Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

[unpackMe] .NET Unpackme 1


Protected with my private .NET packer/protector.


Unpacking it should be hard enough.


Solution must be a runable unprotected assembly!


 


NET_Unpackme1.zip

Solved by Asif

Go to solution

i really cant make it runable it requar decrypt string for read string


 


Unpacked-bug.zip - 85 KB


failed dc string failied dc resource 


result = me fail : D .


Edited by Death

main resource entrypoint Rva 07FFFFFF => OfFset 2F9FE in main exe contain with picture box UPside ascii let me know if is hard


 


edited : upside have all decrpted string with asii char exe contains


Edited by Death

Replaced string serial by that address i gave and fixes res total cleaned


 


however not runable


 


resource name should be A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg  + "resources"


 

Unpacked 2.zip

_00150000_res.mem.zip

Edited by Death

  • Solution

well proper solution of run about res prb in dump exe - the method readres  reading res from memory but here i have have dump res , so no need that part of method , for fix that part have read main exe code 



private unsafe static void smethod_0()
{
   Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a");
   IntPtr hglobal;
   Stream stream = Class1.smethod_0(manifestResourceStream, out hglobal);
   manifestResourceStream.Close();
   stream.Position = 8L;
   Class0 @class = new Class0(stream);
   GClass0.int_0 = (int)@class.method_6();
   object data = @class.method_6();
   AppDomain.CurrentDomain.SetData("allstrings", data);
   int arg_65_0 = (int)stream.Position;
   byte[] array = @class.method_6();
   IntPtr intPtr = Marshal.AllocHGlobal(array.Length);
   Marshal.Copy(array, 0, intPtr, array.Length);
   data = new UnmanagedMemoryStream((byte*)((void*)intPtr), (long)array.Length);
   AppDomain.CurrentDomain.SetData("A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg.resources", data);
   stream.Close();
   Marshal.FreeHGlobal(hglobal);
}

 

we need this line only for got resource from assembly direct



Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a");


the function getting resource so we need replace it readres method which reading res in dump exe

 

åíáëåá\v\vïå\a\u000fááé\a => string_1 as assembly static with instruction ldarg =>

public static UnmanagedMemoryStream ResGet(string string_0)

 

gdbZpoa.jpg

 

done

 

however this code string part  AppDomain.CurrentDomain.SetData("allstrings", data); u can inject this this il in ResGet(String): UnmanagedMemoryStream in this  for read string  if cant decrypt 

Unpacked-cleaned_fix_Runable.zip

Edited by Death

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.