Patch in memory .net app
Hi, I have an obfuscated .net app. This app use WMI (Select * From Win32_processor) to get motherboard serial numer and CPUID. I don't want to patch directly EXE (it has several checks to avoid this) so I got 2 vectors of attack:
a) Patch WMI to return always the same values in different hardware
Anyone has info about this?
b) Patch in memory using a loader for .net
Anyone has info too?
(I have seen how to hook functions but it always make changes at EXE so is not valid for me)
Thanks
__________________
omnino lo qui quae que quod somos es pulvis en el ventus.
TAOS
-The opposite of courage in our society is not cowardice, but conformity-
|