Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-13-2014, 15:08
obfuscator obfuscator is offline
Friend
 
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
Dotnet Dumper x64bit

Hello Telents

i would like to know can anyone have a tool like CodeCracker's Megadumper which can dump the dotnet files from the ram ? like megadumper is working under 32bit environment only but for 64bit there is no alternative.

Regards
Reply With Quote
  #2  
Old 11-13-2014, 17:26
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 108
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 44 Times in 29 Posts
cybercoder Reputation: 11
I think code was released for most of his dotnet tools, maybe mod it to work with x64.. Something for you to study
Reply With Quote
The Following User Gave Reputation+1 to cybercoder For This Useful Post:
obfuscator (11-13-2014)
  #3  
Old 01-24-2015, 01:35
CodeCracker CodeCracker is offline
Family
 
Join Date: Jun 2011
Posts: 346
Rept. Given: 19
Rept. Rcvd 284 Times in 89 Posts
Thanks Given: 13
Thanks Rcvd at 1,252 Times in 262 Posts
CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299
X64NetDumper

X64NetDumper:
- Restore file name!

How to use guide:
Select target process, select a target directory (where all dumped files will be placed)! Enjoy!
Attached Files
File Type: zip X64NetDumper.zip (9.1 KB, 131 views)
Reply With Quote
The Following 14 Users Gave Reputation+1 to CodeCracker For This Useful Post:
ϻ (01-27-2015), besoeso (01-25-2015), cracki (01-26-2015), giv (01-24-2015), Hookahice (01-26-2015), kOuD3LkA (01-26-2015), nikkapedd (01-25-2015), NoneForce (01-24-2015), NoYes (01-26-2015), obfuscator (01-25-2015), riverstore (02-04-2015), zeuscane (01-25-2015), [ID]ZE (01-26-2015)
The Following User Says Thank You to CodeCracker For This Useful Post:
pnta (08-22-2019)
  #4  
Old 01-25-2015, 01:11
obfuscator obfuscator is offline
Friend
 
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
Thank you so much CodeCracker

its really working well , in 64bit with dongle target can also get dumped if dongle attached

BR
Reply With Quote
  #5  
Old 01-26-2015, 21:27
kOuD3LkA kOuD3LkA is offline
Friend
 
Join Date: Oct 2011
Posts: 8
Rept. Given: 13
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 13
Thanks Rcvd at 0 Times in 0 Posts
kOuD3LkA Reputation: 5
Thank you CodeCracker
Is it possible that someone share it on other download site?
Reply With Quote
  #6  
Old 01-26-2015, 21:33
[ID]ZE [ID]ZE is offline
Friend
 
Join Date: Nov 2013
Posts: 28
Rept. Given: 18
Rept. Rcvd 18 Times in 4 Posts
Thanks Given: 33
Thanks Rcvd at 7 Times in 7 Posts
[ID]ZE Reputation: 18
For Win64 .Net programe,it happen some wrong.Dump the exe of WL encrypted ,it appears "it is not valid pe" when it run in Win64.
Reply With Quote
  #7  
Old 01-27-2015, 06:39
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 868
Rept. Given: 325
Rept. Rcvd 217 Times in 111 Posts
Thanks Given: 170
Thanks Rcvd at 377 Times in 212 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
https://www.sendspace.com/file/2aipq4
Reply With Quote
The Following 2 Users Gave Reputation+1 to sendersu For This Useful Post:
kOuD3LkA (01-27-2015), NoYes (01-27-2015)
  #8  
Old 01-27-2015, 14:13
NoYes NoYes is offline
Friend
 
Join Date: Jul 2014
Posts: 7
Rept. Given: 18
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
NoYes Reputation: 0
Thank you very much CodeCracker.
BTW, it seems that you have forgotten confuse or encrypt the program.
Reply With Quote
  #9  
Old 01-28-2015, 01:46
obfuscator obfuscator is offline
Friend
 
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
@NoYes

he release his codes on sourceforce as open source so there is no need to hide anything
Reply With Quote
  #10  
Old 01-28-2015, 10:58
ontryit ontryit is offline
Friend
 
Join Date: Nov 2011
Posts: 170
Rept. Given: 128
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 372
Thanks Rcvd at 68 Times in 41 Posts
ontryit Reputation: 17
CodeCracker: May be you also can share the source code here ?
Reply With Quote
  #11  
Old 01-28-2015, 17:11
NoYes NoYes is offline
Friend
 
Join Date: Jul 2014
Posts: 7
Rept. Given: 18
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
NoYes Reputation: 0
@obfuscator
Sorry, but I still can't find it. Can you provide the link to me?
Reply With Quote
  #12  
Old 02-04-2015, 18:08
obfuscator obfuscator is offline
Friend
 
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
@NoYes
you can find its code using reflector as dumper is not protected
Reply With Quote
  #13  
Old 02-05-2015, 00:48
NoYes NoYes is offline
Friend
 
Join Date: Jul 2014
Posts: 7
Rept. Given: 18
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
NoYes Reputation: 0
@obfuscator
If using reflector, there still need to fix some errors.
And I found the source code,
include:AssemblyLoad Confuser_Methods_Decryptor ConfuserDelegateKiller ConfuserStringDecryptor ExceptionLogger MegaDumper Reactor_Decryptor Resource_Decryptor Simple_MSIL_Decryptor StaticDecompressor Universal_Fixer. All of these have source code.
Reply With Quote
  #14  
Old 02-22-2015, 02:20
leetone's Avatar
leetone leetone is offline
Family
 
Join Date: Apr 2014
Posts: 146
Rept. Given: 42
Rept. Rcvd 31 Times in 20 Posts
Thanks Given: 21
Thanks Rcvd at 51 Times in 37 Posts
leetone Reputation: 34
Ugh....Okay? At least post the URL you found it, otherwise your post does nothing for others!!

Here guys:

Thanks to CodeCracker, released May 2013 on Tuts4You

AssemblyLoad.7z
https://www.dropbox.com/s/fwbdqbn1en062kt/AssemblyLoad.7z?dl=0

Confuser_Methods_Decryptor.7z
https://www.dropbox.com/s/wqb1h41cemcr95l/Confuser_Methods_Decryptor.7z?dl=0

ConfuserDelegateKiller.7z:
https://www.dropbox.com/s/9enw4cinvx81umd/ConfuserDelegateKiller.7z?dl=0

ConfuserStringDecryptor.7z:
https://www.dropbox.com/s/sjg4k1e5azrsjse/ConfuserStringDecryptor.7z?dl=0

ExceptionLogger.7z:
https://www.dropbox.com/s/i52g33j5df7n2fh/ExceptionLogger.7z?dl=0

MegaDumper.zip:
https://www.dropbox.com/s/i52g33j5df7n2fh/ExceptionLogger.7z?dl=0

ReactorDecryptor.7z:
https://www.dropbox.com/s/5zazh2fcd0uggkt/Reactor_Decryptor.7z?dl=0

ResourceDecryptor.7z:
https://www.dropbox.com/s/bgxmregkf8iqbyj/Resource_Decryptor.7z?dl=0

SimpleMSILDecryptor.7z:
https://www.dropbox.com/s/z6p7jmvknnl6pan/Simple_MSIL_Decryptor.7z?dl=0

StaticDecompressor.7z:
https://www.dropbox.com/s/ra2jw12rlqirakn/StaticDecompressor.7z?dl=0

UniversalFixer.7z:
https://www.dropbox.com/s/vkv57jxc1i8bt37/Universal_Fixer.7z?dl=0

Source only.
Reply With Quote
The Following 2 Users Say Thank You to leetone For This Useful Post:
kOuD3LkA (08-24-2015), NoYes (04-04-2015)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DotNet Renamer v1.1.7 rukov Community Tools 1 02-14-2015 18:22


All times are GMT +8. The time now is 10:03.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2022 )