JustasMasiulis
commented
3 years ago duplicate #29
simply adding more code that uses stack space would fix it. (or you could re-encrypt/clear it manually)
Closed JacksonDon closed 3 years ago
JustasMasiulis
commented
3 years ago duplicate #29
simply adding more code that uses stack space would fix it. (or you could re-encrypt/clear it manually)
JacksonDon
commented
3 years ago duplicate #29
simply adding more code that uses stack space would fix it. (or you could re-encrypt/clear it manually)
I tried to clear it and iam still able to see the strings in memory.
JustasMasiulis
commented
3 years ago Look... Here is the compiler output from clang, GCC, MSVC with both debug and release builds. https://godbolt.org/z/zqqf3e
The encrypted string parts and keys are loaded onto stack and decrypted there - there is nothing stored in .data, .rdata or any other section besides the code itself in .text.
What you are seeing could simply be std::puts copying the string over into another buffer.
As noted previously neither my library, nor other string encryption libraries are anything more than a static analysis deterrent. The second you attach a debugger and run into one of these you will figure out what the string is.
ill have little problem, im usin' the xor.
Example
std::puts(xorstr_("an extra long hello_world"));But when i do memory dump, im able to see these strings (unxored) Same if I use process hacker, I can see the strings in memory.
Some help?