I found a utility that is probably protected in Xenocode Postbuild 2009 (at least I think it is :D ). It's TS Packer Reader (http://www.bitstreamtools.com/download/index.php). I tried it with WinDbg, but I got strange readings without possibility to save the module, no command response, no save to disk.

...
0:008> !SaveModule 00b85e28 C:\dumpmod.exe
0:008> !SaveModule 03bd20f0 C:\dumpmod.exe
...

I think, it's this module, but I tried all non-GAC_MSIL modules with same effect.
Assembly: 001b6c40 [ŠŠ›–’™‹‰–›Šš†“›†, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null]
ClassLoader: 001b6cd8
SecurityDescriptor: 001b6af8
Module Name
00b85e28 ŠŠ›–’™‹‰–›Šš†“›†, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null

Is it something with Xenocode's native compilation?

http://rapidshare.com/files/272180075/TS_Packet_Editor_backup.rar.html

dumped file

Hey all, new here :). Can anyone discribe how to dump Postbuild 2009 protected apps with windbg or some other tool? It seems that the method that worked for 2008 no longer works (no .NET dll's are being loaded) :(.

Regards

Hey all, new here :). Can anyone discribe how to dump Postbuild 2009 protected apps with windbg or some other tool? It seems that the method that worked for 2008 no longer works (no .NET dll's are being loaded) :(.

Regards


http://reteam.org/board/showthread.php?t=1897

^^^ That's how I dump Xenocoded apps.

http://reteam.org/board/showthread.php?t=1897

^^^ That's how I dump Xenocoded apps.

Yup I came across your post in that thread and it worked fine. It's really hard to understand how someone would pay for Postbuild... :D

I used this method and the dumped and rassembled app works perfect in XP and in Win 7 32bit. However, the dumped app doesn't work in Win 7 64bit. The original unmodified app works fine in Win 7 64bit.

Anyone have any ideas on what might be going on here?