Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   Jasi .NET Assembly Dumper v1.0 (https://forum.exetools.com/showthread.php?t=21631)

Jasi2169 05-28-2026 12:15
Jasi .NET Assembly Dumper v1.1
 
1 Attachment(s)
Jasi .NET Assembly Dumper v1.1
(Runtime Hook + Static Resource Scanner)

JasiAssemblyDumper is a command-line tool for capturing .NET assemblies as they
are loaded at runtime. It works by hooking the .NET runtime's assembly loader
so that every Assembly.Load() call - including ones made by packers, protectors,
or obfuscators - is intercepted and the raw PE bytes are written to disk.

It also includes a static scanner that inspects .NET executables for assemblies
embedded as resources, and an anti-debug module that patches common debugger
detection techniques before running the target.

Useful for reverse engineering packed or protected .NET applications where the
real assembly is only decrypted and loaded in memory at runtime.

Usage:
JasiAssemblyDumper --static <file> Static scan for embedded assemblies
JasiAssemblyDumper --target <file> Run target and dump all Assembly.Load calls
JasiAssemblyDumper --target-mixed <file> Spawn native EXE, dump any .NET modules it loads
JasiAssemblyDumper --dump-loaded Dump already-loaded assemblies
JasiAssemblyDumper --dontskipknown Also dump System.*, Microsoft.* etc.
JasiAssemblyDumper --out <dir> Output directory (default: ./dumped)

Examples:
JasiAssemblyDumper --target app.exe --out C:\dumps
JasiAssemblyDumper --static packed.dll --out C:\dumps
JasiAssemblyDumper --target-mixed game.exe --out C:\dumps
JasiAssemblyDumper --target app.exe --dump-loaded --dontskipknown --out C:\dumps

Note:
-> For targeting .NET Framework apps use the 'netFramework4.8' build (or use this as default if you don't know).
-> For targeting modern .NET apps use the 'netCore10.0' build.
-> Make sure you do have NetFramework4.8/NetCore10 installed to run particular builds!
-> After dumping assemblies, it tries to run the target.exe, it may not launch sometimes due to resolve issues and show warnings, main goal was to dump assemblies, you can ignore the warnings, dumps are still valid!
-> You can also run using RunCommand.bat directly!

Changelog:
v1.1 (28/May/2026)
- Added support for native.exe which loads .NET assemblies on runtime, use --target-mixed on native exes
- Added prefix number starting from 0_ to n number of dump files before dumping

v1.0 (27/May/2026)
- Initial Release

Download: (Pwd: Jasi2169)
Quote:
https://pixeldrain.com/u/SNZC6AHo
This was done when other means didnt work on tenorshare 4ddig file repair, 4ddig repair has encrypted assemblies, decrypted at runtime, use target.exe after dumping dll, the dll dumped also had other dll inside, you can use static for it to get final main registration logic dll which is registerandlog.dll

yoza 05-28-2026 14:34
Quote:
Originally Posted by Jasi2169 (Post 135352)
Jasi .NET Assembly Dumper v1.0
(Runtime Hook + Static Resource Scanner)

JasiAssemblyDumper is a command-line tool for capturing .NET assemblies as they
are loaded at runtime. It works by hooking the .NET runtime's assembly loader
so that every Assembly.Load() call - including ones made by packers, protectors,
or obfuscators - is intercepted and the raw PE bytes are written to disk.

It also includes a static scanner that inspects .NET executables for assemblies
embedded as resources, and an anti-debug module that patches common debugger
detection techniques before running the target.

Useful for reverse engineering packed or protected .NET applications where the
real assembly is only decrypted and loaded in memory at runtime.

Usage:
JasiAssemblyDumper --static <file> Static scan for embedded assemblies
JasiAssemblyDumper --target <file> Run target and dump all Assembly.Load calls
JasiAssemblyDumper --dump-loaded Dump already-loaded assemblies
JasiAssemblyDumper --dontskipknown Also dump System.*, Microsoft.* etc.
JasiAssemblyDumper --out <dir> Output directory (default: ./dumped)

Examples:
JasiAssemblyDumper --target app.exe --out C:\dumps
JasiAssemblyDumper --static packed.dll --out C:\dumps
JasiAssemblyDumper --target app.exe --dump-loaded --dontskipknown --out C:\dumps

Note:
-> For targeting .NET Framework apps use the 'net48' build.
-> For targeting modern .NET apps use the 'net10.0' build.
-> Make sure you do have NetFramework4.8/NetCore10 installed to run particular builds!
-> After dumping assemblies, it tries to run the target.exe, it may not launch sometimes due to resolve issues and show warnings, main goal was to dump assemblies, you can ignore the warnings, dumps are still valid!
-> You can also run using RunCommand.bat directly!

Changelog:
v1.0 (27/May/2026)
- Initial Release

Download: (Pwd: Jasi2169)


This was done when other means didnt work on tenorshare 4ddig file repair, 4ddig repair has encrypted assemblies, decrypted at runtime, use target.exe after dumping dll, the dll dumped also had other dll inside, you can use static for it to get final main registration logic dll which is registerandlog.dll
Tested.. So far is OK!
Keep your nice working @Jasi2169...
Best regards,
yoza

Jasi2169 05-28-2026 20:43
Only limitation at the moment is mixed mode, when target.exe is native loader to call .net dlls it wont work at runtime but static will work on .net dll

Jasi2169 05-28-2026 22:48
Changelog:
v1.1 (28/May/2026)
- Added support for native.exe which loads .NET assemblies on runtime, use --target-mixed on native exes
- Added prefix number starting from 0_ to n number of dump files before dumping

Added to OP

Jasi2169 05-30-2026 13:47
Attached to op


All times are GMT +8. The time now is 12:21.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX