Mario Vilas
Mario Vilas
Perhaps that's an anti-debugging trick I don't know, it would make sense then since kernel32 should never be unloaded. I'm guessing the malware is trying to unload kernel32 but the...
The sample seems to have other anti-debug tricks in it so I'm pretty sure that must be what's going on here. https://infosec.cert-pa.it/analyze/search/0/0/0/0/0/0/tag:Vimditator.html
Yes please, send me the sample. I only found a reference to it online, not the actual file. EDIT: must have landed in spam or got blocked by gmail, try...
Sounds like a bug indeed. 0x80000003 is EXCEPTION_BREAKPOINT, the exception raised when a breakpoint instruction is executed. This would mean WinAppDbg is not correctly removing all breakpoints before detaching. Question,...
Hi! Thanks for your kind words! :) As for your questions: I've only implemented the raw Win32 part of it all, so there's currently no support for digging into .NET...
Looks like SQLAlchemy has changed their interface a bit: https://docs.sqlalchemy.org/en/13/core/interfaces.html#sqlalchemy.interfaces.PoolListener For the time being I recommend installing an older version of SQLAlchemy until I port the code to the latest...
Alright, a quick look at the code shows that PoolListener was used as a hack for detecting certain features of sqlite. So another option is to just remove the offending...
Hi! Thanks for your kind words :) This looks strange indeed, especially since at the point the exception is thrown the debugger is already attached to the process. What seems...
Why just Py3? The urllib module in Py2 also supports proxies, and it already does by setting the corresponding environment variable. I'd rather not clutter the API with even more...
Mhm, that's an interesting use case. May I ask a bit more? :)