View Single Post
  #5  
Old 06-09-2022, 19:05
Ethereal Ethereal is offline
Friend
 
Join Date: Jun 2014
Location: Out Sweden
Posts: 64
Rept. Given: 2
Rept. Rcvd 25 Times in 7 Posts
Thanks Given: 18
Thanks Rcvd at 144 Times in 35 Posts
Ethereal Reputation: 26
Quote:
Originally Posted by 0xall0c View Post
i dont know about x22 loader, but to just give it clarity, the tool hooks a function SafeArrayUnaccessData which is called after the assembly bytes are placed in the buffer to load, with this function hooked the paramater to this function points to an array of byes of assembly, which then are written to disk by the tool.

Can be used to dump assemblies from a native loader, or in case from .net crypters, obfuscators etc. because there is no debugger or anything else, it basically just works with complex samples too.
Doing that way should be really effective against obfuscators and packers. Have you had any chance to try it against VM obfuscators like Agile.NET or EAZfuscator?

Excellent work btw. Thank you.
Reply With Quote