#1
|
|||
|
|||
Question regarding .NET dumping
Hello guys, usually i only reverse native applications but I've started to get some interest in .NET as well, so i have a question
My target is packed with themida. The problem is that, when i load the program it will say "invalid email" or yeah you know.. Then it will auto close the dos window so i dont have time to press dump process. So i tried a different approach, i started the file with MegaDumper and used the option to break on load, but after i did that it will break on laod on the first dos window but there are actually two that opens, the first one loads a second one who stated the invalid text. So yeah it will break on the first one and if i dump it at that point the program will get an exception and non-functional. Could anyone help me out on this or tell me some tools i might use instead to get me on the right track ? This is not a request because i want to do this myself to learn different obsticles. I will attach the file so that you might be able to understand it better as im bad at explaining Thank you four time, have a good day https://www.sendspace.com/file/lhgpkj |
#2
|
|||
|
|||
I actually fixed the issue, the issue was as simple as the name on the file after it was dumped was not correct, funny
|
#3
|
|||
|
|||
I think GIV has a themida.net tutorial somewhere.
greetings |
The Following User Gave Reputation+1 to mr.exodia For This Useful Post: | ||
0x22 (08-28-2014) |
#4
|
|||
|
|||
Maybe this tutorial by GIV can help you
Regards http://rghost.net/57624131 |
The Following User Gave Reputation+1 to wilson bibe For This Useful Post: | ||
0x22 (08-28-2014) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Dumping protected memory? | tr1stan | General Discussion | 6 | 08-24-2004 14:37 |
svkp dumping problem | SvensK | General Discussion | 30 | 05-10-2004 07:09 |
Dumping | sfld | General Discussion | 2 | 03-20-2004 23:56 |
Dumping a dll with ollydump | ceK52z | General Discussion | 6 | 02-08-2004 19:39 |