Jump to content
Tuts 4 You

Leaderboard

  1. jackyjask

    jackyjask

    Full Member+


    • Points

      25

    • Posts

      1,463


  2. CodeExplorer

    CodeExplorer

    Team Member


    • Points

      20

    • Posts

      4,227


  3. nicogalan

    nicogalan

    Full Member


    • Points

      9

    • Posts

      165


  4. Ben_Dover

    Ben_Dover

    Junior+


    • Points

      8

    • Posts

      24


Popular Content

Showing content with the highest reputation since 06/24/2025 in all areas

  1. This project is mirrored from https://github.com/jmpoep/vmprotect-3.5.1.git. https://huihui.cat/mirrors/vmprotect-3.5.1 https://git.nadeko.net/Fijxu/vmprotect-source (someone is fighting and DMCA-ing (removing) all VMP related repos on github!) and a downloadable copy https://pixeldrain.com/u/fKn1dZqK
    3 points
  2. Can I have this source code back, my friend?
    1 point
  3. View File .NET Reactor v7.3 (Embedded DLL's) File protected by .NET Reactor v7.3 having Code Virtualization enabled. By nature the application using Dependency Injection (this time heavily developed), the 3rd party files embedded to main exe (see shot2), in addition System.Data.SQLite.dll lying near application. Find registration combination and reply it with the success message! Custom antidebugger Submitter whoknows Submitted 06/26/2025 Category UnPackMe (.NET)  
    1 point
  4. 8 downloads

    File protected by .NET Reactor v7.3 having Code Virtualization enabled. By nature the application using Dependency Injection (this time heavily developed), the 3rd party files embedded to main exe (see shot2), in addition System.Data.SQLite.dll lying near application. Find registration combination and reply it with the success message! Custom antidebugger
    1 point
  5. View File Eazfuscator.NET v2025.1 File protected by Eazfuscator.NET v2025.1 having Code Virtualization enabled. By nature the application using Dependency Injection, the 3rd party files embedded to main exe. Find registration combination and reply it with the success message! Codebase improved a little bit versus reactor73 target. Submitter whoknows Submitted 06/24/2025 Category UnPackMe (.NET)  
    1 point
  6. @CreateAndInject WindowsFormsApplication37-src.rar
    1 point
  7. v.0.0.9.1 exeinfope.zip
    1 point
  8. Why the code seems strange? What is Dependency Injection? Which the 3rd party files does the unapckme use? uint num = interface4_0.imethod_0();
    1 point
  9. 11 downloads

    File protected by Eazfuscator.NET v2025.1 having Code Virtualization enabled. By nature the application using Dependency Injection, the 3rd party files embedded to main exe. Find registration combination and reply it with the success message! Codebase improved a little bit versus reactor73 target.
    1 point
  10. I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use MegaDumper only and directt dump the assembly. But if the assembly is packed with native stub and protected with anti dump (ConfuserEx and others) or protected with whole #US encryption (DNGuardHVM and others), maybe this way is good to dump assemblies. If you can not understand it, you can reply me. Best wish.
    1 point
  11. Hi HuD_HuD ModuleToAssembly 1.0 https://forum.tuts4you.com/topic/30789-moduletoassembly-10 Universal Fixer https://forum.tuts4you.com/topic/25376-universal-fixer ConfuserEx tools: https://forum.tuts4you.com/topic/37076-confuserexswitchkiller/?do=findComment&comment=187480
    1 point
  12. @HuD_HuD: [.NET]实战UnpackMe.mp4: https://mega.nz/file/l9YSXSiI#NEdJ6JAiFPHeQRdUbdemIG78PrIHGTWhr-A5FfYydGo 使用x64dbg暴打非托管强壳.mp4: https://mega.nz/file/tk4EELiK#H0iIReUyl6RWeURvMEOBlzodzJTW7gerao6Ie8ROPWw Same request as before - please do not abuse those links. It's a free MEGA account and has limited traffic available.
    1 point
  13. 145 downloads

    Code obfuscation techniques are increasingly being used in software for such reasons as protecting trade secret algorithms from competitors and deterring license tampering by those wishing to use the software for free. However, these techniques have also grown in popularity in less legitimate areas, such as protecting malware from detection and reverse engineering. This work examines two such techniques “packing and virtualization-obfuscation“ and presents new behavioral approaches to analysis that may be relevant to security analysts whose job it is to defend against malicious code. These approaches are robust against variations in obfuscation algorithms, such as changing encryption keys or virtual instruction byte code. Packing refers to the process of encrypting or compressing an executable file. This process scrambles the bytes of the executable so that byte-signature matching algorithms commonly used by anti-virus programs are ineffective. Standard static analysis techniques are similarly ineffective since the actual byte code of the program is hidden until after the program is executed. Dynamic analysis approaches exist, but are vulnerable to dynamic defenses. We detail a static analysis technique that starts by identifying the code used to "unpack" the executable, then uses this unpacker to generate the unpacked code in a form suitable for static analysis. Results show we are able to correctly unpack several encrypted and compressed malware, while still handling several dynamic defenses. Virtualization-obfuscation is a technique that translates the original program into virtual instructions, then builds a customized virtual machine for these instructions. As with packing, the byte-signature of the original program is destroyed. Furthermore, static analysis of the obfuscated program reveals only the structure of the virtual machine, and dynamic analysis produces a dynamic trace where orig­inal program instructions are intermixed, and often indistinguishable from, virtual machine instructions. We present a dynamic analysis approach whereby all instructions that affect the external behavior of the program are identified, thus building an approximation of the original program that is observationally equivalent. We achieve good results at both identifying instructions from the original program, as well as eliminating instructions known to be part of the virtual machine.
    1 point
  14. @mdj: 使用x64dbg暴打非托管强壳.mp4 -> https://mega.nz/#!Y5JBTaCS!hJXzN5ssvUyRHW8VgpGxINEVrW1zJ2Up96vqqJVG5co I can upload the second video tomorrow, if you need that too. @all: Please be nice and don't abuse the link, it is a free Mega account and has traffic limitations. 使用x64dbg暴打非托管强壳.mp4
    1 point
  15. There is a Script of OLLYDBG made by @GIV that also helps to unpack the Anti Dump protected .NET Files and newbie Friendly too. But this method I tested and works well which you described. Very nice Explanation too. Thank you !!!
    1 point
×
×
  • Create New...