Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[UnpackMe] .NET Unpackme 1

CodeExplorer
CodeExplorer
in UnPackMe (.NET)

Featured Replies

Posted

[unpackMe] .NET Unpackme 1


Protected with my private .NET packer/protector.


Unpacking it should be hard enough.


Solution must be a runable unprotected assembly!


 


NET_Unpackme1.zip

    •
    • Like 3

    Solved by Asif

    Go to solution

    i really cant make it runable it requar decrypt string for read string


     


    Unpacked-bug.zip - 85 KB


    failed dc string failied dc resource 


    result = me fail : D .


    Edited by Death

    main resource entrypoint Rva 07FFFFFF => OfFset 2F9FE in main exe contain with picture box UPside ascii let me know if is hard


     


    edited : upside have all decrpted string with asii char exe contains


    Edited by Death

    Replaced string serial by that address i gave and fixes res total cleaned


     


    however not runable


     


    resource name should be A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg  + "resources"


     

    Unpacked 2.zip

    _00150000_res.mem.zip

    Edited by Death

    • Solution

    well proper solution of run about res prb in dump exe - the method readres  reading res from memory but here i have have dump res , so no need that part of method , for fix that part have read main exe code 



    
private unsafe static void smethod_0()
    
{
    
   Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a");
    
   IntPtr hglobal;
    
   Stream stream = Class1.smethod_0(manifestResourceStream, out hglobal);
    
   manifestResourceStream.Close();
    
   stream.Position = 8L;
    
   Class0 @class = new Class0(stream);
    
   GClass0.int_0 = (int)@class.method_6();
    
   object data = @class.method_6();
    
   AppDomain.CurrentDomain.SetData("allstrings", data);
    
   int arg_65_0 = (int)stream.Position;
    
   byte[] array = @class.method_6();
    
   IntPtr intPtr = Marshal.AllocHGlobal(array.Length);
    
   Marshal.Copy(array, 0, intPtr, array.Length);
    
   data = new UnmanagedMemoryStream((byte*)((void*)intPtr), (long)array.Length);
    
   AppDomain.CurrentDomain.SetData("A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg.resources", data);
    
   stream.Close();
    
   Marshal.FreeHGlobal(hglobal);
    
}

     

    we need this line only for got resource from assembly direct



    
Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a");


    the function getting resource so we need replace it readres method which reading res in dump exe

     

    åíáëåá\v\vïå\a\u000fááé\a => string_1 as assembly static with instruction ldarg =>

    public static UnmanagedMemoryStream ResGet(string string_0)

     

    gdbZpoa.jpg

     

    done

     

    however this code string part  AppDomain.CurrentDomain.SetData("allstrings", data); u can inject this this il in ResGet(String): UnmanagedMemoryStream in this  for read string  if cant decrypt 

    Unpacked-cleaned_fix_Runable.zip

    Edited by Death

    • Like 2

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.