Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 09-18-2009, 09:33 AM
JimmyKing JimmyKing is offline
Junior Member
Join Date: Sep 2009
Posts: 1
Default xenocode 2009

can somebody help me unpack this app.
it uses xenocode 2009 and when you run the exe file it creates two processes with the same name, one them is the app, the other one is the xenocode i think.
i have tried with windbg and attach to process, the the standard xenocode unpack, sos mscorwks, get the module address and save the module. but windbg doesn't save anything.

can somebody please help me.

here is the exe
Thank You
Reply With Quote
Old 09-19-2009, 03:52 PM
bball0002 bball0002 is offline
Senior Member
Join Date: Mar 2009
Posts: 72

I unpacked and patched your file to validate here:

Just hit continue when the error saying there's a missing dll comes up.
^^^If this is against the rules please remove.

1. Load up the app.
2. Open up PeTools 1.5.
3. You will see two versions of the app listed in the processes. One is the Xenocode, and one is the dotnet app. Dump the dotnet app and save it in a folder.
4. Use IlDasm/IlAsm to rebuild the exe.

Xenocode isn't great protection. Invest in an obfuscator like SmartAssembly.

Last edited by bball0002 : 09-19-2009 at 03:55 PM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.