Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 07-15-2010, 12:13 PM
qrx qrx is offline
Junior Member
Join Date: Jul 2010
Posts: 1
Default Deobfuscating Xenocode Postbuild 2010

This is my first post, and I'm a complete newbie so go easy on me.

I'm wondering if there is an easy way to deobfuscate xenocode postbuild 2010 protected applications. I can open the exe in Reflector but the code is obfuscated.

I tried using the latest version of DeXe (XeCoString) but it seems it doesn't support 2010 (it throws an error when I try to deobfuscate it).

I'm assuming that the app is protected with the 2010 version of Xenocode since older versions doesn't support Win7 (and the app runs on that OS). I found references in the app to Xenocode by looking at it in a hex viewer but it doesn't tell which version it's protected with (ie 2005-2010). Based on this I'm assuming it's 2010 but if I'm wrong let me know.

PID tells me it's Xenocode, and by using PE Tools (and since it opens fine in Reflector) I figured it's protected by Postbuild and not Xenocode Virtual Application Studio.

What can I do?
Let me know if my assumptions are wrong.

Last edited by qrx : 07-15-2010 at 12:20 PM.
Reply With Quote
Old 07-15-2010, 01:41 PM
bball0002 bball0002 is offline
Senior Member
Join Date: Mar 2009
Posts: 72

Use SimpleAssembly Explorer:
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.