BlackHat Posted May 8, 2019 Posted May 8, 2019 Language : .NET Platform : Windows x32/x64 OS Version : All Packer / Protector : Anti Dump + IL Protection + Enigma Protector 3.50 Description : You need to unpack and change the Text. "Tuts4you Special Unpack Edition" Screenshot : UnpackMe by Lucifer.exeFetching info...
Teddy Rogers Posted May 8, 2019 Posted May 8, 2019 Before this is approved please edit your topic so it follows the correct posting format... Ted.
BlackHat Posted May 8, 2019 Author Posted May 8, 2019 On 5/8/2019 at 11:33 AM, Teddy Rogers said: Before this is approved please edit your topic so it follows the correct posting format... Ted. Expand I edited it according to rules
CodeExplorer Posted May 15, 2019 Posted May 15, 2019 Run the target first with NETBox so won't kill .NET PE. Dump with MegaDumper. In dumped exe change Image Base to 400000 Fix relocation with Universal Fixer Native DLL UnpackMePlease.dll missing: DllSaver break if module contains UnpackMePlease Unpacked exes: https://www112.zippyshare.com/v/26CxsdFV/file.html 2 1
BlackHat Posted May 15, 2019 Author Posted May 15, 2019 On 5/8/2019 at 4:53 PM, #Sith said: UnpackMe by Lucy_changed.zip 1.09 MB · 0 downloads Expand How did you change the text without actually unpacking it ??? any guide or anything ?? Please
BlackHat Posted May 15, 2019 Author Posted May 15, 2019 On 5/15/2019 at 11:52 AM, CodeExplorer said: Run the target first with NETBox so won't kill .NET PE. Dump with MegaDumper. In dumped exe change Image Base to 400000 Fix relocation with Universal Fixer Native DLL UnpackMePlease.dll missing: DllSaver break if module contains UnpackMePlease Unpacked exes: https://www112.zippyshare.com/v/26CxsdFV/file.html Expand Running Perfect bro !! as its .net we can bypass anti dump with put bp on _corexmain using x64dbg or using enigma unpacker script by giv.. but what method you told is not clear .. and after it as i dump the exe with megadumper ... only one dll comes not both.. as its ilprotected and dll name -- unpackmeplease.dll and yes.dll i loaded in enigma so at dumping only one dll came out not the second one. How you manage to get both of the dll bro ? and after that as we have both dll of ilprotection with exe then how you bypassed the ilprotection latest ? any video will be appreciated awesome. or any text guide will also be ok.... thank you so much.. by the way nice work !!
CodeExplorer Posted May 15, 2019 Posted May 15, 2019 Run original exe with NETBox 4.0 forget to specify version 4.0: https://forum.tuts4you.com/topic/39321-netbox/ Dump .NET exe main module with MegaDumper: https://forum.tuts4you.com/topic/24087-dotnet-dumper-10/page/3/?tab=comments#comment-177260 Quote Native DLL UnpackMePlease.dll missing: DllSaver break if module contains UnpackMePlease Expand You should load original exe with dllsaver: https://forum.tuts4you.com/topic/39871-dllsaver/ As for ILProtector unpacking I've used a private tool I won't share! 1
#Sith Posted May 15, 2019 Posted May 15, 2019 On 5/15/2019 at 2:02 PM, Black Hat Anonymous said: How did you change the text without actually unpacking it ??? any guide or anything ?? Please Expand To get unpackmeplease.dll and yes.dll i've just use WinAPI CopyFileA in target process, and after i use standard method to set new Content in component after initialization. 1
BlackHat Posted May 17, 2019 Author Posted May 17, 2019 On 5/15/2019 at 5:03 PM, #Sith said: To get unpackmeplease.dll and yes.dll i've just use WinAPI CopyFileA in target process, and after i use standard method to set new Content in component after initialization. Expand Thanks You Brother. but i m geeting always unpackmeplease.dll only .... im not able to get yes.dll any tutorial or instruction will be much appreciated... visual like image/video will be definitely --- GOLD Instruction will still be perfect ....
0x432 Posted December 12, 2023 Posted December 12, 2023 On 5/15/2019 at 3:27 PM, CodeExplorer said: Run original exe with NETBox 4.0 forget to specify version 4.0: https://forum.tuts4you.com/topic/39321-netbox/ Dump .NET exe main module with MegaDumper: https://forum.tuts4you.com/topic/24087-dotnet-dumper-10/page/3/?tab=comments#comment-177260 You should load original exe with dllsaver: https://forum.tuts4you.com/topic/39871-dllsaver/ As for ILProtector unpacking I've used a private tool I won't share! Expand Hello why change image base to that specific value? Sorry for the newbie question.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now