Jump to content
Tuts 4 You

[UnpackMe] .NET Unpackme 1

CodeExplorer

By CodeExplorer
in UnPackMe (.NET)

 Share
Go to solution Solved by Hadits follower,

Recommended Posts

CodeExplorer

CodeExplorer

Posted
Posted

[unpackMe] .NET Unpackme 1


Protected with my private .NET packer/protector.


Unpacking it should be hard enough.


Solution must be a runable unprotected assembly!


 


NET_Unpackme1.zip

  • Like 3
Hadits follower

Hadits follower

Posted
Posted (edited)

i really cant make it runable it requar decrypt string for read string


 


Unpacked-bug.zip - 85 KB


failed dc string failied dc resource 


result = me fail : D .


Edited by Death
Hadits follower

Hadits follower

Posted
Posted (edited)

main resource entrypoint Rva 07FFFFFF => OfFset 2F9FE in main exe contain with picture box UPside ascii let me know if is hard


 


edited : upside have all decrpted string with asii char exe contains


Edited by Death
Hadits follower

Hadits follower

Posted
Posted (edited)

Replaced string serial by that address i gave and fixes res total cleaned


 


however not runable


 


resource name should be A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg  + "resources"


 

Unpacked 2.zip

_00150000_res.mem.zip

Edited by Death
  • Solution
Hadits follower

Hadits follower

Posted
  • Solution
Posted (edited)

well proper solution of run about res prb in dump exe - the method readres  reading res from memory but here i have have dump res , so no need that part of method , for fix that part have read main exe code 




private unsafe static void smethod_0()

{

   Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a");

   IntPtr hglobal;

   Stream stream = Class1.smethod_0(manifestResourceStream, out hglobal);

   manifestResourceStream.Close();

   stream.Position = 8L;

   Class0 @class = new Class0(stream);

   GClass0.int_0 = (int)@class.method_6();

   object data = @class.method_6();

   AppDomain.CurrentDomain.SetData("allstrings", data);

   int arg_65_0 = (int)stream.Position;

   byte[] array = @class.method_6();

   IntPtr intPtr = Marshal.AllocHGlobal(array.Length);

   Marshal.Copy(array, 0, intPtr, array.Length);

   data = new UnmanagedMemoryStream((byte*)((void*)intPtr), (long)array.Length);

   AppDomain.CurrentDomain.SetData("A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg.resources", data);

   stream.Close();

   Marshal.FreeHGlobal(hglobal);

}

 

we need this line only for got resource from assembly direct




Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a");


the function getting resource so we need replace it readres method which reading res in dump exe

 

åíáëåá\v\vïå\a\u000fááé\a => string_1 as assembly static with instruction ldarg =>

public static UnmanagedMemoryStream ResGet(string string_0)

 

gdbZpoa.jpg

 

done

 

however this code string part  AppDomain.CurrentDomain.SetData("allstrings", data); u can inject this this il in ResGet(String): UnmanagedMemoryStream in this  for read string  if cant decrypt 

Unpacked-cleaned_fix_Runable.zip

Edited by Death
  • Like 2

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...