Posted February 23, 201411 yr [unpackMe] .NET Unpackme 1Protected with my private .NET packer/protector.Unpacking it should be hard enough.Solution must be a runable unprotected assembly! NET_Unpackme1.zip
February 23, 201411 yr i really cant make it runable it requar decrypt string for read string Unpacked-bug.zip - 85 KBfailed dc string failied dc resource result = me fail : D . Edited February 23, 201411 yr by Death
February 23, 201411 yr main resource entrypoint Rva 07FFFFFF => OfFset 2F9FE in main exe contain with picture box UPside ascii let me know if is hard edited : upside have all decrpted string with asii char exe contains Edited February 23, 201411 yr by Death
February 23, 201411 yr Replaced string serial by that address i gave and fixes res total cleaned however not runable resource name should be A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg + "resources" Unpacked 2.zip_00150000_res.mem.zip Edited February 23, 201411 yr by Death
February 23, 201411 yr Solution well proper solution of run about res prb in dump exe - the method readres reading res from memory but here i have have dump res , so no need that part of method , for fix that part have read main exe code private unsafe static void smethod_0() { Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a"); IntPtr hglobal; Stream stream = Class1.smethod_0(manifestResourceStream, out hglobal); manifestResourceStream.Close(); stream.Position = 8L; Class0 @class = new Class0(stream); GClass0.int_0 = (int)@class.method_6(); object data = @class.method_6(); AppDomain.CurrentDomain.SetData("allstrings", data); int arg_65_0 = (int)stream.Position; byte[] array = @class.method_6(); IntPtr intPtr = Marshal.AllocHGlobal(array.Length); Marshal.Copy(array, 0, intPtr, array.Length); data = new UnmanagedMemoryStream((byte*)((void*)intPtr), (long)array.Length); AppDomain.CurrentDomain.SetData("A5NFUdRddlgosdMh.Et6UQMd0FhRZF2hg.resources", data); stream.Close(); Marshal.FreeHGlobal(hglobal); } we need this line only for got resource from assembly direct Stream manifestResourceStream = Assembly.GetExecutingAssembly().GetManifestResourceStream("åíáëåá\v\vïå\a\u000fááé\a"); the function getting resource so we need replace it readres method which reading res in dump exe åíáëåá\v\vïå\a\u000fááé\a => string_1 as assembly static with instruction ldarg => public static UnmanagedMemoryStream ResGet(string string_0) done however this code string part AppDomain.CurrentDomain.SetData("allstrings", data); u can inject this this il in ResGet(String): UnmanagedMemoryStream in this for read string if cant decrypt Unpacked-cleaned_fix_Runable.zip Edited February 23, 201411 yr by Death
Create an account or sign in to comment