Magi Posted June 26, 2019 Posted June 26, 2019 Language : .NET Platform : Windows OS Version : All Packer / Protector : DNGuard 3.8.4.0 - Enterprise Description : Unpack this file it is DNGuard HVM. Screenshot : CM.rarFetching info...
CodeExplorer Posted June 26, 2019 Posted June 26, 2019 Is this protected by Enterprise or by Trial Edition?
Magi Posted June 26, 2019 Author Posted June 26, 2019 On 6/26/2019 at 5:53 PM, CodeExplorer said: Is this protected by Enterprise or by Trial Edition? Expand Enterprise
Drin Posted July 17, 2019 Posted July 17, 2019 Reveal hidden contents using System; using System.ComponentModel; using System.Drawing; using System.Runtime.CompilerServices; using System.Windows.Forms; namespace 测试加密 { // Token: 0x02000002 RID: 2 public class Form1 : Form { // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250 public Form1() { this.3(); } // Token: 0x06000002 RID: 2 RVA: 0x00002074 File Offset: 0x00000274 [MethodImpl(MethodImplOptions.NoInlining)] private void 1(object sender, EventArgs e) { bool flag = this.2.Text == "testCode_ok"; if (flag) { MessageBox.Show("ok"); } else { MessageBox.Show("凭证错误"); } } // Token: 0x06000003 RID: 3 RVA: 0x000020B8 File Offset: 0x000002B8 [MethodImpl(MethodImplOptions.NoInlining)] protected override void Dispose(bool disposing) { bool flag = disposing && this.0 != null; if (flag) { this.0.Dispose(); } base.Dispose(disposing); } // Token: 0x06000004 RID: 4 RVA: 0x000020F0 File Offset: 0x000002F0 [MethodImpl(MethodImplOptions.NoInlining)] private void 3() { this.1 = new Button(); this.2 = new TextBox(); this.3 = new Label(); base.SuspendLayout(); this.1.Location = new Point(451, 121); this.1.Name = "button1"; this.1.Size = new Size(75, 23); this.1.TabIndex = 0; this.1.Text = "button1"; this.1.UseVisualStyleBackColor = true; this.1.Click += this.1; this.2.Location = new Point(295, 123); this.2.Name = "textBox1"; this.2.Size = new Size(100, 21); this.2.TabIndex = 1; this.3.AutoSize = true; this.3.Location = new Point(254, 126); this.3.Name = "label1"; this.3.Size = new Size(35, 12); this.3.TabIndex = 2; this.3.Text = "凭证:"; base.AutoScaleDimensions = new SizeF(6f, 12f); base.AutoScaleMode = AutoScaleMode.Font; base.ClientSize = new Size(800, 450); base.Controls.Add(this.3); base.Controls.Add(this.2); base.Controls.Add(this.1); base.Name = "Form1"; this.Text = "Form1"; base.ResumeLayout(false); base.PerformLayout(); } // Token: 0x06000017 RID: 23 RVA: 0x00002444 File Offset: 0x00000644 // Note: this type is marked as 'beforefieldinit'. static Form1() { ZYXDNGuarder.Startup(); } // Token: 0x04000001 RID: 1 private IContainer 0 = null; // Token: 0x04000002 RID: 2 private Button 1; // Token: 0x04000003 RID: 3 private TextBox 2; // Token: 0x04000004 RID: 4 private Label 3; } } 1
CodeExplorer Posted July 17, 2019 Posted July 17, 2019 I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view!
Drin Posted July 21, 2019 Posted July 21, 2019 On 7/17/2019 at 12:31 PM, CodeExplorer said: I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view! Expand Manually founded offsets (CRC/Trial/Anti-jit/Anti-resolver) in HVMRuntm.dll and patched them, also hooked GetModuleFileNameA(0, ..) to return name of unpacking target and used DNGuard_HVM_Unpackerfr4
CreateAndInject Posted November 7, 2019 Posted November 7, 2019 @CodeExplorer : There's only one post by @Drin in July 21, so where did you see his post in July 17? 1
CodeExplorer Posted November 8, 2019 Posted November 8, 2019 @@CreateAndInject : That post was hidden from view (only moderators can see it). There is another Drin post where he only posted unpacked exe with no explanation at all so it was removed from view!
woker124 Posted December 12, 2019 Posted December 12, 2019 @CodeExplorer, @Drin Can you share unpacker tool for 3.8.4 ?
Reza-HNA Posted March 19, 2020 Posted March 19, 2020 it wasn't hard as i thought, i just retrieved IL code from jit and patch anti-resolver. (no need to patch anti-eh because there isn't any EH) UnpackMe-clean.exeFetching info...
0x59 Posted January 6, 2021 Posted January 6, 2021 (edited) net_3_5_Debug.rar After hook jit i got results like this but i was lazy to clean it all so i just figured out password : testCode_ok just modify the tool i upload here dm me for more infos Edited January 6, 2021 by 0x59 1
bemka Posted July 2, 2021 Posted July 2, 2021 On 1/6/2021 at 8:50 AM, 0x59 said: net_3_5_Debug.rar After hook jit i got results like this but i was lazy to clean it all so i just figured out password : testCode_ok just modify the tool i upload here dm me for more infos Expand can you help me how to fix jitdumper3 I sent you a message but you didn't reply
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now