|
i dont know about x22 loader, but to just give it clarity, the tool hooks a function SafeArrayUnaccessData which is called after the assembly bytes are placed in the buffer to load, with this function hooked the paramater to this function points to an array of byes of assembly, which then are written to disk by the tool.
Can be used to dump assemblies from a native loader, or in case from .net crypters, obfuscators etc. because there is no debugger or anything else, it basically just works with complex samples too.
Last edited by 0xall0c; 04-14-2022 at 17:00.
|