Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Deobfuscation of .Net Reactor : app exit
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #2  
Old 02-10-2017, 06:08
tusk tusk is offline
Friend
  
Join Date: Jun 2016
Posts: 36
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 9
Thanks Rcvd at 19 Times in 12 Posts
tusk Reputation: 0
Here is what the code looks like.. there are 3 ExitProcess along the way.
What do you think is this code doing ? Is it related to .Net Reactor ??

Thanks !


Quote:
Friend Shared Sub Win32Test()
Dim num As Integer = CInt(__StackAlloc(Byte, <Module>.__CxxQueryExceptionSize()))
Try
Dim $ArrayType$$$BY0BAE@_W As $ArrayType$$$BY0BAE@_W
<Module>.GetModuleFileNameW(Nothing, CType((AddressOf $ArrayType$$$BY0BAE@_W), __Pointer(Of Char)), 260)
Dim ptr As __Pointer(Of Char) = <Module>.wcsrchr(CType((AddressOf $ArrayType$$$BY0BAE@_W), __Pointer(Of Char)), "\"c)
If ptr Is Nothing Then
__Dereference(($ArrayType$$$BY0BAE@_W + 4)) = 0S
Else
__Dereference(ptr) = vbNullChar
End If
Dim ptr2 As __Pointer(Of SByte) = <Module>.malloc(260UI)
Dim count As UInteger
<Module>.wcstombs_s(AddressOf count, ptr2, 260UI, CType((AddressOf $ArrayType$$$BY0BAE@_W), __Pointer(Of Char)), 260UI)
Dim basic_string<char,std::char_traits<char>,std::allocator<char>\u0020> As basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>
<Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{ctor}(basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>, CType(ptr2, __Pointer(Of SByte)), count)
Try
Dim basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>2 As basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>
<Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{ctor}(basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>2, CType((AddressOf <Module>.??_C@_04OJGJKDCG@?2bin?$AA@), __Pointer(Of SByte)))
Try
Dim num2 As UInteger = <Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.find(basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>, basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>2, 0UI)
Dim $ArrayType$$$BY0BAE@D As $ArrayType$$$BY0BAE@D
__Dereference(($ArrayType$$$BY0BAE@D + 8)) = 67
__Dereference(($ArrayType$$$BY0BAE@D + 10)) = 114
$ArrayType$$$BY0BAE@D = 92
__Dereference(($ArrayType$$$BY0BAE@D + 2)) = 101
__Dereference(($ArrayType$$$BY0BAE@D + 4)) = 116
__Dereference(($ArrayType$$$BY0BAE@D + 5)) = 105
__Dereference(($ArrayType$$$BY0BAE@D + 14)) = 100
__Dereference(($ArrayType$$$BY0BAE@D + 12)) = 51
__Dereference(($ArrayType$$$BY0BAE@D + 6)) = 114
__Dereference(($ArrayType$$$BY0BAE@D + 9)) = 111
__Dereference(($ArrayType$$$BY0BAE@D + 11)) = 101
__Dereference(($ArrayType$$$BY0BAE@D + 13)) = 46
__Dereference(($ArrayType$$$BY0BAE@D + 17)) = 0
__Dereference(($ArrayType$$$BY0BAE@D + 3)) = 99
__Dereference(($ArrayType$$$BY0BAE@D + 15)) = 108
__Dereference(($ArrayType$$$BY0BAE@D + 1)) = 86
__Dereference(($ArrayType$$$BY0BAE@D + 7)) = 46
__Dereference(($ArrayType$$$BY0BAE@D + 16)) = 108
Dim $ArrayType$$$BY0BAE@D2 As $ArrayType$$$BY0BAE@D
<Module>.strcpy_s<260>($ArrayType$$$BY0BAE@D2, CType(ptr2, __Pointer(Of SByte)))
<Module>.strcat_s<260>($ArrayType$$$BY0BAE@D2, CType((AddressOf $ArrayType$$$BY0BAE@D), __Pointer(Of SByte)))
Dim basic_ifstream<char,std::char_traits<char>\u0020> As basic_ifstream<char,std::char_traits<char>\u0020>
<Module>.std.basic_ifstream<char,std::char_traits<char>\u0020>.{ctor}(basic_ifstream<char,std::char_traits<char>\u0020>, CType((AddressOf $ArrayType$$$BY0BAE@D2), __Pointer(Of SByte)), 1, 64, 1)
Try
If <Module>.std.ios_base..PAX(__Dereference((basic_ifstream<char,std::char_traits<char>\u0020> + 4)) + basic_ifstream<char,std::char_traits<char>\u0020>) IsNot Nothing AndAlso num2 = 4294967295UI Then
<Module>.ExitProcess(0UI)
End If
__Dereference(($ArrayType$$$BY0BAE@D + 7)) = 46
__Dereference(($ArrayType$$$BY0BAE@D + 12)) = 50
__Dereference(($ArrayType$$$BY0BAE@D + 10)) = 114
__Dereference(($ArrayType$$$BY0BAE@D + 2)) = 101
__Dereference(($ArrayType$$$BY0BAE@D + 13)) = 46
__Dereference(($ArrayType$$$BY0BAE@D + 3)) = 99
__Dereference(($ArrayType$$$BY0BAE@D + 15)) = 108
__Dereference(($ArrayType$$$BY0BAE@D + 4)) = 116
__Dereference(($ArrayType$$$BY0BAE@D + 6)) = 114
$ArrayType$$$BY0BAE@D = 92
__Dereference(($ArrayType$$$BY0BAE@D + 9)) = 111
__Dereference(($ArrayType$$$BY0BAE@D + 16)) = 108
__Dereference(($ArrayType$$$BY0BAE@D + 11)) = 101
__Dereference(($ArrayType$$$BY0BAE@D + 14)) = 100
__Dereference(($ArrayType$$$BY0BAE@D + 17)) = 0
__Dereference(($ArrayType$$$BY0BAE@D + 1)) = 86
__Dereference(($ArrayType$$$BY0BAE@D + 8)) = 67
__Dereference(($ArrayType$$$BY0BAE@D + 5)) = 105
<Module>.strcpy_s<260>($ArrayType$$$BY0BAE@D2, CType(ptr2, __Pointer(Of SByte)))
<Module>.strcat_s<260>($ArrayType$$$BY0BAE@D2, CType((AddressOf $ArrayType$$$BY0BAE@D), __Pointer(Of SByte)))
Dim basic_ifstream<char,std::char_traits<char>\u0020>2 As basic_ifstream<char,std::char_traits<char>\u0020>
<Module>.std.basic_ifstream<char,std::char_traits<char>\u0020>.{ctor}(basic_ifstream<char,std::char_traits<char>\u0020>2, CType((AddressOf $ArrayType$$$BY0BAE@D2), __Pointer(Of SByte)), 1, 64, 1)
Try
If <Module>.std.ios_base..PAX(__Dereference((basic_ifstream<char,std::char_traits<char>\u0020>2 + 4)) + basic_ifstream<char,std::char_traits<char>\u0020>2) IsNot Nothing AndAlso num2 = 4294967295UI Then
<Module>.ExitProcess(0UI)
End If
__Dereference(($ArrayType$$$BY0BAE@D + 5)) = 105
__Dereference(($ArrayType$$$BY0BAE@D + 14)) = 100
__Dereference(($ArrayType$$$BY0BAE@D + 12)) = 52
__Dereference(($ArrayType$$$BY0BAE@D + 9)) = 111
__Dereference(($ArrayType$$$BY0BAE@D + 4)) = 116
__Dereference(($ArrayType$$$BY0BAE@D + 11)) = 101
__Dereference(($ArrayType$$$BY0BAE@D + 7)) = 46
$ArrayType$$$BY0BAE@D = 92
__Dereference(($ArrayType$$$BY0BAE@D + 1)) = 86
__Dereference(($ArrayType$$$BY0BAE@D + 2)) = 101
__Dereference(($ArrayType$$$BY0BAE@D + 8)) = 67
__Dereference(($ArrayType$$$BY0BAE@D + 17)) = 0
__Dereference(($ArrayType$$$BY0BAE@D + 10)) = 114
__Dereference(($ArrayType$$$BY0BAE@D + 13)) = 46
__Dereference(($ArrayType$$$BY0BAE@D + 3)) = 99
__Dereference(($ArrayType$$$BY0BAE@D + 6)) = 114
__Dereference(($ArrayType$$$BY0BAE@D + 15)) = 108
__Dereference(($ArrayType$$$BY0BAE@D + 16)) = 108
<Module>.strcpy_s<260>($ArrayType$$$BY0BAE@D2, CType(ptr2, __Pointer(Of SByte)))
<Module>.strcat_s<260>($ArrayType$$$BY0BAE@D2, CType((AddressOf $ArrayType$$$BY0BAE@D), __Pointer(Of SByte)))
Dim basic_ifstream<char,std::char_traits<char>\u0020>3 As basic_ifstream<char,std::char_traits<char>\u0020>
<Module>.std.basic_ifstream<char,std::char_traits<char>\u0020>.{ctor}(basic_ifstream<char,std::char_traits<char>\u0020>3, CType((AddressOf $ArrayType$$$BY0BAE@D2), __Pointer(Of SByte)), 1, 64, 1)
Try
If <Module>.std.ios_base..PAX(__Dereference((basic_ifstream<char,std::char_traits<char>\u0020>3 + 4)) + basic_ifstream<char,std::char_traits<char>\u0020>3) IsNot Nothing AndAlso num2 = 4294967295UI Then
<Module>.ExitProcess(0UI)
End If
<Module>.free(CType(ptr2, __Pointer(Of Void)))
Catch
<Module>.___CxxCallUnwindDtor(ldftn(AddressOf std.basic_ifstream<char,std::char_traits<char>\u0020>.__vbaseDtor), CType((AddressOf basic_ifstream<char,std::char_traits<char>\u0020>3), __Pointer(Of Void)))
Throw
End Try
<Module>.std.basic_ifstream<char,std::char_traits<char>\u0020>.__vbaseDtor(basic_ifstream<char,std::char_traits<char>\u0020>3)
Catch
<Module>.___CxxCallUnwindDtor(ldftn(AddressOf std.basic_ifstream<char,std::char_traits<char>\u0020>.__vbaseDtor), CType((AddressOf basic_ifstream<char,std::char_traits<char>\u0020>2), __Pointer(Of Void)))
Throw
End Try
<Module>.std.basic_ifstream<char,std::char_traits<char>\u0020>.__vbaseDtor(basic_ifstream<char,std::char_traits<char>\u0020>2)
Catch
<Module>.___CxxCallUnwindDtor(ldftn(AddressOf std.basic_ifstream<char,std::char_traits<char>\u0020>.__vbaseDtor), CType((AddressOf basic_ifstream<char,std::char_traits<char>\u0020>), __Pointer(Of Void)))
Throw
End Try
<Module>.std.basic_ifstream<char,std::char_traits<char>\u0020>.__vbaseDtor(basic_ifstream<char,std::char_traits<char>\u0020>)
Catch
<Module>.___CxxCallUnwindDtor(ldftn(AddressOf std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{dtor}), CType((AddressOf basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>2), __Pointer(Of Void)))
Throw
End Try
<Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{dtor}(basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>2)
Catch
<Module>.___CxxCallUnwindDtor(ldftn(AddressOf std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{dtor}), CType((AddressOf basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>), __Pointer(Of Void)))
Throw
End Try
<Module>.std.basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>.{dtor}(basic_string<char,std::char_traits<char>,std::allocator<char>\u0020>)
Return
End Try
endfilter(<Module>.__CxxExceptionFilter(Marshal.GetExceptionPointers(), CType((AddressOf <Module>.??_R0H@8), __Pointer(Of Void)), 0, Nothing))
End Sub
Last edited by tusk; 02-10-2017 at 06:25.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
dnSpyEx + LLM Plugin for Deobfuscation & Code Analysis dotdll Community Tools 0 07-17-2025 22:10
Deobfuscation Helper Z-Rantom Community Tools 0 09-11-2015 21:03


All times are GMT +8. The time now is 05:23.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )