Ayoub Faouzi
Ayoub Faouzi
Hello, This trick is already implemented here: https://github.com/LordNoteworthy/al-khaser/blob/master/al-khaser/AntiDebug/SharedUserData_KernelDebugger.cpp If you mean something else, feel free to open the issue again.
ah seems the time checks, I taught the debugger check, sorry.
Hey @chigosec , Indeed, this is a good feature to add, I had it on my to-do list. I will try to detect inline hooks in a global manner.
@gsuberland what do you think of: 1. reading the DLL (like kernel32.dll) from disk. 2. check if signed and verified (in case, the sandbox provide a tampered dll). 3. parse...
Hey @gsuberland I totally agree about the two points you made, let's go with your approach then.
Hello @rxi WIll you be accepting PRs to this project ? Cheers.
would be nice to get this one merged, though I would like to have a unified type called `PE`, and then additional input like dll, exe or driver would be...
There is no big valid reason it should be, I agree. It it just because, in general, text files should end with a new line, here is why: https://stackoverflow.com/questions/729692/why-should-text-files-end-with-a-newline Many...
Thanks @ubogdan When I said text file, I meant any non binary file, not necessarily a file terminating with the `.txt` extension. The `swagger.yaml` file that get generated ends with...
I have the last version and still getting this Bad Frame Read issue, anyone fixed it ?