Leaderboard

This was fun, I also took the LLVM route. In my case, everything folded after -O1 to essentially just the flags. Uploaded my devirtualizer to github too https://github.com/eversinc33/binaryshield-devirtualizer Will do a writeup later and add to the README.md

Incredible work. If only I could mark multiple solutions. Thank you for your interest and resource--I'm sure many users will find use in this (myself included lol).

Dear friends Berkeley Mono Font face is updated to version2. They included ligatures (nerd glyphs) directly in this build. The font face is 75$ for developer use only (no commercial use.) I have included this fontface so you can try them. Enjoy! Homepage hxxps://usgraphics[.]com/products/berkeley-mono Archive Pass: Download tx-02-berkeley-mono-pass=SCT.7z

Hello guys, I found and uploaded additional regular font files (didn't find semi-condensed unfortunately☹️) but hope this helps others who want additional regular ttf (more weights), on top of @bluedevil upload: https://pixeldrain.com/u/rPMw5Z75 List: TX-02-Black.ttf TX-02-Black-Oblique.ttf TX-02-Bold.ttf TX-02-Bold-Oblique.ttf TX-02-ExtraBold.ttf TX-02-ExtraBold-Oblique.ttf TX-02-ExtraLight.ttf TX-02-ExtraLight-Oblique.ttf TX-02-Light.ttf TX-02-Light-Oblique.ttf TX-02-Medium.ttf TX-02-Medium-Oblique.ttf TX-02-Oblique.ttf TX-02-Regular.ttf TX-02-SemiBold.ttf TX-02-SemiBold-Oblique.ttf TX-02-SemiLight.ttf TX-02-SemiLight-Oblique.ttf TX-02-Thin.ttf TX-02-Thin-Oblique.ttf

There is a new release: https://github.com/x64dbg/x64dbg/releases/tag/2026.04.20 The project is still alive and it was an honor for me to be able to make some small contributions to this wonderful project.

there is 2 way as far as i know, de4dot uses hash and which i dont know how it works and how it detects the handler second way is mine, in every handler, you need to seperate when the handler reach the end of its blocks, since its combined you need to detect the last instruction of every handler in handler method the structure should be like this handlerMethod{{handler1_start..handler1_end}, {handler2_start..handler2_end}} then to detect what handler is that use pattern matching loop through every handler you detect in that handlerMethod then match with the right pattern

Hi @BlackHat , could you please help me understand how you solved devirtualization for this Agile.NET challenge? I am working on kanCCAuiJp08bXx0Ho7ggqzTFqfBQ0B2.exe (CliSecure/CSVM). I can restore the file without crashes, but Form1::d0() is still semantically wrong (mostly nop/pop/ret after reconstruction). What I already did: Static-only approach (no runtime injector/tracer). Extracted runtime semantics from VMRuntime.dll (ReadPattern, ReadCalls, ExecCalls, ExecFlow). Added custom macro reader profile generation (CSVM7_READERS.recon.map). Added dedicated opcode handling and conservative stack-effect validation for problematic opcodes (0005..0008). Removed invalid CFG/max-stack failures, but final method logic is still incomplete. Could you clarify what differs between your successful approach and the usual AgileNETUnpackMe-style mapping? Specifically: Did you recover true composite semantics per opcode from runtime handlers, or use a different normalization step? For opcodes like 0005..0008, how did you decide between Ceq/Stelem/Nop without breaking stack/CFG? Did you rely on handler body signatures only, or also on operand read order + exec call patterns? Did you patch OpCodeHandlerInfoReader, composite map refinement, or both? Is there one key heuristic I am missing that turns a “stable but empty” devirtualization into a correct d0() reconstruction? Any hint, pseudo-logic, or minimal example of your mapping/refinement strategy would help a lot. Thank you!

Unpackers tools - source code C# My source code: https://gitlab.com/CodeCracker https://github.com/CodeCrackerSND https://bitbucket.org/CodeCrackerSND/ I will NOT share (anymore) the rest of my tools!

I wanted to devirtualize it manually so I made a disassembler for it using the new yara-x to locate the handlers and the bytecode. Probably going to turn it into a full devirtualizer from binaryshield bytecode straight to x86_64. I saw these values(the one in the cmp comment) put them as input since it was valid I didn't go further. You can find my work at https://github.com/xlatbx59/Bshld, the file with the disassembly is at https://github.com/xlatbx59/Bshld/blob/master/binshield.txt. It was fun to reverse

If can, please share with License Managements, I want learning. Thank you

Debug with dnSpy and Remove Anti-Tamper. NOP Anti-Tamper Call and Save. Search for "GCHandle.Free" and put BP. Debug the File and Save koi module from Memory. NOP Anti-Tamper Call after debugging in dnSpy. Clean Cflow as It is a basic "switch" one. Clean Proxy. Clean Constants. Rename using de4dot. WindowsFormsApp1_unpacked.exe