Magi Posted June 26, 2019 Share Posted June 26, 2019 Language : .NET Platform : Windows OS Version : All Packer / Protector : DNGuard 3.8.4.0 - Enterprise Description : Unpack this file it is DNGuard HVM. Screenshot : CM.rar Link to comment Share on other sites More sharing options...
CodeExplorer Posted June 26, 2019 Share Posted June 26, 2019 Is this protected by Enterprise or by Trial Edition? Link to comment Share on other sites More sharing options...
Magi Posted June 26, 2019 Author Share Posted June 26, 2019 1 hour ago, CodeExplorer said: Is this protected by Enterprise or by Trial Edition? Enterprise Link to comment Share on other sites More sharing options...
Drin Posted July 16, 2019 Share Posted July 16, 2019 Unpacked.exe Link to comment Share on other sites More sharing options...
Drin Posted July 17, 2019 Share Posted July 17, 2019 Spoiler using System; using System.ComponentModel; using System.Drawing; using System.Runtime.CompilerServices; using System.Windows.Forms; namespace 测试加密 { // Token: 0x02000002 RID: 2 public class Form1 : Form { // Token: 0x06000001 RID: 1 RVA: 0x00002050 File Offset: 0x00000250 public Form1() { this.3(); } // Token: 0x06000002 RID: 2 RVA: 0x00002074 File Offset: 0x00000274 [MethodImpl(MethodImplOptions.NoInlining)] private void 1(object sender, EventArgs e) { bool flag = this.2.Text == "testCode_ok"; if (flag) { MessageBox.Show("ok"); } else { MessageBox.Show("凭证错误"); } } // Token: 0x06000003 RID: 3 RVA: 0x000020B8 File Offset: 0x000002B8 [MethodImpl(MethodImplOptions.NoInlining)] protected override void Dispose(bool disposing) { bool flag = disposing && this.0 != null; if (flag) { this.0.Dispose(); } base.Dispose(disposing); } // Token: 0x06000004 RID: 4 RVA: 0x000020F0 File Offset: 0x000002F0 [MethodImpl(MethodImplOptions.NoInlining)] private void 3() { this.1 = new Button(); this.2 = new TextBox(); this.3 = new Label(); base.SuspendLayout(); this.1.Location = new Point(451, 121); this.1.Name = "button1"; this.1.Size = new Size(75, 23); this.1.TabIndex = 0; this.1.Text = "button1"; this.1.UseVisualStyleBackColor = true; this.1.Click += this.1; this.2.Location = new Point(295, 123); this.2.Name = "textBox1"; this.2.Size = new Size(100, 21); this.2.TabIndex = 1; this.3.AutoSize = true; this.3.Location = new Point(254, 126); this.3.Name = "label1"; this.3.Size = new Size(35, 12); this.3.TabIndex = 2; this.3.Text = "凭证:"; base.AutoScaleDimensions = new SizeF(6f, 12f); base.AutoScaleMode = AutoScaleMode.Font; base.ClientSize = new Size(800, 450); base.Controls.Add(this.3); base.Controls.Add(this.2); base.Controls.Add(this.1); base.Name = "Form1"; this.Text = "Form1"; base.ResumeLayout(false); base.PerformLayout(); } // Token: 0x06000017 RID: 23 RVA: 0x00002444 File Offset: 0x00000644 // Note: this type is marked as 'beforefieldinit'. static Form1() { ZYXDNGuarder.Startup(); } // Token: 0x04000001 RID: 1 private IContainer 0 = null; // Token: 0x04000002 RID: 2 private Button 1; // Token: 0x04000003 RID: 3 private TextBox 2; // Token: 0x04000004 RID: 4 private Label 3; } } 1 Link to comment Share on other sites More sharing options...
CodeExplorer Posted July 17, 2019 Share Posted July 17, 2019 I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view! Link to comment Share on other sites More sharing options...
Drin Posted July 21, 2019 Share Posted July 21, 2019 On 7/17/2019 at 3:31 PM, CodeExplorer said: I've seen that Drin user posted solutions but without any explanation/tutorial so it has removed from view! Manually founded offsets (CRC/Trial/Anti-jit/Anti-resolver) in HVMRuntm.dll and patched them, also hooked GetModuleFileNameA(0, ..) to return name of unpacking target and used DNGuard_HVM_Unpackerfr4 Link to comment Share on other sites More sharing options...
CreateAndInject Posted November 7, 2019 Share Posted November 7, 2019 @CodeExplorer : There's only one post by @Drin in July 21, so where did you see his post in July 17? 1 Link to comment Share on other sites More sharing options...
localhost0 Posted November 8, 2019 Share Posted November 8, 2019 dnguard so good :)) Link to comment Share on other sites More sharing options...
CodeExplorer Posted November 8, 2019 Share Posted November 8, 2019 @@CreateAndInject : That post was hidden from view (only moderators can see it). There is another Drin post where he only posted unpacked exe with no explanation at all so it was removed from view! Link to comment Share on other sites More sharing options...
peekair Posted December 6, 2019 Share Posted December 6, 2019 Quote testCode_ok 1 Link to comment Share on other sites More sharing options...
woker124 Posted December 12, 2019 Share Posted December 12, 2019 @CodeExplorer, @Drin Can you share unpacker tool for 3.8.4 ? Link to comment Share on other sites More sharing options...
Reza-HNA Posted March 19, 2020 Share Posted March 19, 2020 it wasn't hard as i thought, i just retrieved IL code from jit and patch anti-resolver. (no need to patch anti-eh because there isn't any EH) UnpackMe-clean.exe Link to comment Share on other sites More sharing options...
0x59 Posted January 6, 2021 Share Posted January 6, 2021 (edited) net_3_5_Debug.rar After hook jit i got results like this but i was lazy to clean it all so i just figured out password : testCode_ok just modify the tool i upload here dm me for more infos Edited January 6, 2021 by 0x59 1 Link to comment Share on other sites More sharing options...
bemka Posted July 2, 2021 Share Posted July 2, 2021 On 1/6/2021 at 3:50 PM, 0x59 said: net_3_5_Debug.rar After hook jit i got results like this but i was lazy to clean it all so i just figured out password : testCode_ok just modify the tool i upload here dm me for more infos can you help me how to fix jitdumper3 I sent you a message but you didn't reply Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now