Jump to content
Tuts 4 You

[unpackme] Xheo Codeveil Unpackme


Recommended Posts

I?ve to say that I?ve no idea what to unpack here. I?ve bypassed the layers and a CALL EAX I think went to "OEP" or better said a call to a .NET function that executes the app....

Is this done then?


Link to comment

All of them that was on the hands sonny27 must be overcome...

*am i right, in writing english... :innocent: *


Edited by Apakekdah
Link to comment

Its a .net app so the unpacked copy should be loadable in .NET Reflector or any other .net decompiler,

and ofcource the file needs to be fully runnable :)

Send me ur unpacked copy when ur done ;)


LibX // RETeam

Link to comment
Hee bro how are u doing?! I never see u online anymore :(

We should have a chat on IRC some time :)

hehe i will back on irc soon

ive droped crackin for 2,5years now im trying to get back on tracks :)

but many new ****s came and this EXECRYPTOR makes me sick ;/

Link to comment

hi LibX,

I?ve reached OEP but my dump always refuses to run. I believe that I?ve fixed the Header correctly but it that this was not enough :(

Could you please help me unpacking this file?


Link to comment

Same here, finding OEP is very easy, for a short version just BP the Jump Dword right above the Entrypoint ;)

Anyway, I dumped and then fixed the header so at least it starts.

It immediately crashes with some .NET error message, bla bla...

I dont belive unpacking .NET is that easy, there are some tricks for sure, like magled meta data, dunno :/ Never unpacked .NET apps except for NsPack and even there I used one of the automatic .NET generic unpackers (which works pretty fine most of the time)...

You wouldnt have posted it if it was that easy, huh ? ;)

Link to comment
  • 3 weeks later...

Hehe I was lazy. Hex editor in your hands, and warm your seat up a bit, and you can code a xor packer in a day. Amazing that companies sell them for 2k.

Link to comment

I dont think LibX actually coded this himself ? Or did he ? :o

He coded the unpackme, but not the packer...

Anyway, if you dont mind you could share your source w/ the forum members, might help somebody...

No must, though... if you want to keep things private ;)

Link to comment
  • 2 weeks later...

Its not that hard if u take a little time to look closer at the stub ;)

And no i didn't code this packer myself :P thank god :P

Link to comment
  • 3 months later...

Hmm looked at the tutorial again. It only shows you how to get a dump, but not how to decrypt the MSIL, so the dump is non-functioning :|

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...