Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Thread Tools Display Modes
Old 07-28-2008, 04:06 AM
sirp sirp is offline
Senior Member
Join Date: Apr 2008
Posts: 76
Default Crypted)? .Net Dump Problem

After doin few tuts i mostly can unpack that protected exes ...
but i run over a app that gives problems now ... (its Reactor i bet)
if i run it in olly i cant find the MMX register stuff ... and if i run the app and search
the memory for the Class names ( i checkd with not net tracer before) i find few valid PE files that got em into ... i dumped em all
i always find sume dlls like 9hocjapg.dll etc in memory ... the names
of the dlls differ every run of the program.
but i cant get a valid main .exe .... sumetimes the exe even gets the icon of the app after dump but crashes CFF Explorer another dump attemp the exe was bigger than the original .. so i folowed UFOs tutorial ..but couldnt fix it properly ( i think its still crypted sumehow) would be nice to know whats going on here ,)
or how to properly break in olly at the decrypt routines .

I tried with the Reactor Unpacker ... (and if u dump it with olly at the reg screen before the app realy starts) u get a Portable Executable thats much lesser in size than the original .exe when i try to run it

i get a (0xc0000005) Error

here are the dumps

Last edited by sirp : 07-28-2008 at 04:20 AM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.