Recent Posts
- Ctor conflicts
Fri, 29 Nov 2013
- MUI files under the hood
Wed, 14 Nov 2012
- Preparing a bugfix version of CFF Explorer
Thu, 25 Oct 2012
- Companies on the Verge of a Nervous Breakdown
Thu, 09 Aug 2012
- The biggest software delusions of the last decade
Thu, 22 Sep 2011
 
Recent Comments
- Comment on MUI files under the hood by Daniel Pistelli
Fri, 12 Sep 2014
- Comment on MUI files under the hood by Lisa
Thu, 08 May 2014
- Comment on Preparing a bugfix version of CFF Explorer by Chromium
Mon, 03 Mar 2014
- Comment on Preparing a bugfix version of CFF Explorer by Edi Liu
Tue, 31 Dec 2013
- Comment on Ctor conflicts by Daniel Pistelli
Sun, 01 Dec 2013
 
.NET Generic Unpacker
Current Version: 1.0.0.1

Download the .NET Generic Unpacker


This is a program to dump .NET packed applications. Of course no serious .NET protection relies on packing. In fact, this software shows how easily you can unpack a protected assemly. This .NET Generic Unpacker was written in a couple of hours and despite of the fact that it's very simple, it might turn useful having it: otherwise you have to unpack manually, which is quite easy as well.

- .NET Generic Unpacker (x86 Version)
- .NET Generic Unpacker (x64 Version)


Download the x64 version of the .NET Generic Unpacker only if the process is not an x86 process (which is quite uncommon). In all other cases download the x86 version.


Here's a brief explanation of this program. A little bit of time after the .NET framework was released, I started to analyze the first protections that came out. Many of them clamed they were able to offer a native protection, thus making it impossible to decompile the MSIL code. So, I tested one of these protections and, after not even 10 minutes, I noticed that the .NET original assembly was lying around in the address space of the protected one. What these protected assemblies basically did was to decrypt the original assembly in memory as soon as they were executed and then to initialize the .NET framework. As you can imagine, an assembly protected this way is much more unprotected than an obfuscated assembly. Lots of these protection, at the time I'm writing, are still being sold and aren't cheap. I believe much of the success of these protections has to do with the ignorance which still surrounds the .NET technology.

Download the .NET Generic Unpacker