![]() |
#61
|
|||
|
|||
SMD_FOR_AGILE_Fix10
SMD_FOR_AGILE_Fix10:
- added "Agile dll name" to specify Agile runtime dll name, although currently LoadlibraryExA hook file name is only fixed for x86 (32 bits) - Fixed "getEHInfo" for 64 bits, fallowing .Net Frameworks should be supported: 4.5, 4.7. 4.8 Released as AnyCpu |
The Following User Gave Reputation+1 to CodeCracker For This Useful Post: | ||
mdj (01-19-2025) |
#62
|
|||
|
|||
Thank you so much for your effort, dear friend, it really means a lot to me.
I’ve been away for a few days, sorry for the LTR. Thank you sendersu for sending the NT8.1.1.7 Could you please upload and share fix for the other two modules on Workupload (BOF_L2_msil.dll and BookMapNT_msil.dll)? I can’t repeat your procedure. How did you finally manage to get (NinjaTrader.Core_msil.dll and NinjaTrader.Gui_msil.dll) when SMD crashes and disappears? Last edited by cvetkisa; 01-19-2025 at 15:35. |
#63
|
|||
|
|||
Quote:
Anyway, I think I fixed those bugs. Here are updated tools: SMD and EazFixer https://workupload.com/file/edPsz5BVXDJ So just run SMD, after that de4dot with packer unknown: de4dot --dont-rename "C:\test1\BOF_FP_msil.dll" -p un And now you can use EazFixer.exe to decrypt strings: EazFixer.exe --file "C:\test1\BOF_FP_msil-cleaned.dll" --virt-fix Now it is much easier. EazFixer was changed to patch Module.cctor when executed. |
#64
|
|||
|
|||
Check:
https://forum.exetools.com/showthread.php?p=132624#post132624 Now after SMD, de4dot no required prior of using EazFixer since I've added basic control flow deobfuscation using de4dot.blocks.dll So just use SMD and then run: EazFixer.exe --file "C:\test1\BOF_FP_msil.dll" --virt-fix And as final step you could run de4dot --dont-rename "C:\test1\BOF_FP_msil-eazfix.dll" to get ride of CliSecure classes. |
The Following 5 Users Say Thank You to CodeCracker For This Useful Post: | ||
Apuromafo (01-23-2025), besoeso (02-02-2025), cvetkisa (01-24-2025), rooster1 (02-15-2025), wx69wx2023 (01-24-2025) |
#65
|
|||
|
|||
Fantastic work.
Thank you so much for your selfless help!!! |
#66
|
|||
|
|||
Hello guys. Quick question. After using SMD should the _msil file be the same size as the original file? The process finishes with 0 failed files in the SMD status box and the files only have about 8 bytes different and are still the same size. I think I am doing something wrong because when I run it through EAZFixer most functions like string decryption fail. any help would be greatly appreciated. Thanks fellas.
status box shows this Seems to be protected by Agile Failed to send to jit 0 methods! Decrypted 2549 methods! File saved! @cvetkisa Have you figured this out for Agile_For_Ninja? maybe there is something I need to add to the command line that I am missing. Last edited by rooster1; 02-16-2025 at 00:33. |
The Following User Says Thank You to rooster1 For This Useful Post: | ||
niculaita (02-15-2025) |
#67
|
|||
|
|||
AgileDotNetRTPro obfuscation
I've tried using SMD de4dot on files obfuscated with AgileDotNetRTPro with little luck. I've tried several other flavors of de4dot from GitHub, but nothing seems to be able to de-obuscate AgileDotNetRTPro files. Has anyone seen a tool that can de-obfuscate these files?
|
The Following User Says Thank You to Contra For This Useful Post: | ||
rooster1 (02-16-2025) |
#68
|
|||
|
|||
@rooster1:
Can you share the target exe? @Contra: Did you tried replacing Agile runtimes with older versions like the ones from https://forum.exetools.com/showpost.php?p=132356&postcount=49 |
![]() |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Unpack Agile.NET | Mendax47 | General Discussion | 2 | 06-28-2021 21:38 |
Agile.Net 6.4 Unpack | Hexcode | General Discussion | 7 | 11-30-2020 17:59 |