zodiac Posted February 26, 2019 Share Posted February 26, 2019 Language : . NET Platform : Windows OS Version : Windows 7/Windows 8/Windows 10 Packer / Protector : ILProtector + Enigma Description : Unpack the file and get the password. Screenshot : Test_protected.rar Link to comment
#Sith Posted February 26, 2019 Share Posted February 26, 2019 (edited) Password: 1596357 Test_unpacked.exe Edited February 26, 2019 by #Sith Link to comment
3dsboy08 Posted February 26, 2019 Share Posted February 26, 2019 File does not seem to be runnable on my VM - please fix this before I can continue. Link to comment
CodeExplorer Posted May 15, 2019 Share Posted May 15, 2019 After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html 1 Link to comment
cawk Posted May 15, 2019 Share Posted May 15, 2019 6 hours ago, CodeExplorer said: After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html Heres ilprotected file cleaned Test_protected_bodyRestored.exe Link to comment
wwh1004 Posted June 23, 2019 Share Posted June 23, 2019 (edited) 1. dump ilprotector native runtime you can inject a dll to call OpenFileDialog and dump 2. decrypt method body fix ILProtectorUnpacker's hook, then it works Test.ip.exe.7z Edited June 23, 2019 by wwh1004 1 Link to comment
Asura Posted June 23, 2019 Share Posted June 23, 2019 (edited) @CodeExplorer Could you please leave the DllSaver download please? Thanks! Edited June 23, 2019 by Asura Link to comment
CodeExplorer Posted June 23, 2019 Share Posted June 23, 2019 4 hours ago, Asura said: Could you please leave the DllSaver download please? Thanks! Strange here attachments downloads works ok. Here is external download link: https://www3.zippyshare.com/v/fDchNW5P/file.html 1 Link to comment
Asura Posted June 23, 2019 Share Posted June 23, 2019 (edited) Thanks!! @CodeExplorer Edited June 23, 2019 by Asura Link to comment
BlackHat Posted June 23, 2019 Share Posted June 23, 2019 15 hours ago, wwh1004 said: 1. dump ilprotector native runtime you can inject a dll to call OpenFileDialog and dump 2. decrypt method body fix ILProtectorUnpacker's hook, then it works Test.ip.exe.7z 6.04 kB · 2 downloads Dumping of ILProtector Native -- Done inject a DLL - Which DLL and Where and How ? Fix IL Protector HOOK - Any info about it Brother ??? Link to comment
wwh1004 Posted June 24, 2019 Share Posted June 24, 2019 20 hours ago, Black Hat Anonymous said: Dumping of ILProtector Native -- Done inject a DLL - Which DLL and Where and How ? Fix IL Protector HOOK - Any info about it Brother ??? Code like this. You can copy dlls in OpenFileDialog. If you can't copy dlls (maybe anti dump?), you can use the code like "File.WriteAllBytes(@"I:\Downloads\Yes.dll2", File.ReadAllBytes(@"I:\Downloads\Yes.dll"));". ILProtector detects the first few bytes of the compiled machine code. You can fake it. 1 Link to comment
GautamGreat Posted June 25, 2019 Share Posted June 25, 2019 1. Dumped native dll from Enigma's Virtual Box. 2. Break at OEP of Enigma, and dump binary with Mega Dumper. 3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool Here is my unpacked file. unpacked.rar 1 Link to comment
zodiac Posted July 25, 2019 Author Share Posted July 25, 2019 On 5/15/2019 at 4:47 PM, CodeExplorer said: After you dump the main exe (.NET) with MegaDumper: Exception messages: Unable to load DLL 'Test32.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E) So you got to dump that dll with DllSaver. Enigma Only unpacked exes: https://www95.zippyshare.com/v/b0258Ft4/file.html Which options did you use to get the file? I tried but the file is not correct Link to comment
zodiac Posted January 15, 2020 Author Share Posted January 15, 2020 On 6/25/2019 at 1:16 PM, GautamGreat said: 1. Dumped native dll from Enigma's Virtual Box. 2. Break at OEP of Enigma, and dump binary with Mega Dumper. 3. Put Dumped files in one folder and the unpack with @CodeExplorer's Tool Here is my unpacked file. unpacked.rar 531.45 kB · 30 downloads how to do Break at OEP of Enigma, and dump binary with Mega Dumper? 1 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now