Exetools  

Go Back   Exetools > General > Community Tools
Reload this Page Dotnet Dumper x64bit
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-13-2014, 15:08
obfuscator obfuscator is offline
Friend
  
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
Dotnet Dumper x64bit
Hello Telents

i would like to know can anyone have a tool like CodeCracker's Megadumper which can dump the dotnet files from the ram ? like megadumper is working under 32bit environment only but for 64bit there is no alternative.

Regards
Reply With Quote
  #2  
Old 11-13-2014, 17:26
cybercoder cybercoder is offline
Friend
  
Join Date: Aug 2005
Posts: 114
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 22
Thanks Rcvd at 46 Times in 31 Posts
cybercoder Reputation: 11
I think code was released for most of his dotnet tools, maybe mod it to work with x64.. Something for you to study
Reply With Quote
The Following User Gave Reputation+1 to cybercoder For This Useful Post:
obfuscator (11-13-2014)
  #3  
Old 01-24-2015, 01:35
CodeCracker CodeCracker is offline
VIP
  
Join Date: Jun 2011
Posts: 464
Rept. Given: 27
Rept. Rcvd 404 Times in 132 Posts
Thanks Given: 21
Thanks Rcvd at 1,868 Times in 357 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
X64NetDumper
X64NetDumper:
- Restore file name!

How to use guide:
Select target process, select a target directory (where all dumped files will be placed)! Enjoy!
Attached Files
File Type: zip X64NetDumper.zip (9.1 KB, 134 views)
Reply With Quote
The Following 14 Users Gave Reputation+1 to CodeCracker For This Useful Post:
ÀÏ»ï¼Æ (01-27-2015), besoeso (01-25-2015), cracki (01-26-2015), giv (01-24-2015), HooK (01-26-2015), kOuD3LkA (01-26-2015), nikkapedd (01-25-2015), NoneForce (01-24-2015), NoYes (01-26-2015), obfuscator (01-25-2015), riverstore (02-04-2015), zeuscane (01-25-2015), [ID]ZE (01-26-2015)
The Following User Says Thank You to CodeCracker For This Useful Post:
pnta (08-22-2019)
  #4  
Old 01-25-2015, 01:11
obfuscator obfuscator is offline
Friend
  
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
Thank you so much CodeCracker

its really working well , in 64bit with dongle target can also get dumped if dongle attached

BR
Reply With Quote
  #5  
Old 01-26-2015, 21:27
kOuD3LkA kOuD3LkA is offline
Friend
  
Join Date: Oct 2011
Posts: 9
Rept. Given: 13
Rept. Rcvd 5 Times in 2 Posts
Thanks Given: 24
Thanks Rcvd at 0 Times in 0 Posts
kOuD3LkA Reputation: 5
Thank you CodeCracker
Is it possible that someone share it on other download site?
Reply With Quote
  #6  
Old 01-26-2015, 21:33
[ID]ZE [ID]ZE is offline
Friend
  
Join Date: Nov 2013
Posts: 28
Rept. Given: 18
Rept. Rcvd 18 Times in 4 Posts
Thanks Given: 33
Thanks Rcvd at 7 Times in 7 Posts
[ID]ZE Reputation: 18
For Win64 .Net programe,it happen some wrong.Dump the exe of WL encrypted ,it appears "it is not valid pe" when it run in Win64.
Reply With Quote
  #7  
Old 01-27-2015, 06:39
sendersu sendersu is offline
VIP
  
Join Date: Oct 2010
Posts: 1,067
Rept. Given: 332
Rept. Rcvd 223 Times in 115 Posts
Thanks Given: 235
Thanks Rcvd at 512 Times in 288 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
https://www.sendspace.com/file/2aipq4
Reply With Quote
The Following 2 Users Gave Reputation+1 to sendersu For This Useful Post:
kOuD3LkA (01-27-2015), NoYes (01-27-2015)
  #8  
Old 01-27-2015, 14:13
NoYes NoYes is offline
Friend
  
Join Date: Jul 2014
Posts: 7
Rept. Given: 18
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
NoYes Reputation: 0
Thank you very much CodeCracker.
BTW, it seems that you have forgotten confuse or encrypt the program.
Reply With Quote
  #9  
Old 01-28-2015, 01:46
obfuscator obfuscator is offline
Friend
  
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
@NoYes

he release his codes on sourceforce as open source so there is no need to hide anything
Reply With Quote
  #10  
Old 01-28-2015, 10:58
ontryit ontryit is offline
Friend
  
Join Date: Nov 2011
Posts: 172
Rept. Given: 127
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 411
Thanks Rcvd at 70 Times in 43 Posts
ontryit Reputation: 17
CodeCracker: May be you also can share the source code here ?
Reply With Quote
  #11  
Old 01-28-2015, 17:11
NoYes NoYes is offline
Friend
  
Join Date: Jul 2014
Posts: 7
Rept. Given: 18
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
NoYes Reputation: 0
@obfuscator
Sorry, but I still can't find it. Can you provide the link to me?
Reply With Quote
  #12  
Old 02-04-2015, 18:08
obfuscator obfuscator is offline
Friend
  
Join Date: Jun 2014
Posts: 29
Rept. Given: 25
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 3
Thanks Rcvd at 2 Times in 2 Posts
obfuscator Reputation: 7
@NoYes
you can find its code using reflector as dumper is not protected
Reply With Quote
  #13  
Old 02-05-2015, 00:48
NoYes NoYes is offline
Friend
  
Join Date: Jul 2014
Posts: 7
Rept. Given: 18
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
NoYes Reputation: 0
@obfuscator
If using reflector, there still need to fix some errors.
And I found the source code,
include:AssemblyLoad Confuser_Methods_Decryptor ConfuserDelegateKiller ConfuserStringDecryptor ExceptionLogger MegaDumper Reactor_Decryptor Resource_Decryptor Simple_MSIL_Decryptor StaticDecompressor Universal_Fixer. All of these have source code.
Reply With Quote
  #14  
Old 02-22-2015, 02:20
leetone's Avatar
leetone leetone is offline
Family
  
Join Date: Apr 2014
Posts: 144
Rept. Given: 41
Rept. Rcvd 31 Times in 20 Posts
Thanks Given: 21
Thanks Rcvd at 50 Times in 36 Posts
leetone Reputation: 34
Ugh....Okay? At least post the URL you found it, otherwise your post does nothing for others!!

Here guys:

Thanks to CodeCracker, released May 2013 on Tuts4You

AssemblyLoad.7z
https://www.dropbox.com/s/fwbdqbn1en062kt/AssemblyLoad.7z?dl=0

Confuser_Methods_Decryptor.7z
https://www.dropbox.com/s/wqb1h41cemcr95l/Confuser_Methods_Decryptor.7z?dl=0

ConfuserDelegateKiller.7z:
https://www.dropbox.com/s/9enw4cinvx81umd/ConfuserDelegateKiller.7z?dl=0

ConfuserStringDecryptor.7z:
https://www.dropbox.com/s/sjg4k1e5azrsjse/ConfuserStringDecryptor.7z?dl=0

ExceptionLogger.7z:
https://www.dropbox.com/s/i52g33j5df7n2fh/ExceptionLogger.7z?dl=0

MegaDumper.zip:
https://www.dropbox.com/s/i52g33j5df7n2fh/ExceptionLogger.7z?dl=0

ReactorDecryptor.7z:
https://www.dropbox.com/s/5zazh2fcd0uggkt/Reactor_Decryptor.7z?dl=0

ResourceDecryptor.7z:
https://www.dropbox.com/s/bgxmregkf8iqbyj/Resource_Decryptor.7z?dl=0

SimpleMSILDecryptor.7z:
https://www.dropbox.com/s/z6p7jmvknnl6pan/Simple_MSIL_Decryptor.7z?dl=0

StaticDecompressor.7z:
https://www.dropbox.com/s/ra2jw12rlqirakn/StaticDecompressor.7z?dl=0

UniversalFixer.7z:
https://www.dropbox.com/s/vkv57jxc1i8bt37/Universal_Fixer.7z?dl=0

Source only.
Reply With Quote
The Following 2 Users Say Thank You to leetone For This Useful Post:
kOuD3LkA (08-24-2015), NoYes (04-04-2015)
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DotNet Renamer v1.1.7 rukov Community Tools 1 02-14-2015 18:22


All times are GMT +8. The time now is 13:20.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )