Exetools
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   SMD For Agile (https://forum.exetools.com/showthread.php?t=19219)

sajan_saragam 02-28-2020 19:59
Hey @CodeCracker, @congviet. Can you upload
"SMD_ForAgile_AnyCPU" on any file hosting site? Please..

CodeCracker 03-02-2020 17:34
Quote:
Originally Posted by sajan_saragam (Post 119428)
Hey @CodeCracker, @congviet. Can you upload
"SMD_ForAgile_AnyCPU" on any file hosting site? Please..

https://forum.exetools.com/showpost.php?p=117258&postcount=14

https://www76.zippyshare.com/v/3HxU5ELW/file.html

CodeCracker 05-02-2020 14:48
More note on how you deal with Agile:

https://lifeinhex.com/string-decryption-with-de4dot/

For decrypting strings:
de4dot hello-3.exe --strtyp delegate --strtok 0x060004EC

0x060004EC is the string decryption method - you will have to find manually browsing in Reflector/dnspy.

Force to packer unknown on first deobfuscation:
-p un

I don't know why you have to clean that many times until it got it right (1+2):
.... _msil-cleaned-cleaned-cleaned.exe

SimpleMSILDecryptorForAgile will only decryt methods and is not an unvirtualizer.

Still don't understand why SMD For Agile isn't working for some user not even with NetBox 4. For me all worked fine even on different machines.

sendersu 05-02-2020 22:41
Quote:
Originally Posted by CodeCracker (Post 120020)
More note on how you deal with Agile:



Still don't understand why SMD For Agile isn't working for some user not even with NetBox 4. For me all worked fine even on different machines.
maybe save video how you use it

halplis 01-10-2022 08:29
The dll
 
Hello folks. where I can get SJITHook.dll?

For some reason I cannot download files from the forum so I only could download from one of the external links.

congviet 01-10-2022 22:46
1 Attachment(s)
Quote:
Originally Posted by halplis (Post 124459)
Hello folks. where I can get SJITHook.dll?

For some reason I cannot download files from the forum so I only could download from one of the external links.
Check attach file

Bidasci 10-17-2022 05:18
Thank you for this. This will be very useful.

EDIT: I am getting the error Arithmetic operation resulted in an overflow when trying to deobfuscate a DLL.

The full log is here:

Code:
************** Exception Text **************
System.OverflowException: Arithmetic operation resulted in an overflow.
  at System.IntPtr.op_Explicit(IntPtr value)
  at Simple_MSIL_Decryptor.MainForm.SendToJit()
  at System.AppDomain.DoCallBack(CrossAppDomainDelegate callBackDelegate)
  at Simple_MSIL_Decryptor.MainForm.Button2Click(Object sender, EventArgs e)
  at System.Windows.Forms.Control.OnClick(EventArgs e)
  at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
  at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
  at System.Windows.Forms.Control.WndProc(Message& m)
  at System.Windows.Forms.ButtonBase.WndProc(Message& m)
  at System.Windows.Forms.Button.WndProc(Message& m)
  at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9075.0 built by: NET481REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
Simple_MSIL_Decryptor
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Bidasci/LaunchBox/Core/Simple_MSIL_Decryptor.exe
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9075.0 built by: NET481REL1LAST_C
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9065.0 built by: NET481REL1LAST_C
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Accessibility
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/Accessibility/v4.0_4.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------

sendersu 10-18-2022 01:50
any chance to support .net higher then 4.0? (eg 5.0,, 6.0?)

CodeCracker 11-05-2023 00:35
An updated version
 
An updated version attached, fixed some generic type instantiation.

amatory 11-05-2023 02:27
Not trying to steal the thread. If this is not allowed, please quote and I will remove this thread.

For some reason, SMD becomes unresponsive for me. For anyone having issues with SMD, you can also use the following process:

1. Run ManagetJITerFR4 in Netbox 4
2. Then run SAE in-built deobfuscator module with Strings Only mode
3. Then de4dot Reactor v4.9

CodeCracker 11-07-2023 19:47
At the moment only x86 (32 bits) assemblies are supported.
What's new:
- get ride of SJITHook.dll
- added support for more Frameworks: only tested with Framework 4.5 and 4.8 at this moment;
I wanna ask you to test SMD_FOR_AGILE in various Frameworks and report back if it is working or not.
Download link:
https://workupload.com/file/wyfrJKjCRcx

CodeCracker 11-09-2023 22:18
What's new:
- Finally added support for x64 assemblies, now is released as any cpu;
Only tested with Framework 4.0, 4.5 and 4.8 at this moment.
Will be great if someone will test it with more Frameworks.
Download link:
https://workupload.com/file/rGGMtpWJ2Y7
a simple x64 unpackme:
https://workupload.com/file/YBNad7ua6Hc

CodeCracker 11-29-2023 23:49
An updated version:
https://workupload.com/file/zVujwwPX7u5
What's new: - Added "WPF Application fix" to make System.Windows.Application.Current different from null
- Added "No new Appdomain" - when selected no new AppDomain is created, default unchecked
- Added "Patch GetExecutinAsm" - Assembly.GetExecutingAssembly / Assembly.GetCallingAssembly will be patched only when this checkbox is selected, default unchecked

hp3 01-07-2024 22:03
hi
CodeCracker :

this last version can use for x86 file too ?

CodeCracker 01-08-2024 01:17
Quote:
Originally Posted by hp3 (Post 129851)
this last version can use for x86 file too ?
Yes. Released as x86 with AnyCpu marked.
The last version has "32bits required" unmarked in .NET Directory -> Flag
so it in x86 system will runs as 32 bits;
in 64 bits OS will run as x64.


All times are GMT +8. The time now is 11:48.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX