Jump to content
Tuts 4 You

Atipls' Obfuscator

Go to solution Solved by #Sith,

Recommended Posts

Difficulty : Probably 7
Language : C# .NET
Platform : Windows (anyCPU)
OS Version : Windows 7 Above
Packer / Protector : Atipls' obfuscator

Description :

Upload the unpacked file and give me a detailed tutorial. Describe me the specific method or the specific tools in order used.

As I said in the previous unpack challenges XD.

Screenshot :



Link to comment
Share on other sites

3 hours ago, #Sith said:

Load file in dnSpy, bypass NtQueryInformationProcess, dump the module, then de4dot and SAE (string only).


@Sith  how to bypass NtQueryInformationProcess ? Can you a little more detail ?

Link to comment
Share on other sites

4 hours ago, Cursedzx said:

Sith, do you know what NtQueryInformationProcess was used for?

InheritedFromUniqueProcessId field in PROCESS_BASIC_INFORMATION structure get the ID of the parent process and programm compare it to the some names. I Just changed the InheritedFromUniqueProcessId value to the ID of explorer.exe

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...