Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Search Forums
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Showing results 1 to 25 of 125
Search took 0.01 seconds.
Search: Posts Made By: bigmouse
Forum: .NET Reverse Engineering 08-07-2010, 08:28 AM
Replies: 1
Views: 8,488
Posted By bigmouse
learn about jithook. their jit protection is very...

learn about jithook.
their jit protection is very simple.
Forum: .NET Reverse Engineering 06-05-2010, 01:47 PM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao: thanks, i'v noticed this yet and doing...

@kao: thanks, i'v noticed this yet and doing it.
now, i'm going to update my maxtocode unpacker.

@jacky: no doubt that they improved ecryption and added more Algorithms. that's very easy to do.

no...
Forum: .NET Reverse Engineering 05-30-2010, 11:46 AM
Replies: 5
Views: 8,354
Posted By bigmouse
it's better to use obfuscation together with...

it's better to use obfuscation together with protector.

don't choose whole assembly protection protector, a per method protection protector is enough for most purpose.
such as dnguard pro,...
Forum: .NET Reverse Engineering 05-30-2010, 10:59 AM
Replies: 44
Views: 32,625
Posted By bigmouse
still can't recover LocalVarSigTok, it never...

still can't recover LocalVarSigTok, it never restore the original LocalVarSigTok at runtime. but i noticed the CORINFO_SIG_INFO struct, the last member of CORINFO_METHOD_INFO, it would be possible...
Forum: .NET Reverse Engineering 05-26-2010, 08:39 AM
Replies: 44
Views: 32,625
Posted By bigmouse
@bball0002 did your receive my PM. maybe i got...

@bball0002 did your receive my PM.
maybe i got sth. about hvm, and want to verify it.
Forum: .NET Reverse Engineering 05-22-2010, 09:44 AM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao is there a better way to recover...

@kao
is there a better way to recover LocalVarSigTok from jit hook?

i'd like to make re-max more generic.
Forum: .NET Reverse Engineering 05-19-2010, 08:22 PM
Replies: 44
Views: 32,625
Posted By bigmouse
[Please DO NOT quote whole messages] yes, i...

[Please DO NOT quote whole messages]

yes, i checked this on vm xp with original .NET v2.0.50727.42 .
without any changes , got the original il code.

that's very strange. maybe some triggered on my...
Forum: .NET Reverse Engineering 05-19-2010, 11:54 AM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao i'm not hook this function, i hooked a...

@kao
i'm not hook this function, i hooked a function 2 levels deep than jitNativeCode.

what your sad doesn't affect to me, that's not the problem.
Forum: .NET Reverse Engineering 05-18-2010, 09:47 AM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao i got first and second ilcode at different...

@kao
i got first and second ilcode at different memory address.

ant got similar ilcode second time, most like the original one. but some bytes different.

i'm using .net v2.0.50727.42 with some...
Forum: .NET Reverse Engineering 05-17-2010, 09:30 AM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao: Thanks for the info i have checked the ret...

@kao: Thanks for the info
i have checked the ret value and never called .

you can see method 06000002.
compile is ok. but ilcode decompile error.
Forum: .NET Reverse Engineering 05-15-2010, 09:56 PM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao do you real checked this? i noticed that...

@kao
do you real checked this?
i noticed that dnguard called jit twice.
for Professional v2.92, the second time with correct IlCode.
but this sample ,i found the Ilcode contians some invalid values.
Forum: .NET Reverse Engineering 05-15-2010, 11:21 AM
Replies: 44
Views: 32,625
Posted By bigmouse
@kao good job, and do you looked into jit hook. i...

@kao
good job, and do you looked into jit hook.
i hooked jit, found the passed ilcode contains some invalid values.
for Professional v2.92, can get correct ilcode from jit hook.
Forum: .NET Reverse Engineering 05-12-2010, 08:50 PM
Replies: 44
Views: 32,625
Posted By bigmouse
Hi all, who can pm me the link of the new...

Hi all,
who can pm me the link of the new unpackeme?
Forum: .NET Reverse Engineering 05-08-2010, 10:11 AM
Replies: 44
Views: 32,625
Posted By bigmouse
I have worked with an app protected by...

I have worked with an app protected by Professional v2.92.
it's more hard than this crackme.

seems to the ILCode was stored 'as is' in the last section of crackme.exe, just like the trial does.
but...
Forum: .NET Reverse Engineering 09-04-2009, 05:12 AM
Replies: 5
Views: 8,176
Posted By bigmouse
unpacked maxtocode 3.44 1.exe.rar (155.90 kB) ...

unpacked maxtocode 3.44

1.exe.rar (155.90 kB)

Download Link: http://www.filesend.net/download.php?f=58426e95b35ac1886afa080a80fb9c30
Forum: .NET Reverse Engineering 05-15-2009, 01:08 AM
Replies: 2
Views: 3,977
Posted By bigmouse
unpacked.rar (68.46 kB) Download Link:...

unpacked.rar (68.46 kB)

Download Link: http://www.filesend.net/download.php?f=d1f52a46f016e47f19cc9350a14818c6
Forum: .NET Reverse Engineering 05-08-2009, 03:18 AM
Replies: 3
Views: 4,770
Posted By bigmouse
LocoyModule.exe_un.rar (70.90 kB) Download...

LocoyModule.exe_un.rar (70.90 kB)

Download Link: http://www.filesend.net/download.php?f=1029e58ac6cf868375c5c587c69da58c
Forum: .NET Reverse Engineering 04-13-2009, 09:40 PM
Replies: 3
Views: 5,053
Posted By bigmouse
unpacked un.rar (77.21 kB) Download Link:...

unpacked

un.rar (77.21 kB)

Download Link:
http://www.filesend.net/download.php?f=091ad85b7a04f98b301f42eadd1dd987
Forum: .NET Reverse Engineering 03-31-2009, 09:26 PM
Replies: 22
Views: 27,204
Posted By bigmouse
AnyOffice.WorkFlowRegex.FormControl.O10011llOOOOll...

AnyOffice.WorkFlowRegex.FormControl.O10011llOOOOll llll0()

.method private hidebysig instance string
O10011llOOOOllllll0() cil managed
{
// Code size 399 (0x18f)
.maxstack 4
...
Forum: .NET Reverse Engineering 03-24-2009, 05:21 AM
Replies: 22
Views: 27,204
Posted By bigmouse
which method? give full type name and method...

which method? give full type name and method name.

use ildasm to see il source code.
Forum: .NET Reverse Engineering 03-19-2009, 04:53 AM
Replies: 22
Views: 27,204
Posted By bigmouse
Components_unpacked.rar (121.73 kB)...

Components_unpacked.rar (121.73 kB)

http://www.filesend.net/download.php?f=f8888730d9290b732622c9ec56a23739

protected by maxtocode V 3.39
Forum: .NET Reverse Engineering 03-06-2009, 02:21 AM
Replies: 22
Views: 27,204
Posted By bigmouse
unpacked: Download Link:...

unpacked:

Download Link: http://www.filesend.net/download.php?f=4aa6da07a89fd609337d6dd58606ed88
Forum: .NET Reverse Engineering 03-05-2009, 03:32 AM
Replies: 9
Views: 8,470
Posted By bigmouse
is this your Example? there should have sk.dll,...

is this your Example?

there should have sk.dll, zl.dll, Interop.SHDocVw.dll , Microsoft.mshtml.dll .....
Forum: .NET Reverse Engineering 03-04-2009, 11:45 PM
Replies: 9
Views: 8,470
Posted By bigmouse
see EXE's manifest .assembly extern sk { .ver...

see EXE's manifest

.assembly extern sk
{
.ver 2:0:50727:0
}
.assembly extern zl
{
.ver 1:0:0:0
}
Forum: .NET Reverse Engineering 03-04-2009, 04:41 AM
Replies: 9
Views: 8,470
Posted By bigmouse
i say some dlls, not maxtocode runtime dll. if...

i say some dlls, not maxtocode runtime dll.

if you create the assembly , you should know which dlls is needed to run this assembly.
Showing results 1 to 25 of 125

 
Forum Jump




Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.