Thread: SMD For Agile
View Single Post
  #18  
Old 05-02-2020, 14:48
CodeCracker CodeCracker is offline
VIP
  
Join Date: Jun 2011
Posts: 905
Rept. Given: 68
Rept. Rcvd 660 Times in 278 Posts
Thanks Given: 64
Thanks Rcvd at 3,819 Times in 717 Posts
CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699 CodeCracker Reputation: 500-699
More note on how you deal with Agile:

https://lifeinhex.com/string-decryption-with-de4dot/

For decrypting strings:
de4dot hello-3.exe --strtyp delegate --strtok 0x060004EC

0x060004EC is the string decryption method - you will have to find manually browsing in Reflector/dnspy.

Force to packer unknown on first deobfuscation:
-p un

I don't know why you have to clean that many times until it got it right (1+2):
.... _msil-cleaned-cleaned-cleaned.exe

SimpleMSILDecryptorForAgile will only decryt methods and is not an unvirtualizer.

Still don't understand why SMD For Agile isn't working for some user not even with NetBox 4. For me all worked fine even on different machines.
Reply With Quote
The Following User Says Thank You to CodeCracker For This Useful Post: