Hero
March 8th, 2009, 23:48
Hi all
I found an interesting application to check. It is called CryptLoad and is used for protecting downlaod links.
Because this application is not commerical and you get it free from its own site(and it is small),I post its site here:
http://www.cryptload.info/download/?lang=en
When I was checking this application(CryptLoad.exe itself), I noticed an strange protection.
CryptLoad.exe is a mixture of Delphi 7 and .NET application. If you load it in IDA,you can identify around 750 Delphi 7 signature. But it is strange,because it seems this Delphi 7 is ony a packer layer for .NET codes because application's main body is .NET codes.
Any idea how we can seprate .NET section of application from its Delphi 7 layer?And how it can run that .NET codes(I think there I found a temporary file from this application on PC,but it was not a valid .NET file).
Oh,The last thing.When Application was running,I tried to dump its code,but I was only able to dump around 350k of file,when file is around 7m itself.
Regards
I found an interesting application to check. It is called CryptLoad and is used for protecting downlaod links.
Because this application is not commerical and you get it free from its own site(and it is small),I post its site here:
http://www.cryptload.info/download/?lang=en
When I was checking this application(CryptLoad.exe itself), I noticed an strange protection.
CryptLoad.exe is a mixture of Delphi 7 and .NET application. If you load it in IDA,you can identify around 750 Delphi 7 signature. But it is strange,because it seems this Delphi 7 is ony a packer layer for .NET codes because application's main body is .NET codes.
Any idea how we can seprate .NET section of application from its Delphi 7 layer?And how it can run that .NET codes(I think there I found a temporary file from this application on PC,but it was not a valid .NET file).
Oh,The last thing.When Application was running,I tried to dump its code,but I was only able to dump around 350k of file,when file is around 7m itself.
Regards