Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Question regarding .NET dumping (https://forum.exetools.com/showthread.php?t=16109)

0x22 08-23-2014 03:56
Question regarding .NET dumping
 
Hello guys, usually i only reverse native applications but I've started to get some interest in .NET as well, so i have a question

My target is packed with themida.
The problem is that, when i load the program it will say "invalid email" or yeah you know.. Then it will auto close the dos window so i dont have time to press dump process.

So i tried a different approach, i started the file with MegaDumper and used the option to break on load, but after i did that it will break on laod on the first dos window but there are actually two that opens, the first one loads a second one who stated the invalid text. So yeah it will break on the first one and if i dump it at that point the program will get an exception and non-functional.

Could anyone help me out on this or tell me some tools i might use instead to get me on the right track ?

This is not a request because i want to do this myself to learn different obsticles. I will attach the file so that you might be able to understand it better as im bad at explaining :)

Thank you four time, have a good day :)

https://www.sendspace.com/file/lhgpkj

0x22 08-23-2014 04:54
I actually fixed the issue, the issue was as simple as the name on the file after it was dumped was not correct, funny :) :D

mr.exodia 08-23-2014 04:58
I think GIV has a themida.net tutorial somewhere.

greetings

wilson bibe 08-23-2014 16:37
3 Attachment(s)
Maybe this tutorial by GIV can help you
Regards
http://rghost.net/57624131


All times are GMT +8. The time now is 20:31.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX