Exetools  

Go Back   Exetools > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #31  
Old 01-08-2024, 15:51
hp3 hp3 is offline
Friend
 
Join Date: Oct 2011
Posts: 97
Rept. Given: 20
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 102
Thanks Rcvd at 21 Times in 15 Posts
hp3 Reputation: 2
@CodeCracker :

crash in unpacking exe and dll
test in win 7 - 32bit 64bit and win10 64bit and Net box
this maybe for files have virtualization ?
Reply With Quote
  #32  
Old 01-08-2024, 20:10
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
Quote:
crash in unpacking exe and dll
Please mark "No new Appdomain" option;
Error should be shown now. Let me know.
Reply With Quote
  #33  
Old 01-08-2024, 20:49
hp3 hp3 is offline
Friend
 
Join Date: Oct 2011
Posts: 97
Rept. Given: 20
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 102
Thanks Rcvd at 21 Times in 15 Posts
hp3 Reputation: 2
exe and dll files unpack

this is error when try unpack exe and dll
Attached Images
File Type: jpg exe1.jpg (137.2 KB, 16 views)
File Type: jpg exe2.jpg (114.5 KB, 10 views)
File Type: jpg Dll.jpg (101.8 KB, 8 views)

Last edited by hp3; 01-08-2024 at 21:00.
Reply With Quote
  #34  
Old 01-08-2024, 22:30
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
Please send me a PM with all targets so I could check them.
Reply With Quote
  #35  
Old 01-08-2024, 22:49
hp3 hp3 is offline
Friend
 
Join Date: Oct 2011
Posts: 97
Rept. Given: 20
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 102
Thanks Rcvd at 21 Times in 15 Posts
hp3 Reputation: 2
i think PM is close in forum

hp3.1980.hp3@gmail.com
if u can send a mail and i will contact u on mail

Last edited by hp3; 01-08-2024 at 22:59.
Reply With Quote
  #36  
Old 01-09-2024, 00:52
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
share all targets here

Quote:
Originally Posted by hp3 View Post
i think PM is close in forum
Than please share all targets here.
Reply With Quote
  #37  
Old 02-29-2024, 09:12
embassy embassy is offline
Guest
 
Join Date: Feb 2024
Posts: 1
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 0 Times in 0 Posts
embassy Reputation: 0
Hello! The provided executable gives the error message "Could not load file or assembly 'System.Net.Http ...' "
Below is the full callstack. To reproduce, you can use the decryptor on itself or other code, in a virtual machine (but I have the same result on my main machine) This is with the latest version.
Code:
************** Exception Text **************
System.IO.FileNotFoundException: Could not load file or assembly 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a' or one of its dependencies. The system cannot find the file specified.
File name: 'System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a'
   at Simple_MSIL_Decryptor.MainForm.SendToJit()
   at System.AppDomain.DoCallBack(CrossAppDomainDelegate callBackDelegate)
   at System.AppDomain.DoCallBack(CrossAppDomainDelegate callBackDelegate)
   at Simple_MSIL_Decryptor.MainForm.Button2Click(Object sender, EventArgs e)
   at System.Windows.Forms.Control.OnClick(EventArgs e)
Reply With Quote
  #38  
Old 02-29-2024, 17:49
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 807
Rept. Given: 44
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 721
Thanks Rcvd at 1,114 Times in 515 Posts
chants Reputation: 51
Looks like you don't have a version of the .NET framework installed that it's specifically referencing.
Reply With Quote
  #39  
Old 02-29-2024, 22:25
congviet congviet is offline
Family
 
Join Date: Jun 2010
Location: Vi
Posts: 151
Rept. Given: 30
Rept. Rcvd 76 Times in 42 Posts
Thanks Given: 57
Thanks Rcvd at 52 Times in 30 Posts
congviet Reputation: 76
Missing reference files or the target is using a newer version of the .net framework
Reply With Quote
  #40  
Old 06-10-2024, 19:16
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
bug fixed version

SMD for AGILE bug fixed version: now should work.
https://workupload.com/file/6vbvr38yVZG

Last edited by CodeCracker; 11-28-2024 at 18:42.
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
yoza (06-12-2024)
The Following 9 Users Say Thank You to CodeCracker For This Useful Post:
besoeso (06-10-2024), nganggur (07-18-2024), niculaita (06-13-2024), progopis (07-17-2024), SofTw0rm (06-11-2024), tonyweb (06-14-2024), uranus64 (06-10-2024), wilson bibe (06-11-2024), yoza (06-12-2024)
  #41  
Old 06-10-2024, 23:39
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 1,174
Rept. Given: 334
Rept. Rcvd 233 Times in 123 Posts
Thanks Given: 277
Thanks Rcvd at 568 Times in 316 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
what bug(s) was(were) fixed?
Reply With Quote
  #42  
Old 06-11-2024, 00:15
th3tuga th3tuga is offline
Friend
 
Join Date: Oct 2023
Posts: 30
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 16 Times in 10 Posts
th3tuga Reputation: 0
Quote:
Originally Posted by sendersu View Post
what bug(s) was(were) fixed?
The errors noted in posts #37 and #39 are now fixed.
Reply With Quote
The Following User Says Thank You to th3tuga For This Useful Post:
niculaita (06-13-2024)
  #43  
Old 08-20-2024, 22:46
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
SMD_FOR_AGILE_Fix2

SMD_FOR_AGILE_Fix2:
What's new:
- Now should work fine even on old Framework 4.0 version - with Netbox
- One more native counter patch for x86
- Re-enabled "Set .cctor body" for being able to send to jit more methods & .cctor methods are not being changed in unpacked exe for x86 version
Attached Files
File Type: rar SMD_FOR_AGILE_Fix2.rar (34.4 KB, 11 views)
Reply With Quote
The Following User Gave Reputation+1 to CodeCracker For This Useful Post:
MarcElBichon (08-21-2024)
The Following 4 Users Say Thank You to CodeCracker For This Useful Post:
besoeso (08-21-2024), tonyweb (08-20-2024), user_hidden (08-21-2024), wilson bibe (08-21-2024)
  #44  
Old 08-21-2024, 23:00
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
SMD_FOR_AGILE_Fix3

SMD_FOR_AGILE_Fix3:
What's new:
- bugs fixed for x64
- now log methods not send to jit (old "undecrypted" count) plus how many methods are decrypted.
Attached Files
File Type: rar SMD_FOR_AGILE_Fix3.rar (35.1 KB, 13 views)
Reply With Quote
The Following 6 Users Say Thank You to CodeCracker For This Useful Post:
besoeso (08-22-2024), Dinhhoatv (11-09-2024), MarcElBichon (08-22-2024), niculaita (08-22-2024), wilson bibe (08-22-2024), yoza (11-25-2024)
  #45  
Old 11-25-2024, 01:22
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 543
Rept. Given: 32
Rept. Rcvd 497 Times in 180 Posts
Thanks Given: 26
Thanks Rcvd at 2,456 Times in 430 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
SMD_FOR_AGILE_Fix4

SMD_FOR_AGILE_Fix4:
What's new:
- more Framework supported for x64; maybe all of them I don't know yet
- added "LoadLibraryA hook" checkbox - this will transform from full path of Agile dll (temp path) to short name Agile dll - when you use this option Agile dll has to be in the current directory;
- "No SetAllowAutoRedirect" checkbox: - code - but it using reflection:
public static void SetAllowAutoRedirect()
{
HttpClient client = new HttpClient(new HttpClientHandler
{
AllowAutoRedirect = false
});

For x64 still something is missing, this is why I've set 32 Bit required for SMD for Agile and used the attached 32 bits dll AgileDotNetRTPro.dll. And I really miss debugger for AnyCpu assemblies - x64dbg fails:
and also an 64 bits hexeditor of process memory.
Attached Files
File Type: zip SMD_FOR_AGILE_Fix4.zip (41.4 KB, 18 views)

Last edited by CodeCracker; 11-26-2024 at 04:25.
Reply With Quote
The Following 3 Users Gave Reputation+1 to CodeCracker For This Useful Post:
mdj (12-03-2024), user1 (11-26-2024), yoza (11-25-2024)
The Following 7 Users Say Thank You to CodeCracker For This Useful Post:
Apuromafo (11-25-2024), mdj (12-03-2024), niculaita (11-25-2024), user1 (11-26-2024), wilson bibe (11-25-2024), wx69wx2023 (11-25-2024), yoza (11-25-2024)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unpack Agile.NET Mendax47 General Discussion 2 06-28-2021 21:38
Agile.Net 6.4 Unpack Hexcode General Discussion 7 11-30-2020 17:59


All times are GMT +8. The time now is 17:08.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )