|
|
#9
02-11-2017, 19:53
|
|||
|
|||
|
Hi Tony !
Thanks for your help  very interesting... soVectir.core2.dll Vectir.core3.dll Vectir.core4.dll those are created during deobfuscation by de4dot. I would have to check if there were here originally (and overwritten), but i think there are purely created. The remaining exe is way smaller so I just thought de4dot did "extract" some classes to put them in those external files. Those files are located at least in 4 places : the one I gave in splash screen + 3 during those plugins initialization : - keyboard.dll / <Modules> / <empty_name> routine - btremote.dll / <Modules> / RegisterLogCallback - networklib / <Modules> / .ctor At least those are the calls I found so far. So if this is just a "check" if present, I can go ahead and null this routine right ??? no harm to the main code done. (the first will be rather simple to null, for the other 3 I'll have to see if i can find the correct place to skip it). What do you mean by .NET remoting ? If you're talking about the target yes it allows to control his PC from a smartphone  useful for kodi etc...Now, the AES integrity checking, this gets me nervous.. don't know how to handle it for the moment.  Nice day bro Last edited by tusk; 02-13-2017 at 02:17. Reason: typo 
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| dnSpyEx + LLM Plugin for Deobfuscation & Code Analysis | dotdll | Community Tools | 0 | 07-17-2025 22:10 |
| Deobfuscation Helper | Z-Rantom | Community Tools | 0 | 09-11-2015 21:03 |
Threaded Mode