Posted June 26, 20196 yr Language : .NET Platform : Windows OS Version : All Packer / Protector : DNGuard 3.8.4.0 - Enterprise Description : Unpack this file it is DNGuard HVM. Screenshot : CM.rar
June 26, 20196 yr Author 1 hour ago, CodeExplorer said: Is this protected by Enterprise or by Trial Edition? Enterprise
July 17, 20196 yr Spoiler using System; using System.ComponentModel; using System.Drawing; using System.Runtime.CompilerServices; using System.Windows.Forms; namespace 测试加密 { // Token: 0x02000002 RID: 2 public class Form1 : Form { // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250 public Form1() { this.3(); } // Token: 0x06000002 RID: 2 RVA: 0x00002074 File Offset: 0x00000274 [MethodImpl(MethodImplOptions.NoInlining)] private void 1(object sender, EventArgs e) { bool flag = this.2.Text == "testCode_ok"; if (flag) { MessageBox.Show("ok"); } else { MessageBox.Show("凭证错误"); } } // Token: 0x06000003 RID: 3 RVA: 0x000020B8 File Offset: 0x000002B8 [MethodImpl(MethodImplOptions.NoInlining)] protected override void Dispose(bool disposing) { bool flag = disposing && this.0 != null; if (flag) { this.0.Dispose(); } base.Dispose(disposing); } // Token: 0x06000004 RID: 4 RVA: 0x000020F0 File Offset: 0x000002F0 [MethodImpl(MethodImplOptions.NoInlining)] private void 3() { this.1 = new Button(); this.2 = new TextBox(); this.3 = new Label(); base.SuspendLayout(); this.1.Location = new Point(451, 121); this.1.Name = "button1"; this.1.Size = new Size(75, 23); this.1.TabIndex = 0; this.1.Text = "button1"; this.1.UseVisualStyleBackColor = true; this.1.Click += this.1; this.2.Location = new Point(295, 123); this.2.Name = "textBox1"; this.2.Size = new Size(100, 21); this.2.TabIndex = 1; this.3.AutoSize = true; this.3.Location = new Point(254, 126); this.3.Name = "label1"; this.3.Size = new Size(35, 12); this.3.TabIndex = 2; this.3.Text = "凭证:"; base.AutoScaleDimensions = new SizeF(6f, 12f); base.AutoScaleMode = AutoScaleMode.Font; base.ClientSize = new Size(800, 450); base.Controls.Add(this.3); base.Controls.Add(this.2); base.Controls.Add(this.1); base.Name = "Form1"; this.Text = "Form1"; base.ResumeLayout(false); base.PerformLayout(); } // Token: 0x06000017 RID: 23 RVA: 0x00002444 File Offset: 0x00000644 // Note: this type is marked as 'beforefieldinit'. static Form1() { ZYXDNGuarder.Startup(); } // Token: 0x04000001 RID: 1 private IContainer 0 = null; // Token: 0x04000002 RID: 2 private Button 1; // Token: 0x04000003 RID: 3 private TextBox 2; // Token: 0x04000004 RID: 4 private Label 3; } }
July 17, 20196 yr I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view!
July 21, 20196 yr On 7/17/2019 at 3:31 PM, CodeExplorer said: I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view! Manually founded offsets (CRC/Trial/Anti-jit/Anti-resolver) in HVMRuntm.dll and patched them, also hooked GetModuleFileNameA(0, ..) to return name of unpacking target and used DNGuard_HVM_Unpackerfr4
November 7, 20195 yr @CodeExplorer : There's only one post by @Drin in July 21, so where did you see his post in July 17?
November 8, 20195 yr @@CreateAndInject : That post was hidden from view (only moderators can see it). There is another Drin post where he only posted unpacked exe with no explanation at all so it was removed from view!
March 19, 20205 yr it wasn't hard as i thought, i just retrieved IL code from jit and patch anti-resolver. (no need to patch anti-eh because there isn't any EH) UnpackMe-clean.exe
January 6, 20214 yr net_3_5_Debug.rar After hook jit i got results like this but i was lazy to clean it all so i just figured out password : testCode_ok just modify the tool i upload here dm me for more infos Edited January 6, 20214 yr by 0x59
July 2, 20214 yr On 1/6/2021 at 3:50 PM, 0x59 said: net_3_5_Debug.rar After hook jit i got results like this but i was lazy to clean it all so i just figured out password : testCode_ok just modify the tool i upload here dm me for more infos can you help me how to fix jitdumper3 I sent you a message but you didn't reply
Create an account or sign in to comment