Jump to content
Tuts 4 You
  • 0
mamo434376

[.NET] Modded KoiVM V4

Question

mamo434376

Language : .NET
Platform : Windows
OS Version : All
Packer / Protector : Modded KoiVM


Description :
easy - medium arası bişi moruq

Screenshot :
992799597_EkranAlnts.PNG.65f445ad304b03575850d1403966dfb2.PNG

Protected.rar

Share this post


Link to post

5 answers to this question

Recommended Posts

  • 0
TobitoFatito

Tutorial:

Removed anti-tamper from the .dll manually and then ran a mutations remover.

After that i modified oldrod to find the specific entry type of the runtime dll by mdtoken,

then i modified a method on oldrod to get the 2 'run' methods by mdtokens, since it can't

really detect them since the parameters are changed,

orlqDtv.png

After that i simply edited the method on oldrod which gets the exportID of a method, and added the mutation that

you did on the runtime dll, zPIrHIF.png

After saving i just runned oldrod with these arguments

LmJoXxx.png

UnpakMEG_Devirtualized.zip

Edited by TobitoFatito
Here (see edit history)

Share this post


Link to post
  • 0
CodeExplorer

@TobitoFatito:
Please explain what you did !!!
 

Share this post


Link to post
  • 0
mamo434376
30 minutes ago, CodeExplorer said:

@TobitoFatito:
Please explain what you did !!!
 

???

Share this post


Link to post
  • 0
CodeExplorer

@mamo434376: Not you. :-)
@TobitoFatito Posted a solution but without  explaining what he did so the post is still unapproved : can be viewed only by moderators.
After he will explain a bit of what he did I will approve those posts!
 

Edited by CodeExplorer (see edit history)

Share this post


Link to post
  • 0
mamo434376
18 hours ago, TobitoFatito said:

Tutorial:

Removed anti-tamper from the .dll manually and then ran a mutations remover.

After that i modified oldrod to find the specific entry type of the runtime dll by mdtoken,

then i modified a method on oldrod to get the 2 'run' methods by mdtokens, since it can't

really detect them since the parameters are changed,

orlqDtv.png

After that i simply edited the method on oldrod which gets the exportID of a method, and added the mutation that

you did on the runtime dll, zPIrHIF.png

After saving i just runned oldrod with these arguments

LmJoXxx.png

UnpakMEG_Devirtualized.zip 10.05 kB · 3 downloads

Y O U  N O T  C O M E ☜(゚ヮ゚☜)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...