纯小白，求大佬帮忙看看！

sushen521

RT：
上面的是没经过de4dot的，下面的是经过de4dot的，求大佬帮忙看看这个是怎么回事，拉进OD就停止运行，别的程序没事。是脱壳错了？还有他这个是什么壳？到底是不是NET？无助！求助！！！

sushen521

打错了，图片是经过de4dot和未经过de4dot的对比，我甚至是FredUnYP都过了一边，de4dot的代码是这样的：de4dot v3.1.41592.3405

Detected Unknown Obfuscator (C:\Users\Administrator\Desktop\XXXXX\go.exe)
Cleaning C:\Users\Administrator\Desktop\XXXXX\go.exe
Renaming all obfuscated symbols
Saving C:\Users\Administrator\Desktop\XXXXX\go-cleaned.exe
ERROR: Error calculating max stack value. If the method's obfuscated, set CilBody.KeepOldMaxStack or MetadataOptions.Flags (KeepOldMaxStack, global option) to ignore this error. Otherwise fix your generated CIL code so it conforms to the ECMA standard.
Ignored 1 warning/error
Use -v/-vv option or set environment variable SHOWALLMESSAGES=1 to see all messages


Press any key to exit...

BlackHatRCE

sushen521 发表于 2022-11-2 02:44
网上有人说用JIT + DynamicMethod，，这似乎对我目前的认知来说，超出不止一点半点。。

You need to hook into JIT and dump the method bodies before the Protector itself
then you will see the Dynamic Method Calls,
You can dynamically go for unpacking.
I have not worked much on the Dynamic Methods restoration of Virbox So I do not have ready made code to do it because I did not research enough.

I explained you in a general way which you can follow. This is all I could do for you :)

sushen521

看了两天的论坛教程，本来想拿一个软件练练手，结果 给我整一个看的懵懵bb的，，跪求大佬帮我看看，如果想拿软件去看的可以找我，

liyifeng2077

hello，设计大大大发

sushen521

liyifeng2077 发表于 2022-10-30 23:04
hello，设计大大大发

水的nice啊

renpeng009

.net程序用dnspy看吧？用OD不妥

sushen521

renpeng009 发表于 2022-10-30 23:19
.net程序用dnspy看吧？用OD不妥

我不知道，，，我试试，，，谢谢大佬指点

sushen521

renpeng009 发表于 2022-10-30 23:19
.net程序用dnspy看吧？用OD不妥

这能看出来是什么壳吗？

sushen521

renpeng009 发表于 2022-10-30 23:19
.net程序用dnspy看吧？用OD不妥

直觉告诉我是NET的，但是我不敢确定

tricky6

.net程序用dnspy看！