Closed beranos closed 4 years ago
JustasMasiulis
commented
4 years ago This library isn't really a solution for dynamic analysis.
Add some more code that would overwrite the stack where strings were and your problem would most likely be solved, however you shouldn't really rely on this defeating anything more than basic static analysis
beranos
commented
4 years ago what should i use for what i'm looking for? sorry for bothering
JustasMasiulis
commented
4 years ago As I said in your example (using process hacker) simply adding more code that uses stack space would fix it. (or you could re-encrypt/clear it manually)
However in the general case if a person can attach a debugger the strings will need to become de-obfuscated at some point so it is more or less a futile effort.
JacksonDon
commented
3 years ago i have same problem.
hi i'm trying this lib, when checking for strings in ida decompiler it doesn't show up but for example when trying to find them in runtime i can see them, i'm doing something wrong? here's a screenshot:
https://i.imgur.com/3bUYhmR.png compilter settings (default ones): https://i.imgur.com/xayt1Jb.png