Posted October 6, 20186 yr Difficulty : Probably 7 Language : C# .NET Platform : Windows (anyCPU) OS Version : Windows 7 Above Packer / Protector : Atipls' obfuscator Description : Upload the unpacked file and give me a detailed tutorial. Describe me the specific method or the specific tools in order used. As I said in the previous unpack challenges XD. Screenshot : UnpackME.exe
October 7, 20186 yr Solution Load file in dnSpy, bypass NtQueryInformationProcess, dump the module, then de4dot and SAE (string only). UnpackME_unpk.exe
October 7, 20186 yr 3 hours ago, #Sith said: Load file in dnSpy, bypass NtQueryInformationProcess, dump the module, then de4dot and SAE (string only). UnpackME_unpk.exe @Sith how to bypass NtQueryInformationProcess ? Can you a little more detail ?
October 7, 20186 yr 4 hours ago, Cursedzx said: Sith, do you know what NtQueryInformationProcess was used for? InheritedFromUniqueProcessId field in PROCESS_BASIC_INFORMATION structure get the ID of the parent process and programm compare it to the some names. I Just changed the InheritedFromUniqueProcessId value to the ID of explorer.exe
Create an account or sign in to comment