So here is yet another app that I am attempting to dump. I do not know what protection it has, but it defiantly does not just load into memory like codeveil or aspack. I have though, been able to dump the methods perfectly with the use of Kurapica's DotNET Dumper tool. However this still poses 2 issues:

1. If possible I would like to have the entire dump as a single assembly so that I can trace around the methods to find which lead around which.

2. I cannot view the disassembled files except for the use of CFF Explorer's RAW MSIL disassembler, provides too much of a hassle to look up just the raw IL language.


Is there any way I can dump this? Such as any tool that I haven't come across yet that will easily dump the methods from memory, or at least some method of doing it with olly or some other program? I can provide the program I want to disassemble if needed, thanks.

EDIT: There does show an OEP when I analyze with PEiD. Whenever I try to use olly however, it get a Memory Access Violation (as expected, I am trying the way that I used with Aspacked files), however when I pass the exceptions to the program, the program ends up crashing on it's own making it impossible to proceed that way.

If possible I would like to have the entire dump as a single assembly so that I can trace around the methods to find which lead around which.

Use .NET generic unpacker by Ntoskrnl

http://portal.b-at-s.info/download.php?view.141

or Deprotect

http://www.remotesoft.com/deprotector/intro.html

Use .NET generic unpacker by Ntoskrnl

http://portal.b-at-s.info/download.php?view.141

or Deprotect

http://www.remotesoft.com/deprotector/intro.html

I already tried both of these.

.NET Generic Unpacker pulls 5 files, 3 of which are libraries that have "License" as the name, one file with "MC" as the name, and then one file that when reflected, pulls up a bunch of blanks. The namespaces, methods, etc... all have blank names and it appears that it is the right file (as shown that it contains all the methods and things that would be normally included), but it crashes reflector, as strings seem to be missing completely.

Deprotect keeps crashing with the following error:

An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B).

What I decided to do after was load the source for Deprotect, it apparently crashes on the following line:

if (DllRegisterServer() == 0)

EDIT: I was able to get it working by forcing the build to be 32bit only. Now I just have to solve a few other errors... There does seem to be an issue regarding the installation of dotnet explorer. Windows 7 does not allow the .net framework 1.1 to be installed, of which dotnet explorer requires.

Anything else I might be able to try?