Exetools  

Go Back   Exetools > General > Source Code
Reload this Page Dump .net Assembly from c++ Loaders
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #4  
Old 06-09-2022, 19:05
Ethereal Ethereal is offline
Friend
  
Join Date: Jun 2014
Location: Out Sweden
Posts: 66
Rept. Given: 2
Rept. Rcvd 28 Times in 10 Posts
Thanks Given: 19
Thanks Rcvd at 150 Times in 40 Posts
Ethereal Reputation: 28
Quote:
Originally Posted by 0xall0c View Post
i dont know about x22 loader, but to just give it clarity, the tool hooks a function SafeArrayUnaccessData which is called after the assembly bytes are placed in the buffer to load, with this function hooked the paramater to this function points to an array of byes of assembly, which then are written to disk by the tool.

Can be used to dump assemblies from a native loader, or in case from .net crypters, obfuscators etc. because there is no debugger or anything else, it basically just works with complex samples too.
Doing that way should be really effective against obfuscators and packers. Have you had any chance to try it against VM obfuscators like Agile.NET or EAZfuscator?

Excellent work btw. Thank you.
Reply With Quote
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Similar Threads
Thread Thread Starter Forum Replies Last Post
loaders in android Molasar General Discussion 4 04-01-2016 17:22
RE:loaders hobgoblin General Discussion 10 04-29-2004 00:57


All times are GMT +8. The time now is 18:21.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )