C# Reversing - Unpacking A Packer ~ MegaDumper [Part 3]

dump
tool
packer

(The C# Dude) #1

Hey mates,

in the last part I used MSIL to add a File.WriteAllBytes() call, for dumping the packed executable. This time I show you a much easier way for dumping .NET-applications called MegaDumper.


MegaDumper

MegaDumper is a tool which can easily dump .NET-executables directly from memory without the need of a skilled reverser :wink:. When the application is better protected than our example last time, it could be useful to have a one-click dumper. If you’re interested in how MegaDumper does the job, just decompile the application and have a look at it. You’re a reverser :grin:!


Usage

Download the tool here; it doesn’t have to get installed. Now just run the loader from last time and open MegaDumper:

Just select the application you want to dump, open the context menu and click on .Net dump. Yes, it’s that low… Finally open the newly created folder “Dumps” and search for the dumped executable. You’ll find more than one but I’m sure you’re clever enough to figure out which one’s the right :wink:.


Conclusion

This time a very small introduction about .Net dumping for losers. But anybody appreciates some help when he’s working on a heavy case, so I think this tool perfectly suits into our arsenal :smile:. Again I recommend you to try breaking the remaining defenses of the CrackMe on your own for learning by doing. Nothing helps better with understanding something :slight_smile:.

|-TheDoctor-|


An Introductory Guide Into Malware Analysis