Thread: Patch in memory .net app
View Single Post
  #7  
Old 07-04-2018, 08:49
TechLord TechLord is offline
Banned User
  
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by taos View Post
Hi, I have an obfuscated .net app. This app use WMI (Select * From Win32_processor) to get motherboard serial numer and CPUID. I don't want to patch directly EXE (it has several checks to avoid this) so I got 2 vectors of attack:

a) Patch WMI to return always the same values in different hardware

Anyone has info about this?

b) Patch in memory using a loader for .net

Anyone has info too?
(I have seen how to hook functions but it always make changes at EXE so is not valid for me)

Thanks
Sounds interesting
Please share the target with me (PM is fine if its a private one).

You can join the SLACK channel while you are at it (invite attached there), as this could be done much faster by CHAT than by sending out a PM, waiting for a day and then replying etc.

Anyways, just share the target first

Cheers
Reply With Quote