Originally Posted by kao
•Using .cctor's to initialize protection, invalid .NET metadata, using delegates and strong name key protection are the only things that are really .NET specific.
Yes , sorry if i was not so specific but that's what i was talking about .
I liked the approach used by XHEO on using the .cctor to start the protection
Obviously i agree with you that .NET being a interpreted language can't have strong protection (like flash or java for example) .
All protections used to obfuscate a .NET assembly that are at least decent comes from unmanaged x86 world .
Just a question .... to unpack XHEO did u analyze the whole packer code or just hooked the JIT to get unencrypted code ?