(19-03-2021, 11:21 PM)HORMA كتب : والله تعبت من حماية هادي

إقتباس :Hello, I unpacked the file completely (including VM). Here is how I did it (simplified a bit):



1. After a bit of analysis we can notice that Agile.NET hooks into the Just In Time compiler in order to restore the method code. This can be undone by hooking into the JIT before Agile.NET.


2. Update de4dot to be able to remove simple protections like string encryption, control flow, and reference proxy. This just requires you to update some detections.


3. Spend some time analyzing Agile.NET VM, we find out that it's VM is somewhat different to others as it creates "combined" handlers for multiple opcodes. In order to remove the VM we can utilize de4dot devirtualizer. In order to add support we have to track down the original runtime dll that's shipped with the protector to extract the non-merged handler information.


After some manual cleanup the result is the following, unpacked file attached.

https://forum.tuts4you.com/topic/41676-unpack-challenge-agilenet/?do=findComment&comment=208218

(15-05-2021, 11:42 AM)HORMA كتب : بس ما في حد ساعدني انزل الاددوت او نزل شرح