Quote:
Originally Posted by chants
Is there a way to hook the decrypt call and do this at runtime if the control flow obfuscation can't be unraveled? I suppose when you say encrypted, you mean by something that .NET has code to decrypt. So theoretically a hook would say the original string address, the caller address, and after forwarding the payload would have the decypted info too, which could be interesting.
|
It is already loaded and run in memory. See the description.
But on the fly should be possible through dll injection.