xenocode 2009

[JimmyKing]

can somebody help me unpack this app.
it uses xenocode 2009 and when you run the exe file it creates two processes with the same name, one them is the app, the other one is the xenocode i think.
i have tried with windbg and attach to process, the the standard xenocode unpack, sos mscorwks, get the module address and save the module. but windbg doesn't save anything.

can somebody please help me.

here is the exe

Code:

http://www.mediafire.com/download.php?ttiknnwjgtj

Thank You

[bball0002]

I unpacked and patched your file to validate here:

Code:

http://rapidshare.com/files/282325079/WindowsFormsApplication1.Patched.rar

Just hit continue when the error saying there's a missing dll comes up.

^^^If this is against the rules please remove.

1. Load up the app.
2. Open up PeTools 1.5.
3. You will see two versions of the app listed in the processes. One is the Xenocode, and one is the dotnet app. Dump the dotnet app and save it in a folder.
4. Use IlDasm/IlAsm to rebuild the exe.

Xenocode isn't great protection. Invest in an obfuscator like SmartAssembly.