SMD For Agile - Page 2

sajan_saragam · #16 02-28-2020, 19:59

Hey @CodeCracker, @congviet. Can you upload
"SMD_ForAgile_AnyCPU" on any file hosting site? Please..

CodeCracker · #17 03-02-2020, 17:34

Quote:

Originally Posted by sajan_saragam

Hey @CodeCracker, @congviet. Can you upload
"SMD_ForAgile_AnyCPU" on any file hosting site? Please..

https://forum.exetools.com/showpost.php?p=117258&postcount=14

https://www76.zippyshare.com/v/3HxU5ELW/file.html

CodeCracker · #18 05-02-2020, 14:48

More note on how you deal with Agile:

https://lifeinhex.com/string-decryption-with-de4dot/

For decrypting strings:
de4dot hello-3.exe --strtyp delegate --strtok 0x060004EC

0x060004EC is the string decryption method - you will have to find manually browsing in Reflector/dnspy.

Force to packer unknown on first deobfuscation:
-p un

I don't know why you have to clean that many times until it got it right (1+2):
.... _msil-cleaned-cleaned-cleaned.exe

SimpleMSILDecryptorForAgile will only decryt methods and is not an unvirtualizer.

Still don't understand why SMD For Agile isn't working for some user not even with NetBox 4. For me all worked fine even on different machines.

sendersu · #19 05-02-2020, 22:41

Quote:

Originally Posted by CodeCracker

More note on how you deal with Agile:

Still don't understand why SMD For Agile isn't working for some user not even with NetBox 4. For me all worked fine even on different machines.

maybe save video how you use it

halplis · #20 01-10-2022, 08:29

Hello folks. where I can get SJITHook.dll?

For some reason I cannot download files from the forum so I only could download from one of the external links.

congviet · #21 01-10-2022, 22:46

Quote:

Originally Posted by halplis

Hello folks. where I can get SJITHook.dll?

For some reason I cannot download files from the forum so I only could download from one of the external links.

Check attach file

Bidasci · #22 10-17-2022, 05:18

Thank you for this. This will be very useful.

EDIT: I am getting the error Arithmetic operation resulted in an overflow when trying to deobfuscate a DLL.

The full log is here:

Code:

************** Exception Text **************
System.OverflowException: Arithmetic operation resulted in an overflow.
   at System.IntPtr.op_Explicit(IntPtr value)
   at Simple_MSIL_Decryptor.MainForm.SendToJit()
   at System.AppDomain.DoCallBack(CrossAppDomainDelegate callBackDelegate)
   at Simple_MSIL_Decryptor.MainForm.Button2Click(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
   at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
   at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
   at System.Windows.Forms.Control.WndProc(Message& m)
   at System.Windows.Forms.ButtonBase.WndProc(Message& m)
   at System.Windows.Forms.Button.WndProc(Message& m)
   at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9075.0 built by: NET481REL1LAST_C
    CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll
----------------------------------------
Simple_MSIL_Decryptor
    Assembly Version: 1.0.0.0
    Win32 Version: 1.0.0.0
    CodeBase: file:///C:/Users/Bidasci/LaunchBox/Core/Simple_MSIL_Decryptor.exe
----------------------------------------
System.Windows.Forms
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9075.0 built by: NET481REL1LAST_C
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9065.0 built by: NET481REL1LAST_C
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Configuration
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------
Accessibility
    Assembly Version: 4.0.0.0
    Win32 Version: 4.8.9032.0 built by: NET481REL1
    CodeBase: file:///C:/WINDOWS/Microsoft.Net/assembly/GAC_MSIL/Accessibility/v4.0_4.0.0.0__b03f5f7f11d50a3a/Accessibility.dll
----------------------------------------

sendersu · #23 10-18-2022, 01:50

any chance to support .net higher then 4.0? (eg 5.0,, 6.0?)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Unpack Agile.NET	Mendax47	General Discussion	2	06-28-2021 21:38
Agile.Net 6.4 Unpack	Hexcode	General Discussion	7	11-30-2020 17:59

The Following User Says Thank You to CodeCracker For This Useful Post:

The Following User Says Thank You to congviet For This Useful Post:
Bidasci (10-17-2022)