#46
|
|||
|
|||
SMD_FOR_AGILE_Fix5
SMD_FOR_AGILE_Fix5:
What's new: - Fixed Framework 4.0 for x64 compatibility; - added "Patch DivideByZero" - this was actually used before; just added checkbox so it could be unchecked; - "LoadLibraryA hook" checkbox become LoadLibraryExA and was fixed; now will change the name of Agile dll to point to current directory - when you use this option Agile dll has to be in the current directory - "No SetAllowAutoRedirect" fixed now so program will not crash on Framework 4.0 For Clisecure AgileNET Obfuscator v6.6.0.4.2 the crash on both 32 bits/64 bits was generated exception was a divide be zero exception So for Clisecure AgileNET Obfuscator v6.6.0.4.2 and Agile.NET 6.6.0.34 now works directly. For Agile 6.9.12 I had to change Agile dll files with the ones from Clisecure AgileNET Obfuscator v6.6.0.4.2 and it works like a charm after that. Last edited by CodeCracker; 11-28-2024 at 04:04. |
#47
|
|||
|
|||
I've noticed something: when I use "Debug" builds no error is thrown but No methods is decrypted; on "Release" builds all worked fine.
This seems to be exactly the error reported by user czsayo. In SMD_FOR_AGILE_Fix5 was "Release" build exe. I will release a fix for Windows 10 - LoadLibraryExA checkbox soon. |
#48
|
|||
|
|||
SMD_FOR_AGILE_Fix6
SMD_FOR_AGILE_Fix6:
What's new: - Fixed LoadLibraryExA hooking for Windows 10 |
The Following 3 Users Gave Reputation+1 to CodeCracker For This Useful Post: | ||
The Following 11 Users Say Thank You to CodeCracker For This Useful Post: | ||
#49
|
|||
|
|||
SMD_FOR_AGILE_Fix7
SMD_FOR_AGILE_Fix7:
What's new: - GAC installation removed since even if say it fails will occasionally install craps; - You should place unpacker and config next to file to be unpacked - Fixed a bug for x64 - One more jump changed before divide by zero patch so it will unpack more x64 assemblies You would still need to replace runtime with the one attached or older. |
The Following 8 Users Say Thank You to CodeCracker For This Useful Post: | ||
besoeso (12-21-2024), Contra (01-16-2025), cvetkisa (01-15-2025), MarcElBichon (12-21-2024), niculaita (12-21-2024), tonyweb (12-22-2024), uranus64 (12-21-2024), wilson bibe (12-22-2024) |
#50
|
|||
|
|||
SMD_FOR_AGILE_Fix8_virbox
SMD_FOR_AGILE_Fix8_virbox:
What's new: - Fixed local signature for virbox protector Last edited by CodeCracker; 01-02-2025 at 00:32. |
The Following 3 Users Say Thank You to CodeCracker For This Useful Post: | ||
#51
|
|||
|
|||
SMD_FOR_AGILE_Fix9_GetEHInfo
SMD_FOR_AGILE_Fix9_GetEHInfo:
- Fixed some problems on not sending some methods to jit; also fixed get GenericParameters for constructors. - This release is once again for virbox protector - with this release will solve Exception Handlers for virbox protector the following x86 (32 bits) are supported for GetEHInfo: 4.0 (although Local Variables are not resolved), Framework 4.5, Framework 4.7, Framework 4.8; 64 bits framework are not supported yet for GetEHInfo. Last edited by CodeCracker; 01-02-2025 at 00:17. |
The Following User Gave Reputation+1 to CodeCracker For This Useful Post: | ||
Apuromafo (01-02-2025) |
#52
|
|||
|
|||
Missing dlls
Fix9 does not work properly when using the loadFromRemoteSources enabled="true" mode.
It reports missing DLLs, although they are definitely present in the same folder. For some reason, it cannot detect them. Previous versions can see the same additional DLLs but have other issues: they crash and disappear from the screen. |
#53
|
|||
|
|||
Fix9 is for 32 bits only, you could uncheck "32bit required" from .NET Directory -> Flags
so it will be as AnyCpu. You should also uncheck GetEHInfo checkbox. Please post targets dlls & exes so I could check them. Last edited by CodeCracker; 01-16-2025 at 03:33. |
#54
|
|||
|
|||
Thank you very much for the offered help.
Unfortunately, I couldn't manage with fix9 because I couldn't find where to change the flag you suggested. fix7 works without errors for BOF_FP.dll, BOF_L2.dll, and BookMapNT.dll. Unfortunately SMD fix7 fails for NinjaTrader.Core.dll and NinjaTrader.Gui.dll, which are also extremely important to me. Could you also give me an idea on how to handle the secondary obfuscation in these three msil files, which are protected with Eazfuscator string obfuscation? |
#55
|
|||
|
|||
@cvetkisa: Do you have the NinjaTrader 8.1.1.7 setup? Can you share it?
|
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
cvetkisa (01-19-2025) |
#56
|
|||
|
|||
here is 8117 installe
https://www.sendspace.com/file/uoy2jd |
The Following User Says Thank You to sendersu For This Useful Post: | ||
cvetkisa (01-19-2025) |
#57
|
|||
|
|||
The unpacker randomly crushes
Quote:
The unpacker randomly crushes - I don't know the reason. I don't know what to do except trying multiple times. Here is unpacked dlls: https://workupload.com/file/Hva2mGXQ34h |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
cvetkisa (01-19-2025) |
#58
|
|||
|
|||
Eazfuscator string obfuscation
Eazfuscator string obfuscation:
First time de4dot with packer unknown: de4dot --dont-rename "C:\test1\BOF_FP_msil.dll" -p un Second time de4dot de4dot --dont-rename "C:\test1\BOF_FP_msil-cleaned.dll" // Token: 0x02000001 RID: 1 internal class <Module> { // Token: 0x06000001 RID: 1 RVA: 0x00002568 File Offset: 0x00000768 static <Module>() { <Module>.f0659e5905454a5e99b9752afc78b700(); \u000E\u2005\u2006.\u0003(false); } The bold method will exist the program so we got to change that to nop; // Methods // Token: 0x06000001 RID: 1 RVA: 0x00002568 File Offset: 0x00000768 .method private hidebysig specialname rtspecialname static void .cctor () cil managed { // Header Size: 1 byte // Code Size: 12 (0xC) bytes .maxstack 8 /* 0x00000769 2802000006 */ IL_0000: call void '<Module>'::f0659e5905454a5e99b9752afc78b700() /* 0x0000076E 16 */ IL_0005: ldc.i4.0 /* 0x0000076F 28A5040006 */ IL_0006: call void '\u000e\u2005\u2006'::'\u0003'(bool) /* 0x00000774 2A */ IL_000B: ret } // end of method '<Module>'::.cctor So we search for 1628A50400062A and we fill that hex string with 00 (nop) until at last 2A (last ret instruction) Now finally we can use : EazFixer.exe --file "C:\test1\BOF_FP_msil-cleaned-cleaned.dll" --virt-fix https://workupload.com/file/BhpZHuf7KUJ Restore back code: We restore Module..cctor of the file BOF_FP_msil-cleaned-cleaned-eazfix.dll by searching for 2802000006 and paste 1628A50400062A after that - where we changed with 00 (nop) Here is resulted file: https://workupload.com/file/PqFvDwm5PdY |
The Following User Says Thank You to CodeCracker For This Useful Post: | ||
cvetkisa (01-19-2025) |
#59
|
|||
|
|||
the are still lots of methods with pattern like
protected override void OnStateChange() { object[] array = new object[] { this }; \u0006\u2005\u2007.\u000F\u2005\u2007().\u0006(\u0006\u2005\u2007.\u000E\u2005\u2007(), "\"%u3V:JOW*", array); } is it part of agile/eazfuscator protector? |
#60
|
|||
|
|||
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unpack Agile.NET | Mendax47 | General Discussion | 2 | 06-28-2021 21:38 |
Agile.Net 6.4 Unpack | Hexcode | General Discussion | 7 | 11-30-2020 17:59 |