Hello ^^
I've got a .net software, protected by Xenocode, which create an emulate env in memory after the main exe was launched (sorry 'bout my engl. and if it seems a strange way to resume the thing)
This software is Timelimited, 15days using. At the startup of the main exe a window appear, where you need to click on Register or any other buttons, in our case <Try>.
After that we reach in the app', where we launch an auto import of data (in some specific directory on the system).

Well, to trick Xenocode 2008 Postbuild, i'd not reach result with WinDbg and Ollu, (humm yes we're talkin about .net no C, but i ve catch it after a brief approach :P), i'd try a method that seem to me more simple : LordPE

HowTo(i did :) ): in a VM VirtualBox type, XP 32Bits, no specific softwares loaded in memory (antivirus/spywares/etc...)
-Installing application
-Launching application
- Click on TRY to reach the main app
- Launching LordPE and Using Active Dump Engine >InteliDump
- Seekin for Dll's and the main exe of the app which are there grouped to be in the emulated environment by Xenocode (if i'm not on the wrong way)
- Finding the usefull Dll's needed for the execution of .exe and dump them Right click > Dump Full

Afterwhat i've :
Application's executable
Secondary executable (the one i launch when launching "import" fonction of the main app) and which is not present as file in application directory
Usefull Dll's for executing exe's

Everything seems to be right, cause after i can use Reflector to observe sourcecode

BUT the problem : the exe's and Dll's seems to be corrupted, cause i can't launch them or use them (Application can't successfully initialised (?! +-) (0x00007b) etc etc..)
So i let's try to rebuild with LordPE : it tried to manipulate headers or things, but nothing change.

Things: i don't use BR when i do Full dump with LordPE, maybe it's necessary ?
While dumping, the Dll's and Exe which are in the emulated env., i may apply some correction to get them workin in an "out of Xenocode" env.


In case, i can put dumped dll's and exe's if you want,
thank you for your point of view or any ideas or solutions, even if you may burn me inplace cause i said too many crap stuff in this thread ! ;):rolleyes:

anyones ? :(

What is the problem ?
I can't understand !

I can't understand !I think he wants to extract files from Xenocode Postbuild 2008's emulated environment.

rongchaua has a tutorial on manual extraction of files from Xenocode Postbuild. That should help you.

Still got a problem to dump correct .exe
Seems there are many versions of exe running in memory, but only one is the right...
i d only see one .exe running, but i really beleive thoses guys who told me about this protection used before in previous version :(

Any ideas ?
Regards

I have the same problems as OP. I read somewhere I had to rebuild the PE header with ildasm, but ildasm crashes upon opening. I was ablt to get the .net components using NetUnpack but then i got a bad image format exception on the native dll that is interooped, so i think all them are wacked.

there are many .exe image, but only one is correct.
Nice try with ildasm...
Try OllyDRX with Phantom plugins, or maybe IDA ?

up
can't get the correct exe :(

can u send link plz ?

can u send link plz ?

thank you for your attention :)
So here is the stuff:
Original program (http://rvgsoftware.fileburst.com/holdemmanager.zip) + patch needed (http://rvgsoftware.fileburst.com/HmUpdate.exe)

the way i do stuff:
In a VM like Virtual Box, XP 32Bits, no specific soft loaded in memory
- install application
- launch application
- Click on TRY to reach the app itself
- Using LordPE and Active Dump Engine >InteliDump
- Get the Dll et executable of the application which are regrouped to be in emulated env. by Xenocode
- Finding usefull Dll to lauch .exe and dumping them by right click > Dump Full


So there is for sure an anti-dump thing that make a messedup .exe loaded in memory. Some other guys with i'm workin on told me that in previous version there were such problems :(

there are some dumped files for exemple... (http://www.megaupload.com/?d=Z17VI3UD)

Thank you :)

lol again that app ,) seen threads bout it here and on few other forums hehe
it uses the ugly deploylx licensing
u have to patch all references to it and patch app to return the proper values

ok thank you,
but how do you dump the correct .exe file ?
is their a way to make a patch(maybe lic server) to avoid crack it at all new release ?
thank you for your patience :)

ok thank you,
but how do you dump the correct .exe file ?
is their a way to make a patch(maybe lic server) to avoid crack it at all new release ?
thank you for your patience :)

in this case ... no need to dump .exe ,) ... sure u could study the DeployLX algo and make a keygen heheh ;)

Anyone have to break xheo licensing protection v3.xx???

Just attack the exe. Patching the calls to the dll is easier than modifying the dll itself.

@bball0002

Thank you for your response.

i am doing it but bad lock for now.

Any suggestion more?