| @dsfsdfsdfsd I leaned on some existing tooling for the part of the loader that encrypted/decrypted the actual payload, along with resolving the imports, before executing it in memory I modified it a bit to try to make it harder to dump from, and also the way it handled the RWX section it maps into. But its is all in C/C++ |
==> |
| @dsfsdfsdfsd, nice job man! The loader wasnt bad, but I have to ask if it did its job: were you able to dump the PE from memory, or did you have to dump PIC and reassemble it? Also, did the challenge succeed in making you debug/dynamically work with the file, or were you able to do it mostly statically? |
==> |
| @trendcrusher, yes indeed. Theres a reason it passed review though. It doesn't do anything harmful, if you just threw it into VT, check out the behavior: No network requests, no disk writes, nothing like that. Its just because of the way I packed it, and the runtime encryption. |
==> |