Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 04-20-2011, 04:49 AM
taurusmht taurusmht is offline
Junior Member
Join Date: Apr 2011
Posts: 1
Question Problems with xenocode

Hello Everybody!
Well I'm trying to crack a very interesting software called BrainIgniter Player (info:

The first thing I did was to unpack the installer to see wich Files and REG the app really install,using Inno Setup Unpacker 0.35 I saw that it only make a few sample files and directories,some file file associations,and the extraction of a 23mb executable (the main app),well first thing with it was to identify any packer, so I used ProtectionID v0.6.4.0, it said that "XenoCode Virtual Application Studio 2010 detected", so, I started my research on it (not too much success...just very old tips), to verify that the xenocode version was correct,I loaded the exe on PEBrowsePro and there i found out that the xenocode version was "xenocode postbuild 2010 for .NET", after reading a little more I saw some one saying that dumping the exe from the memory with "PeTools 1.5" or ".Net Generic Unpacker" the task will be done... Mounted a virtual machine, installed the .net frameworks,executed the app,and dumped with .net Unpacker, this made a dump of an exe file and 8 dll's (4 of them part of .net framework) without their real name,some of them was easy to know their name from the properties,one of them didn't have that advantage,so I executed PeTools and there I found the name of the dll.....but after that when I tried to execute the dumped dll, I get only an erro with the following text :
Title: Unpacked_1.exe - Common Languaje Runtime Debugging Services
Message: Application has generated an exception that could not be handled
Process id= 0xf4c (3916), Thread id=0x3a8 (936). <--this changes

Trier LordPE to fix the exe,without success,dumping with PeTools gives garbage files....

Thanks to the exe dump from .net unpacker I realized that the app is really made by ( and the real name is mind stereo,downloaded the mind stereo instalation,followed the dame steps above...same result

Some one can assist me?

Reply With Quote
Old 05-24-2011, 01:18 AM
Cecil654 Cecil654 is offline
Junior Member
Join Date: May 2011
Posts: 3

In the sticky it mentions several times to delete the Xenocode files that come up as infected. I upgraded to beta 40 and got another virus warning in a file contained in the Xenocode subfolder. Would it be safe/prudent to just delete the entire Xenocode folder, including all subfolders and files, since it sounds like these aren't needed anymore with the new beta? Or should I just continue to delete files one at a time as they show up as infected? I'm using Avira like most people who seem to be having the most trouble are. Thanks.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.