SMD_FOR_AGILE_Fix5
 

SMD_FOR_AGILE_Fix5:
What's new:
- Fixed Framework 4.0 for x64 compatibility;
- added "Patch DivideByZero" - this was actually used before; just added checkbox so it could be unchecked;
- "LoadLibraryA hook" checkbox become LoadLibraryExA and was fixed; now will change the name of Agile dll to point to current directory - when you use this option Agile dll has to be in the current directory
- "No SetAllowAutoRedirect" fixed now so program will not crash on Framework 4.0

For Clisecure AgileNET Obfuscator v6.6.0.4.2 the crash on both 32 bits/64 bits was generated exception was a divide be zero exception

So for Clisecure AgileNET Obfuscator v6.6.0.4.2 and Agile.NET 6.6.0.34 now works directly. For Agile 6.9.12 I had to change Agile dll files with the ones from Clisecure AgileNET Obfuscator v6.6.0.4.2 and it works like a charm after that.

I've noticed something: when I use "Debug" builds no error is thrown but No methods is decrypted; on "Release" builds all worked fine.
This seems to be exactly the error reported by user czsayo.
In SMD_FOR_AGILE_Fix5 was "Release" build exe.
I will release a fix for Windows 10 - LoadLibraryExA checkbox soon.

SMD_FOR_AGILE_Fix6
 

SMD_FOR_AGILE_Fix6:
What's new:
- Fixed LoadLibraryExA hooking for Windows 10

SMD_FOR_AGILE_Fix7
 

SMD_FOR_AGILE_Fix7:
What's new:
- GAC installation removed since even if say it fails will occasionally install craps;
- You should place unpacker and config next to file to be unpacked
- Fixed a bug for x64
- One more jump changed before divide by zero patch so it will unpack more x64 assemblies
You would still need to replace runtime with the one attached or older.

SMD_FOR_AGILE_Fix8_virbox
 

SMD_FOR_AGILE_Fix8_virbox:
What's new:
- Fixed local signature for virbox protector

SMD_FOR_AGILE_Fix9_GetEHInfo
 

SMD_FOR_AGILE_Fix9_GetEHInfo:
- Fixed some problems on not sending some methods to jit; also fixed get GenericParameters for constructors.
- This release is once again for virbox protector - with this release will solve Exception Handlers for virbox protector the following x86 (32 bits) are supported for GetEHInfo: 4.0 (although Local Variables are not resolved), Framework 4.5, Framework 4.7, Framework 4.8; 64 bits framework are not supported yet for GetEHInfo.

Missing dlls
 

Fix9 does not work properly when using the loadFromRemoteSources enabled="true" mode.
It reports missing DLLs, although they are definitely present in the same folder.
For some reason, it cannot detect them. Previous versions can see the same additional DLLs but have other issues: they crash and disappear from the screen.

Fix9 is for 32 bits only, you could uncheck "32bit required" from .NET Directory -> Flags
so it will be as AnyCpu. You should also uncheck GetEHInfo checkbox.

Please post targets dlls & exes so I could check them.

Thank you very much for the offered help.

Unfortunately, I couldn't manage with fix9 because I couldn't find where to change the flag you suggested.
fix7 works without errors for BOF_FP.dll, BOF_L2.dll, and BookMapNT.dll.

Unfortunately SMD fix7 fails for NinjaTrader.Core.dll and NinjaTrader.Gui.dll, which are also extremely important to me.

Could you also give me an idea on how to handle the secondary obfuscation in these three msil files, which are protected with Eazfuscator string obfuscation?

@cvetkisa: Do you have the NinjaTrader 8.1.1.7 setup? Can you share it?

here is 8117 installe
https://www.sendspace.com/file/uoy2jd

The unpacker randomly crushes
 

After copying SMD_FOR_AGILE.exe and SMD_FOR_AGILE.exe.config to C:\Program Files\NinjaTrader 8\bin
The unpacker randomly crushes - I don't know the reason.
I don't know what to do except trying multiple times.
Here is unpacked dlls:
https://workupload.com/file/Hva2mGXQ34h

Eazfuscator string obfuscation
 

Eazfuscator string obfuscation:

First time de4dot with packer unknown:
de4dot --dont-rename "C:\test1\BOF_FP_msil.dll" -p un
Second time de4dot
de4dot --dont-rename "C:\test1\BOF_FP_msil-cleaned.dll"

// Token: 0x02000001 RID: 1
internal class <Module>
{
// Token: 0x06000001 RID: 1 RVA: 0x00002568 File Offset: 0x00000768
static <Module>()
{
<Module>.f0659e5905454a5e99b9752afc78b700();
\u000E\u2005\u2006.\u0003(false);
}
The bold method will exist the program so we got to change that to nop;
// Methods
// Token: 0x06000001 RID: 1 RVA: 0x00002568 File Offset: 0x00000768
.method private hidebysig specialname rtspecialname static
void .cctor () cil managed
{
// Header Size: 1 byte
// Code Size: 12 (0xC) bytes
.maxstack 8

/* 0x00000769 2802000006 */ IL_0000: call void '<Module>'::f0659e5905454a5e99b9752afc78b700()
/* 0x0000076E 16 */ IL_0005: ldc.i4.0
/* 0x0000076F 28A5040006 */ IL_0006: call void '\u000e\u2005\u2006'::'\u0003'(bool)
/* 0x00000774 2A */ IL_000B: ret
} // end of method '<Module>'::.cctor
So we search for 1628A50400062A and we fill that hex string with 00 (nop) until at last 2A (last ret instruction)
Now finally we can use :
EazFixer.exe --file "C:\test1\BOF_FP_msil-cleaned-cleaned.dll" --virt-fix
https://workupload.com/file/BhpZHuf7KUJ

Restore back code:
We restore Module..cctor of the file BOF_FP_msil-cleaned-cleaned-eazfix.dll
by searching for 2802000006
and paste 1628A50400062A after that - where we changed with 00 (nop)
Here is resulted file:
https://workupload.com/file/PqFvDwm5PdY

the are still lots of methods with pattern like

protected override void OnStateChange()
{
object[] array = new object[] { this };
\u0006\u2005\u2007.\u000F\u2005\u2007().\u0006(\u0006\u2005\u2007.\u000E\u2005\u2007(), "\"%u3V:JOW*", array);
}

is it part of agile/eazfuscator protector?

This is eazfuscator virtual machine.