[unpackme] 2nd .net Unpackme

[rendari]

Anything goes. Read the readme and good luck. IMO much harder than the last ver

bleh

Compatibility issues fixed. Download new ver here:

http://www.filesend.net/download.php?f=b2d...238f8690e0d8619

Sorry for any problems.

Edited January 27, 2008 by Teddy Rogers
Rendari, please pay more attention to topic title format!

[Ufo-Pu55y]

Thx, I will try

bleh

I take that as a hint ?

[rongchaua]

After I use .Net Generic Unpacker to unpack this. I can see the method. But the code can not be viewed.

[Ufo-Pu55y]

He won't let it slip through that easy again ^^

A tough nut :|

[rendari]

Thx, I will try

bleh

I take that as a hint ?

Heh, no not a hint. I just replaced the link to the old (buggy) unpackme with 'bleh' .

He won't let it slip through that easy again ^^

A tough nut :|

And I didn't add antidebug

Edited January 26, 2008 by rendari

[rendari]

@rongchaua

Does the unpackme work on Vista?

Edited January 26, 2008 by rendari

[bigmouse]

unpacked

Download Link: http://www.filesend.net/download.php?f=cc3...a5647195d47473e

[Ufo-Pu55y]

unpacked

Download Link: http://www.filesend.net/download.php?f=cc3...a5647195d47473e

Pls don't tell, it was just a button on a jit unpacker

[rendari]

unpacked

Download Link: http://www.filesend.net/download.php?f=cc3...a5647195d47473e

Good job bigmouse. Can we expect a tutorial, or at least an explanation?

[bigmouse]

hook compileMethod function, log each method's ilcode.

virtual enum CorJitResult __stdcall

CILJit::compileMethod(class ICorJitInfo *,

struct CORINFO_METHOD_INFO *,

unsigned int,

unsigned char * *,

unsigned long *) proc near

The second parameter, a pointer to CORINFO_METHOD_INFO, is a structure as follows.

struct CORINFO_METHOD_INFO

{

CORINFO_METHOD_HANDLE ftn;

CORINFO_MODULE_HANDLE scope;

BYTE * ILCode;

unsigned ILCodeSize;

unsigned short maxStack;

unsigned short EHcount;

CorInfoOptions options;

CORINFO_SIG_INFO args;

CORINFO_SIG_INFO locals;

};

[rendari]

Excellent. Any idea on how to hook method header reader in mscorwks.dll? Anyways, I'll write a solution for my own unpackme if you won't Yall just have to wait for it a bit; lots of stuff in school nowadays

[rongchaua]

@rendari: it doesn't run on Vista. No jit-hook-packed-file can run on vista until now.

Edited January 29, 2008 by rongchaua

[bigmouse]

try dnguard.

it runs on my vista pc

[rendari]

@rendari: it doesn't run on Vista. No jit-hook-packed-file can run on vista until now.

Alright, thanks ronghaua

[rongchaua]

try dnguard.

it runs on my vista pc

I have a Vista Business 64 Bit. And DNGuard Trial Version can not run on my machine. What do you have?

[rendari]

try dnguard.

it runs on my vista pc

I have a Vista Business 64 Bit. And DNGuard Trial Version can not run on my machine. What do you have?

I have one normal winxp sp2 and DNGuard normal and trial crash on it =/

[bigmouse]

DNGuard Trial v2.82

32-Bit Vista U

[rendari]

Hello all. I have fixed the Vista problem. It now works on 32 bit Vista fine. I assume it works on WinXP, haven't tested it there yet but I'm pretty sure everything is fine Here's the new link:

http://www.filesend.net/download.php?f=67c...8d3776f9612f129

Cheers!

-rendari

rongchua, this one's for you