Thread: Jasi .NET Assembly Dumper v1.0
View Single Post
  #2  
Old 05-28-2026, 14:34
yoza's Avatar
yoza yoza is offline
Moderator
  
Join Date: Aug 2015
Location: Himalaya
Posts: 264
Rept. Given: 149
Rept. Rcvd 270 Times in 94 Posts
Thanks Given: 460
Thanks Rcvd at 1,714 Times in 225 Posts
yoza Reputation: 200-299 yoza Reputation: 200-299 yoza Reputation: 200-299
Quote:
Originally Posted by Jasi2169 View Post
Jasi .NET Assembly Dumper v1.0
(Runtime Hook + Static Resource Scanner)

JasiAssemblyDumper is a command-line tool for capturing .NET assemblies as they
are loaded at runtime. It works by hooking the .NET runtime's assembly loader
so that every Assembly.Load() call - including ones made by packers, protectors,
or obfuscators - is intercepted and the raw PE bytes are written to disk.

It also includes a static scanner that inspects .NET executables for assemblies
embedded as resources, and an anti-debug module that patches common debugger
detection techniques before running the target.

Useful for reverse engineering packed or protected .NET applications where the
real assembly is only decrypted and loaded in memory at runtime.

Usage:
JasiAssemblyDumper --static <file> Static scan for embedded assemblies
JasiAssemblyDumper --target <file> Run target and dump all Assembly.Load calls
JasiAssemblyDumper --dump-loaded Dump already-loaded assemblies
JasiAssemblyDumper --dontskipknown Also dump System.*, Microsoft.* etc.
JasiAssemblyDumper --out <dir> Output directory (default: ./dumped)

Examples:
JasiAssemblyDumper --target app.exe --out C:\dumps
JasiAssemblyDumper --static packed.dll --out C:\dumps
JasiAssemblyDumper --target app.exe --dump-loaded --dontskipknown --out C:\dumps

Note:
-> For targeting .NET Framework apps use the 'net48' build.
-> For targeting modern .NET apps use the 'net10.0' build.
-> Make sure you do have NetFramework4.8/NetCore10 installed to run particular builds!
-> After dumping assemblies, it tries to run the target.exe, it may not launch sometimes due to resolve issues and show warnings, main goal was to dump assemblies, you can ignore the warnings, dumps are still valid!
-> You can also run using RunCommand.bat directly!

Changelog:
v1.0 (27/May/2026)
- Initial Release

Download: (Pwd: Jasi2169)


This was done when other means didnt work on tenorshare 4ddig file repair, 4ddig repair has encrypted assemblies, decrypted at runtime, use target.exe after dumping dll, the dll dumped also had other dll inside, you can use static for it to get final main registration logic dll which is registerandlog.dll
Tested.. So far is OK!
Keep your nice working @Jasi2169...
Best regards,
yoza
Reply With Quote
The Following 3 Users Say Thank You to yoza For This Useful Post:
Jasi2169 (05-28-2026), niculaita (05-28-2026), tonyweb (05-31-2026)