noob.exe Posted June 13, 2015 Posted June 13, 2015 Yo,I am planning to code some method encryption, and I wanted to ask if there are alternatives to JitHooking.The problem is not hoe to encrypt/decrypt the methodbodys, - that's simple, the question is how I can detect the calls so I know when to decrypt.JitHooking is pretty unstable and might not work properly in future versions of the .Net FW.I am open for ideas and suggestions.
XenocodeRCE Posted June 13, 2015 Posted June 13, 2015 You can use Invoke and Pointer, if, for instance, you store your encrypted method in a specific Header 1
0xd4d Posted June 13, 2015 Posted June 13, 2015 You can create a DynamicMethod. It has its limitations but should work with most methods. Used by some obfuscators. 2
noob.exe Posted June 14, 2015 Author Posted June 14, 2015 You can create a DynamicMethod. It has its limitations but should work with most methods. Used by some obfuscators. Yo, I've heared of dynamic methods before but I don't entirely get the concept behind. For example, I encrypt the methodbody of some testmethod. Alright. I can also insert some decryption method somewhere, also not a problem. But how would you detect the calls to the original method so the decryption will be triggered? Could you give me some more detailed explanation please, that would be nice (Yes I know the msdn articles about dynamic methods)
li0nsar3c00l Posted June 14, 2015 Posted June 14, 2015 just replace every methodbody with the call to a dynamic method which uses the original method body.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now