped by your efforts. No meaning jobs, just showing off. But this is not obligation. your choice for helping others learn. Regards. sean.