Posted June 23, 20196 yr I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use MegaDumper only and directt dump the assembly. But if the assembly is packed with native stub and protected with anti dump (ConfuserEx and others) or protected with whole #US encryption (DNGuardHVM and others), maybe this way is good to dump assemblies. If you can not understand it, you can reply me. Best wish. Edited June 23, 20196 yr by wwh1004
June 23, 20196 yr Author 4 hours ago, Keosoft90 said: @wwh1004 : can you add 2 tools to here ? https://github.com/x64dbg/x64dbg/releases https://github.com/wwh1004/ExtremeDumper/releases
June 23, 20196 yr There is a Script of OLLYDBG made by @GIV that also helps to unpack the Anti Dump protected .NET Files and newbie Friendly too. But this method I tested and works well which you described. Very nice Explanation too. Thank you !!!
June 25, 20196 yr @wwh1004 please share video on other server i cannot download from pan.baidu Edited June 25, 20196 yr by mdj
June 25, 20196 yr @mdj: 使用x64dbg暴打非托管强壳.mp4 -> https://mega.nz/#!Y5JBTaCS!hJXzN5ssvUyRHW8VgpGxINEVrW1zJ2Up96vqqJVG5co I can upload the second video tomorrow, if you need that too. @all: Please be nice and don't abuse the link, it is a free Mega account and has traffic limitations. 使用x64dbg暴打非托管强壳.mp4 Edited August 10, 20232 yr by Teddy Rogers Attached video...
June 26, 20196 yr @kao thank you very very much for this if you have time please upload second video Best Regards
June 26, 20196 yr [.NET]实战UnpackMe.mp4 -> https://mega.nz/#!YxwQSAxA!Lwd9XStVyue8fdYKZXmYkoDxE0Y7ftsyNYtBKLTRrGM [.Net]实战unpackme.mp4 Edited August 10, 20232 yr by Teddy Rogers Attached video...
April 20, 20205 yr @wwh1004 52pojie.cn asking for Account registration code: Can you provide me invitation link or create new account 😅
April 20, 20205 yr 2 hours ago, john fast said: @wwh1004 52pojie.cn asking for Account registration code: Can you provide me invitation link or create new account 😅 I believe they charge for giving out the invitation codes (it is not free of cost) as far as I remember.
August 23, 20205 yr Hey all bro, i can unpacking Net ProtectIOv 2.0, i need someone to help, create de4dot or Net Protect IO unpacked, i will repurchase that product, who can do it contact me by email: Williamborowsky@artlover.com
September 3, 20205 yr On 8/23/2020 at 2:55 PM, thanhthuanbui0610@gmail.co said: Hey all bro, i can unpacking Net ProtectIOv 2.0, i need someone to help, create de4dot or Net Protect IO unpacked, i will repurchase that product, who can do it contact me by email: Williamborowsky@artlover.com tui unpack đc runtime.dll rồi. giờ k biết làm sao để dịch ra code hết
September 14, 20205 yr On 9/3/2020 at 11:49 PM, tungtruong20xx said: tui unpack đc runtime.dll rồi. giờ k biết làm sao để dịch ra code hết bạn unpack dc netprotect v1.0 ko ?
October 2, 20204 yr On 9/3/2020 at 11:49 PM, tungtruong20xx said: tui unpack đc runtime.dll rồi. giờ k biết làm sao để dịch ra code hết xin file unpack được không bạn
November 23, 20204 yr Please Get me the file of module to assembly by code cracker🤝, Would be a good help.
November 24, 20204 yr @wwh1004 Hello brother, my most cordial, affection, would you be so kind, to share the link of your tool, [.NET] AssemblyRebuilder v1.2.2.0 by Wwh, since I did not see it in pan.baidu, and it was removed from github, yes It is not a problem, could you send me a link where to download it
August 7, 20232 yr On 6/26/2019 at 11:06 AM, kao said: [.NET]实战UnpackMe.mp4 -> https://mega.nz/#!YxwQSAxA!Lwd9XStVyue8fdYKZXmYkoDxE0Y7ftsyNYtBKLTRrGM Link not working could anyone please reshare the both videos again!!. thanks in advance
August 7, 20232 yr @HuD_HuD: [.NET]实战UnpackMe.mp4: https://mega.nz/file/l9YSXSiI#NEdJ6JAiFPHeQRdUbdemIG78PrIHGTWhr-A5FfYydGo 使用x64dbg暴打非托管强壳.mp4: https://mega.nz/file/tk4EELiK#H0iIReUyl6RWeURvMEOBlzodzJTW7gerao6Ie8ROPWw Same request as before - please do not abuse those links. It's a free MEGA account and has limited traffic available. Edited August 7, 20232 yr by kao
August 8, 20232 yr On 8/7/2023 at 10:51 PM, kao said: @HuD_HuD: [.NET]实战UnpackMe.mp4: https://mega.nz/file/l9YSXSiI#NEdJ6JAiFPHeQRdUbdemIG78PrIHGTWhr-A5FfYydGo 使用x64dbg暴打非托管强壳.mp4: https://mega.nz/file/tk4EELiK#H0iIReUyl6RWeURvMEOBlzodzJTW7gerao6Ie8ROPWw Same request as before - please do not abuse those links. It's a free MEGA account and has limited traffic available. Thanks for the share one more little request could you plese add the tools on this link it would be very helpfull specially module to assembly or universal fixer code cracker tools package if you have any, thanks again
August 9, 20232 yr Hi HuD_HuD ModuleToAssembly 1.0 https://forum.tuts4you.com/topic/30789-moduletoassembly-10 Universal Fixer https://forum.tuts4you.com/topic/25376-universal-fixer ConfuserEx tools: https://forum.tuts4you.com/topic/37076-confuserexswitchkiller/?do=findComment&comment=187480
August 9, 20232 yr 11 hours ago, CodeExplorer said: Hi HuD_HuD ModuleToAssembly 1.0 https://forum.tuts4you.com/topic/30789-moduletoassembly-10 Universal Fixer https://forum.tuts4you.com/topic/25376-universal-fixer ConfuserEx tools: https://forum.tuts4you.com/topic/37076-confuserexswitchkiller/?do=findComment&comment=187480 Thank you Man 🙏 💜
November 4, 2024Nov 4 On 6/23/2019 at 4:27 AM, wwh1004 said: I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use MegaDumper only and directt dump the assembly. But if the assembly is packed with native stub and protected with anti dump (ConfuserEx and others) or protected with whole #US encryption (DNGuardHVM and others), maybe this way is good to dump assemblies. If you can not understand it, you can reply me. Best wish. Hi, @wwh1004 or anyone that maybe help in finding a working solution: I used your excellent method to dump an executable. It worked but dumped file shows "Invalid PE File" when opening in CFF Explorer, because OptionalHeader.AddressOfEntryPoint is 0x200 and it's obviously invalid. What do I need to do in order to fix this? Being a .net assembly, would that match to _CorExeMain?
Create an account or sign in to comment