#1
|
||||
|
||||
Extract exe/dll from EXE compressed by Netz Compressor
Netz Compressor is a packager for .Net assemblies.
https://github.com/madebits/msnet-netz-compressor The following code extracts exe/dll from the manifest resource of target EXE. tested with .NetCore 3.1. You can add error handling yourself. target for testing: https://www.apowersoft.com Code:
using System; using System.IO; // NuGet console command: dotnet add package SharpZipLib using ICSharpCode.SharpZipLib.Zip.Compression.Streams; using ICSharpCode.SharpZipLib.Zip.Compression; // NuGet console command: Install-Package System.Reflection.MetadataLoadContext using System.Reflection; using System.Resources; using System.Runtime.InteropServices; using System.Collections.Generic; using System.Collections; namespace NetzStarter { internal class Program { private static MemoryStream Zip(byte[] data) { if (data == null) { return null; } MemoryStream outStream = null; DeflaterOutputStream zipStream = null; try { outStream = new MemoryStream(); var defl = new Deflater(Deflater.BEST_COMPRESSION, true); defl.SetLevel(Deflater.BEST_COMPRESSION); defl.SetStrategy(DeflateStrategy.Filtered); zipStream = new DeflaterOutputStream(outStream, defl); zipStream.Write(data, 0, data.Length); zipStream.Flush(); zipStream.Finish(); } finally { if (zipStream != null) { zipStream.Close(); zipStream = null; } } return outStream; } private static void Zip(string srcFile, string destFile) { byte[] b = File.ReadAllBytes(srcFile); try { using (MemoryStream stream = Zip(b)) { stream.Seek(0L, SeekOrigin.Begin); File.WriteAllBytes(destFile, stream.ToArray()); } } catch (Exception exception) { string error = string.Concat(new object[] { "#Error: ", exception.GetType().ToString(), Environment.NewLine, exception.Message, Environment.NewLine, exception.StackTrace, Environment.NewLine, exception.InnerException, Environment.NewLine, "Using .NET Runtime: ", Environment.Version.ToString(), Environment.NewLine, "Created with", " .NET Runtime: 2.0.50727.4927" }); } } private static MemoryStream UnZip(byte[] data) { if (data == null) { return null; } MemoryStream inputStream = null; MemoryStream outputStream = null; InflaterInputStream unzipStream = null; try { outputStream = new MemoryStream(data.Length); inputStream = new MemoryStream(data); unzipStream = new InflaterInputStream(inputStream); byte[] buffer = new byte[data.Length]; while (true) { int count = unzipStream.Read(buffer, 0, buffer.Length); if (count <= 0) { break; } outputStream.Write(buffer, 0, count); } outputStream.Flush(); } finally { if (inputStream != null) { inputStream.Close(); inputStream = null; } if (unzipStream != null) { unzipStream.Close(); unzipStream = null; } } return outputStream; } private static void Unzip(string srcFile, string destFile) { byte[] b = File.ReadAllBytes(srcFile); try { using (MemoryStream stream = UnZip(b)) { stream.Seek(0L, SeekOrigin.Begin); File.WriteAllBytes(destFile, stream.ToArray()); } } catch (Exception exception) { string error = string.Concat(new object[] { "#Error: ", exception.GetType().ToString(), Environment.NewLine, exception.Message, Environment.NewLine, exception.StackTrace, Environment.NewLine, exception.InnerException, Environment.NewLine, "Using .NET Runtime: ", Environment.Version.ToString(), Environment.NewLine, "Created with", " .NET Runtime: 2.0.50727.4927" }); } } private static string DemangleDllName(string dll) { string text = dll.Replace("!1", " "); text = text.Replace("!2", ","); text = text.Replace("!3", ".Resources"); return text.Replace("!4", "Culture"); } private static void ExtractManifestResources(string file, string outDir) { var resolver = new PathAssemblyResolver(new List
__________________
AKA Solomon/blowfish. |
The Following User Gave Reputation+1 to WhoCares For This Useful Post: | ||
user1 (04-21-2022) |
The Following 10 Users Say Thank You to WhoCares For This Useful Post: | ||
besoeso (04-24-2022), Mahmoudnia (04-30-2022), MarcElBichon (04-21-2022), niculaita (04-21-2022), NoneForce (04-21-2022), T-rad (04-22-2022), tonyweb (04-21-2022), user1 (04-21-2022), yoza (04-21-2022) |
#2
|
|||
|
|||
@WhoCares would be possible for you publish your code compiled? Thanks in advance
|
#3
|
||||
|
||||
yes. updated source code and exe included in rar.
plz install .net 6.0 runtime(console) to run it. 1. bin\Release\net6.0\win-x86\publish\NetzStarter.exe https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win10-x86&apphost_version=6.0.4 2. bin\Release\net6.0\win-x64\publish\NetzStarter.exe https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.4
__________________
AKA Solomon/blowfish. |
The Following User Gave Reputation+1 to WhoCares For This Useful Post: | ||
user1 (04-22-2022) |
The Following 10 Users Say Thank You to WhoCares For This Useful Post: | ||
besoeso (04-24-2022), bolo2002 (04-21-2022), Fyyre (04-27-2022), NoneForce (04-24-2022), p4r4d0x (04-22-2022), uranus64 (04-22-2022), user1 (04-22-2022), user_hidden (04-29-2022), wilson bibe (04-22-2022), zeuscane (04-22-2022) |
#4
|
|||
|
|||
here is my implementation (rough code, dont judge)
https://github.com/0x410c/netZUnpacker |
The Following User Says Thank You to 0xall0c For This Useful Post: | ||
niculaita (04-29-2022) |
#5
|
||||
|
||||
nice. 7 years ago.
The difference is Assembly.LoadFile() vs metadataContext.LoadFromAssemblyPath(). BTW: There are 2 anti-crack tricks in APowerMirror.exe and libairplay.dll(for https://www.apowersoft.com). Quote:
__________________
AKA Solomon/blowfish. |
#6
|
|||
|
|||
can you elaborate on the anti-crack tricks?
|
#7
|
||||
|
||||
Nothing new
1. In ApowerMirror.exe, find the function Apowersoft.ApowerMirror.Program.CheckProgramForSignName(). 2. In libairplay.dll, find x-ref to API "FindFirstFileW", or find the string "!crack version!".
__________________
AKA Solomon/blowfish. |
Thread Tools | |
Display Modes | |
|
|