|
Is there a way to hook the decrypt call and do this at runtime if the control flow obfuscation can't be unraveled? I suppose when you say encrypted, you mean by something that .NET has code to decrypt. So theoretically a hook would say the original string address, the caller address, and after forwarding the payload would have the decypted info too, which could be interesting.
|