Thread: Patch in memory .net app
View Single Post
  #1  
Old 07-03-2018, 19:00
taos's Avatar
taos taos is offline
The Art Of Silence
  
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 134 Times in 36 Posts
taos Reputation: 54
Patch in memory .net app
Hi, I have an obfuscated .net app. This app use WMI (Select * From Win32_processor) to get motherboard serial numer and CPUID. I don't want to patch directly EXE (it has several checks to avoid this) so I got 2 vectors of attack:

a) Patch WMI to return always the same values in different hardware

Anyone has info about this?

b) Patch in memory using a loader for .net

Anyone has info too?
(I have seen how to hook functions but it always make changes at EXE so is not valid for me)

Thanks
__________________
omnino lo qui quae que quod somos es pulvis en el ventus.
TAOS

-The opposite of courage in our society is not cowardice, but conformity-
Reply With Quote