Jump to content
Tuts 4 You

NETProtect.IO v2.0.0

learningit25

By learningit25
in UnPackMe (.NET)

 Share
Go to solution Solved by Reza-HNA,

Recommended Posts

Hadits follower

Hadits follower

Posted
Posted (edited)

""""""""""""""using the JIT-Freezer"""""""""""""""" 

THREADENTRY32 te{};
	auto Hd = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 19796);
	te.dwSize = sizeof(te);
	for(;;) {
if(te.th32OwnerProcessID != 19796) break;
		Thread32Next(Hd, te);
	} 
	Hd = OpenThread(PROCESS_ALL_ACCESS, FALSE, te.th32ThreadID);
	SuspendThread(Hd);

its not jitfreeze, its just suspend process ,

 

anyway if i can not run trial protected exe on other pc thn i think may be its useless 

Edited by Hadits follower
upgraded
  • 2 weeks later...
CodeExplorer

CodeExplorer

Posted
Posted

@whoknows
when I use JIT-Freezer is just silence exist the protected program!
How you did even get corrupted assembly? I think if we have a corrupted assembly and the specific Dnguard version with which was protected we can recreate a valid .NET assembly.
 

whoknows

whoknows

Posted
Posted

hi CE,

PFA

the trial is not running by default... 

 

 

dump tried also with other apps, the result was the same.

Hadits follower

Hadits follower

Posted
Posted (edited)

post rejected

 

Edited by Hadits follower
removed
Hadits follower

Hadits follower

Posted
Posted (edited)

merged

 

 

Edited by Hadits follower
BataBo

BataBo

Posted
Posted

Let's move this discussion to a separate thread

Hadits follower

Hadits follower

Posted
Posted

updated post + Fixed mime type , now video should be open on other browser 

 

i have tested in two mode mode native + dotnet mode 

i dont know if anyone can answer my question if i can not run the trial exe on other pc then what purpose ?????????? of doing this. dont know if i made mistake ,

 

anyway anyone has tried my jitfreezer/suspend process that i posted ?

THREADENTRY32 te{}; auto Hd = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 19796); te.dwSize = sizeof(te); for(;;) { if(te.th32OwnerProcessID == 19796) break; Thread32Next(Hd, te); } Hd = OpenThread(PROCESS_ALL_ACCESS, FALSE, te.th32ThreadID); SuspendThread(Hd);

i do not know why need it for this this trial dng,

i also dump exe over trial message the result

if i dump jit over the trial message i see the result is => i just get dump that message only its in <module> rest all is encrypted what ever 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...