 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
|
|
#1
12-11-2008, 09:22 AM
|
|||
|
|||
Xenocode Postbuild 2008
Hi all,
it is a long time I did not play with .Net protection. Today I see that Xenocode has already a new version 2008. My friend hat helped me to protect my sample crackme so that I can test new version of Xenocode. I would like to share this protected file to you. Here is it: http://www.mediafire.com/?mw0deyzynzk Enjoy yourself with unpacking it. Regards. rca.
__________________
My site: http://rongchaua.net 
|
|
#4
12-12-2008, 06:01 PM
|
|||
|
|||
|
I used windbg and sos to unpack it:
1. load SampleCrackme.exe into windbg 2. let the program run (Debug->Go) 3. as soon as mscorwks is loaded, you can break (Debug->break) 4. load sos: on the command line, type .loadby sos mscorwks 5. dump the AppDomain with sos: type !DumpDomain on the command line 6. You get the list of loaded assemblies; look for assemblies that seem to be loaded from the same location as your main assembly. In this case, you'l find: module XYZ <path>\SampleCrackme.exe 7. let sos save the module: !SaveModule XYZ <dumpdir>\SampleCrackme.exe voilą! you get the unprotected assembly saved to disk. Just unassemble it or load it in reflector to solve the other chalenges. Phil.
|
|
#5
12-13-2008, 12:01 PM
|
|||
|
|||
|
@pvlog:
1. Greate solution. 2. I just suggest to unpack it. I always use this crackme to test a new version of .net protector. It is very easy to solve my crackme. And I did not remember what is right serial for my name too.  . I documented your way with a video. For someone who needs it: Unpack Xenocode @all: Other methods to unpack will be always welcomed.  . Regards. rca.
__________________
My site: http://rongchaua.net Last edited by rongchaua : 02-08-2009 at 07:27 AM.
|
|
#7
01-05-2009, 03:22 PM
|
|||
|
|||
|
rongchaua,
Thanks for the walkthrough on this! pvlog, nice method!
|
|
#8
04-05-2009, 10:13 PM
|
|||
|
|||
|
Quote:
|
Hybrid Mode
