|
|
#1
02-16-2022, 17:54
|
|||
|
|||
|
Dump .net Assembly from c++ Loaders
Simple program to dump .net assembly,
uses hooking instead of a debugger https://github.com/0x410c/ClrDumper 
|
| The Following 2 Users Gave Reputation+1 to 0xall0c For This Useful Post: | ||
Shub-Nigurrath (02-16-2022), user1 (04-06-2022) | ||
| The Following 8 Users Say Thank You to 0xall0c For This Useful Post: | ||
ahmadmansoor (03-01-2022), besoeso (04-06-2022), Dr.FarFar (02-20-2022), Fyyre (02-23-2022), kurt28 (04-11-2022), Mahmoudnia (04-06-2022), tonyweb (02-18-2022), user1 (04-06-2022) | ||
|
#3
04-14-2022, 16:54
|
|||
|
|||
|
i dont know about x22 loader, but to just give it clarity, the tool hooks a function SafeArrayUnaccessData which is called after the assembly bytes are placed in the buffer to load, with this function hooked the paramater to this function points to an array of byes of assembly, which then are written to disk by the tool.
Can be used to dump assemblies from a native loader, or in case from .net crypters, obfuscators etc. because there is no debugger or anything else, it basically just works with complex samples too. Last edited by 0xall0c; 04-14-2022 at 17:00.
|
|
#4
05-24-2022, 19:07
|
|||
|
|||
|
new release, now u can dump assemblies loaded from Assembly.Load(byte[]), from managed assemblies!
|
| The Following User Says Thank You to 0xall0c For This Useful Post: | ||
user_hidden (05-24-2022) | ||
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
