Hi guys,

Sorry for the english but my spanish is very bad.  

I am trying to deobfuscate (unpack) the following app:

http://www.chevolume.com/Download.aspx

It is a .Net app and I've tried many things but no success. I can successfuly use de4dot to rename the methods, fields and remove the delegates but if I try to run the executable it shows the splash screen and crashes. I am not sure if I am using the d34dot with the correct attributes.

The dlls are signed but at the moment I am not trying to change them.

steps I followed:

1)run de4dot to rename the methods: de4dot.exe  --keep-names d CheVolume.exe (names are used by the delegates). Generated exe already crashes.

2)Remove delegates using DelegateKiller.

3)Try to run the resulting executable. It shows the splash screen and crashes.

I noticed that if I just open the original executable in Reflector and "save as" using Reflexil 2.0 the generated executable crashes, even if I don't change any IL instruction. I compared both EXE(s) and for some reason reflexil makes changes to the binary.

RDG Detector says that it is obfuscated but not crypted. I appreciate any help to "unpack" or at least solve the problem with Reflexil 2.0. If I can make the saved executable, generated by Reflexil, may be sufficient to progress with my analysis.

Thank you in advance.

Hola a todos,

Necesito de ayuda para desempacar un programa. Utilice el RDG y el Exeinfo y uno de ellos dice que el exe esta empacado con PC Guard 5.0d y el otro dice 5.01.

Ya intente encontrar el OEP usando OllyDBG y contando el numero de exceptions antes del programa  cargar.

Tambien intente varios tutoriales y no encontre la solucion con ninguno de esos tutoriales.

Me gustaria pedir ayuda para desempacar el siguiente programa:

http://www.sim-garage.co.uk/files/3DSimED30t.zip

agradezco de antemano su ayuda.