Updated on Feb-10-06
To run the deprotector, .NET Framework 2.0 or 1.1 is required. To compile the source code, .NET Framework 2.0 is required with Visual Studio .NET 2005, or Visual C++ Express 2005 and Visual C# Express 2005. Let us know if you want the source code to compile under Visual Studio .NET 2003.
First you need to download the deprotector zip file and Remotesoft .NET Explorer. Unzip the deprotect.zip file to any directory, e.g., c:\deprotector. Click the .NET Explorer .msi file to install Remotesoft .NET Explorer, which is used to browse the dumped assemblies. The bin directory inside the unzipped directory contains all binaries, an exe and a few dlls. Double click the deprotect.exe will launch the deprotector, as shown below in the screen shot.
If you only have .NET Framework 1.1 installed on your machine, you can download the 1.1 binaries.
The deprotector is very easy to use. You simply follow the steps after the UI is launched. The links can be clicked to bring up other windows.
First, you need to specify an executable to launch. The executable might be an unprotected .NET exe, or protected native EXE. You can enter the file name directly into the text box, or click the "Open an executable file" link to launch a file chooser dialog box, where you can choose an exe file.
Second, you can optionally specify command line arguments and a working directory. Leave blank if you don't have anything special to set here.
This is a critical step, where the executable you specified in the first step will be launched and executed. The deprotector dumps out assemblies during this step. Message boxes that display dump information will appear during the course of execution. Simply click OK whenever you see such a message box.
Try run the exe as much as possible to cover all possible scenarios. The deprotector hooks the CLR runtime engine, as you executes the exe, assemblies will be loaded and deproteced. When you follow more execution paths, more assemblies might get discovered. All assemblies are dumped, whether they are protected or not, whether they are system assemblies or not.
When finished execution, you must exit the loaded application before you can click the "View results" link to examine the assemblies.
The View results link will be enabled after the specified exe is launched and exited, then you can click the link. The directory that contains all dumped assemblies will be displayed. If you have installed Remotesoft .NET Explorer, .NET Explorer will be launched loading all dumped assemblies, and you can examine the assemblies.
