zodiac 0 Posted February 26 Language : . NET Platform : Windows OS Version : Windows 7/Windows 8/Windows 10 Packer / Protector : ILProtector + Enigma Description : Unpack the file and get the password. Screenshot : Test_protected.rar Share this post Link to post
0 #Sith 4 Posted February 26 (edited) Password: 1596357 Test_unpacked.exe Edited February 26 by #Sith (see edit history) Share this post Link to post
0 3dsboy08 32 Posted February 26 File does not seem to be runnable on my VM - please fix this before I can continue. Share this post Link to post
0 CodeExplorer 3,226 Posted May 15 After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html 1 Share this post Link to post
0 cawk 213 Posted May 15 6 hours ago, CodeExplorer said: After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html Heres ilprotected file cleaned Test_protected_bodyRestored.exe Share this post Link to post
0 wwh1004 20 Posted June 23 (edited) 1. dump ilprotector native runtime you can inject a dll to call OpenFileDialog and dump 2. decrypt method body fix ILProtectorUnpacker's hook, then it works Test.ip.exe.7z Edited June 23 by wwh1004 (see edit history) 1 Share this post Link to post
0 Asura 0 Posted June 23 (edited) @CodeExplorer Could you please leave the DllSaver download please? Thanks! Edited June 23 by Asura (see edit history) Share this post Link to post
0 CodeExplorer 3,226 Posted June 23 4 hours ago, Asura said: Could you please leave the DllSaver download please? Thanks! Strange here attachments downloads works ok. Here is external download link: https://www3.zippyshare.com/v/fDchNW5P/file.html 1 Share this post Link to post
0 Asura 0 Posted June 23 (edited) Thanks!! @CodeExplorer Edited June 23 by Asura (see edit history) Share this post Link to post
0 Black Hat Anonymous 24 Posted June 23 15 hours ago, wwh1004 said: 1. dump ilprotector native runtime you can inject a dll to call OpenFileDialog and dump 2. decrypt method body fix ILProtectorUnpacker's hook, then it works Test.ip.exe.7z 6.04 kB · 2 downloads Dumping of ILProtector Native -- Done inject a DLL - Which DLL and Where and How ? Fix IL Protector HOOK - Any info about it Brother ??? Share this post Link to post
0 wwh1004 20 Posted June 24 20 hours ago, Black Hat Anonymous said: Dumping of ILProtector Native -- Done inject a DLL - Which DLL and Where and How ? Fix IL Protector HOOK - Any info about it Brother ??? Code like this. You can copy dlls in OpenFileDialog. If you can't copy dlls (maybe anti dump?), you can use the code like "File.WriteAllBytes(@"I:\Downloads\Yes.dll2", File.ReadAllBytes(@"I:\Downloads\Yes.dll"));". ILProtector detects the first few bytes of the compiled machine code. You can fake it. 1 Share this post Link to post
0 GautamGreat 144 Posted June 25 1. Dumped native dll from Enigma's Virtual Box. 2. Break at OEP of Enigma, and dump binary with Mega Dumper. 3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool Here is my unpacked file. unpacked.rar 1 Share this post Link to post
Language : . NET
Platform : Windows
OS Version : Windows 7/Windows 8/Windows 10
Packer / Protector : ILProtector + Enigma
Description :
Unpack the file and get the password.
Screenshot :
Test_protected.rar
Share this post
Link to post