| .NET Generic Unpacker |
This is a program to dump .NET packed applications. Of course no serious .NET protection relies on packing. In fact, this software shows how easily you can unpack a protected assemly. This .NET Generic Unpacker was written in a couple of hours and despite of the fact that it's very simple, it might turn useful having it: otherwise you have to unpack manually, which is quite easy as well.
- .NET Generic Unpacker (x86 Version)
- .NET Generic Unpacker (x64 Version)
Download the x64 version of the .NET Generic Unpacker only if the process is not an x86 process (which is quite uncommon). In all other cases download the x86 version.
Here's a brief explanation of this program. A little bit of time after the .NET framework was released, I started to analyze the first protections that came out. Many of them clamed they were able to offer a native protection, thus making it impossible to decompile the MSIL code. So, I tested one of these protections and, after not even 10 minutes, I noticed that the .NET original assembly was lying around in the address space of the protected one. What these protected assemblies basically did was to decrypt the original assembly in memory as soon as they were executed and then to initialize the .NET framework. As you can imagine, an assembly protected this way is much more unprotected than an obfuscated assembly. Lots of these protection, at the time I'm writing, are still being sold and aren't cheap. I believe much of the success of these protections has to do with the ignorance which still surrounds the .NET technology.
|
|
|
