Closed beranos closed 4 years ago
This library isn't really a solution for dynamic analysis.
Add some more code that would overwrite the stack where strings were and your problem would most likely be solved, however you shouldn't really rely on this defeating anything more than basic static analysis
what should i use for what i'm looking for? sorry for bothering
As I said in your example (using process hacker) simply adding more code that uses stack space would fix it. (or you could re-encrypt/clear it manually)
However in the general case if a person can attach a debugger the strings will need to become de-obfuscated at some point so it is more or less a futile effort.
i have same problem.
hi i'm trying this lib, when checking for strings in ida decompiler it doesn't show up but for example when trying to find them in runtime i can see them, i'm doing something wrong? here's a screenshot:
https://i.imgur.com/3bUYhmR.png compilter settings (default ones): https://i.imgur.com/xayt1Jb.png