|
|
#10
02-11-2017, 20:55
|
|||
|
|||
|
Yeah, exactly tusk
 If you patch Vectir.Core1.dll nulling the routine, for example like the following: Code:
Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F Ascii 00002F60 0B 30 05 00 75 03 00 00 0.u.. 00002F70 80 00 00 11 00 2A 00 00 00 FE 0F 13 04 16 12 0D €...*...þ. Code:
C:\ProgramData\Incendo Technology\Vectir\Plugins So I guess, like you guessed, you have to "play" with the plugins and discover similar file-checking routines inside them too. You could try adding one plugin at a time. As far as I understood AES and RSA are used for resource decryption ... so don't really matter at this stage Best Regards, Tony [EDIT] You could also do the other way round, renaming the assemblies Vectir.Coren.dll and their references from the main executable, so you won't have to patch all the plugins (with DnSpy is easy enough to modify dll/assembly names ... simple hex-editing for main executable assemblyrefs)  Regards, Tony
__________________
Want to learn unpacking ... but I'm too stupid 
Last edited by tonyweb; 02-12-2017 at 15:21. Reason: colorize 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| dnSpyEx + LLM Plugin for Deobfuscation & Code Analysis | dotdll | Community Tools | 0 | 07-17-2025 22:10 |
| Deobfuscation Helper | Z-Rantom | Community Tools | 0 | 09-11-2015 21:03 |
Threaded Mode